Let’s face it, OS X makes a great stable client platform but the server components do not scale well. That is probably why most big companies rely on some other component to have the infrastructure and then us, the Mac admins, spend a lot of time on the integration. For those with Linux servers here is a quick guide on how to serve files using the afp protocol from a Linux box. For this guide I’ll be using the Red Hat Enterprise Linux (RHEL) rebuild CentOS.
Last year the guys from the netatalk project released the 3.0 version of their AFP server. This third version came out with support for AppleDouble metadata, removed support for AppleTalk and made the configuration process much easier. Needless to say that this version is still AFP 3.3 compliant, so your OS X clients won’t feel the difference.
Usually you would need to download the source and compile it, but for RHEL-based distros you can use the rpm I created. You can download it here.
The package has two dependencies that we need to clear before installing.
su -c 'yum install -y perl avahi'
The avahi component will be the one offering bonjour services so that OS X clients on the network identify the Linux server. Once that is done we can go ahead and install the rpm with
su -c 'rpm -ivh netatalk-devel-3.0.3-0.0.7.el6.x86_64.rpm'
We need to create a file that the installer does not create for us, but is necessary. To fix this, run:
touch /etc/afppasswd
Now let’s create a local user that the clients will connect as (ldap based authentication is also an option) and set a password. In this example I will be sharing the home folder of the newly created account.
useradd afpuser ; passwd afpuser
Add the new local user to the afppasswd database with
afppasswd -a afpuser
Now edit the main configuration file /etc/afp.conf with your favorite editor. A very minimal configuration to get the service running would look like this:
; ; Netatalk 3.x configuration file ; ; [Global] ; Global server settings ; ; [Homes] ; basedir regex = /home ; [afpuser's AFP share] path = /home/afpuser valid users = afpuser
As you can see the configuration file has two distinct categories and for any new share you would add a new category at the bottom. Start the service and set it to start automatically on the next boot:
/etc/rc.d/init.d/netatalk start chkconfig netatalk on
Only thing left is to open port 548 and for this you can use system-config-firewall or system-config-firewall-tui and you are done!
By changing the configuration file we can get some more features. For example, if we want to enable guest login to our share, the configuration file could look like this (the man page states that the username should be in quotes but should not) :
; ; Netatalk 3.x configuration file ; [Global] uam list = uams_guest.so uams_dhx.so uams_dhx2.so guest account = afpuser ; ; [Homes] ; basedir regex = /home ; [afpuser's AFP share] path = /home/afpuser valid users = afpuser guest
Any afp share can be enabled to be a Time Machine destination by just adding one extra line:
[afpuser's AFP share] path = /home/afpuser valid users = afpuser time machine = yes
The following three tips apply to the [Global] section. We can enable the afpstats to see the number of active connections, source, time and status just by adding
afpstats = yes
Add a message to be displayed with every login by adding
login message = "Welcome to a Linux box"
Appear on Bonjour as an Apple machine with
mimic model = Macmini
As you can see, a basic configuration of the service is trivial. The performance and stability of this AFP fileserver makes it worth considering. I have reached 77MB/s downloads from an old Dell laptop. The project has support for ldap authentication and even variables for share names. It is a shame the variables are still not supported in file paths. For more advanced configurations check its documentation at http://netatalk.sourceforge.net/3.0/htmldocs/
Every day, Linux is more present in the Mac world. For example, today you can have a Munki server, MunkiWebAdmin and offer pkg downloads from a Linux box while administering the server from your Mac computer using AFP.
Fwiw, Netatalk can use PAM for authentication if support for that is compiled in (the default), there’s absolutely no need to create /etc/afppasswd and add users with afppasswd -a afpuser.
And with our Solaris servers and 10 Gbit interfaces we get more then 1000 MB/s out of it.
–slow, a Netatalk developer 🙂
I stand corrected. What about mapping the guest user in quotes, would you at least give me that? 🙂
Performance-wise I was impressed during the testing.
thanks slow
The only thing necessary to enable guest login is adding the guest UAM to the list of UAMs (and restart Netatalk). The default UNIX account used for connecting guests is ‘nobody’ which is just fine most of the times.
Does Spotlight function on Netatalk?
The next version will: http://www.netafp.com/spotlight-technology-preview-4-1106/
You might also be interested in this BSD Unix Mac server replacement complete with ZFS file system and NFS. http://signalboxes.net/howto/freebsd-file-server-for-mac-clients/
Thanks for taking this opportunity to talk about this, I feel fervently about it and I like learning about this subject. http://chexsystemsremovals.com