| SUSE LINUX – Administration Guide Chapter 17. Heterogenous Networks / 17.2. Netatalk | ||||
|---|---|---|---|---|
 | Chapter 17. Heterogenous Networks | 17.3. NetWare Emulation with MARSNWE |  | |
| SUSE LINUX – Administration Guide Chapter 17. Heterogenous Networks / 17.2. Netatalk | ||||
|---|---|---|---|---|
| Chapter 17. Heterogenous Networks | 17.3. NetWare Emulation with MARSNWE | | |
With Netatalk, obtain a high-performance file and print server for MacOS clients. With it, access data on a Linux machine from a Macintosh or print to a connected printer. Netatalk is a suite of Unix programs that run on kernel-based DDP (Datagram Delivery Protocol) and implement the AppleTalk protocol family (ADSP, ATP, ASP, RTMP, NBP, ZIP, AEP, and PAP).
AppleTalk is, in effect, an equivalent to the more familiar protocol TCP (Transmission Control Protocol). It has counterparts to many TCP/IP-based services, including services for resolving host names and time synchronization. For example, the command aecho (AEP, AppleTalk Echo Protocol) is used instead of ping (ICMP ECHO_REQUEST, Internet Control Message Protocol).
The three daemons described below are normally started on the server:
atalkd (“AppleTalk Network Manager”), which corresponds to the program ip
afpd (“AppleTalk Filing Protocol daemon”), which provides an interface for Macintosh clients to Unix file systems.
papd (“Printer Access Protocol daemon”), which makes printers available in the (AppleTalk) network.
Server directories can be exported with Netatalk at the same time as with Samba for Windows clients (see Section 17.1.1.2. “Clients”) and via NFS (see Section 14.9. “NFS — Shared File Systems”), which is very useful in heterogeneous network environments. This centralizes the management of data backup and user permissions on the Linux server.
There are a number of limitations when working with Netatalk:
Due to Macintosh client restrictions, the user passwords on the server cannot be longer than eight characters.
Macintosh clients cannot access Unix files with names longer than 31 characters.
File names may not contain colons (:) because they serve as path name separators in MacOS.
In the default configuration, Netatalk is already fully functional as a file server for home directories of the Linux system. To use the extended features, define some settings in the configuration files. These are located in the /etc/netatalk directory.
All configuration files are pure text files. Text that follows a hash mark # (comments) and empty lines can be disregarded. The various services (printing, Appletalk broadcast, Appletalk via TCP/IP, time server) can be activated through the file /etc/netatalk/netatalk.conf:
ATALKD_RUN=yes PAPD_RUN=yes AFPD_RUN=yes TIMELORD_RUN=no
Define, in /etc/netatalk/atalkd.conf, over which interfaces services are provided. This is usually eth0. In the example file that comes with Netatalk, this is the case. Enter additional interfaces to use several network cards at the same time. When the server is started, it searches the network for existing zones and servers and modifies the corresponding lines by entering the set AppleTalk network addresses. You will then find a line such as
eth0 -phase 2 -net 0-65534 -addr 65280.57
at the end of the file. For more complex configurations, refer to examples in the configuration file. Find documentation about additional options in the manual page of afpd.
The afpd.conf file contains definitions for how your file server appears on MacOS machines as an item under the dialog. As is the case with the other configuration files, these also contain detailed comments explaining the wide variety of options.
If you do not change anything here, the default server is simply started and displayed with the host name in the . Therefore, you do not necessarily need to enter anything. However, you can give additional file servers a variety of names and options here, for example, to provide a specific guest server on which everybody can save files as “guest”.
"Guest server" -uamlist uams_guest.so
Define a server that denies guests access, but which is only accessible for users who already exist in the Linux system with:
"Font server" -uamlist uams_clrtxt.so,uams_dhx.so
This behavior is controlled by the option uamlist followed by a list of authentication modules to use separated by commas. If you do not provide this option, all procedures are active by default.
An AppleShare server not only provides its services by default via AppleTalk, but also via TCP/IP (encapsulated). The default port is 548. Assign dedicated ports to additional AppleShare servers (on the same machine) if these should also run via TCP. The availability of the service via TCP/IP enables access to the server even over non-AppleTalk networks, such as the Internet. In this case, the syntax would read:
"Font server" -uamlist uams_clrtxt.so,uams_dhx.so -port 12000
The AppleShare server, set to the port 12000, then appears in the network with the name Font server and does not allow guest access. In this way, it is also accessible via TCP/IP routers.
The file AppleVolumes.default (described in detail below) defines which directories located on the server are made available by each AppleShare server as network volumes. By using the -defaultvol option for a given AppleShare server, specify another file that defines different directories. The corresponding command (read as one line) is:
"Guest server" -uamlist uams_guest.so -defaultvol /etc/netatalk/AppleVolumes.guest
Further options are explained in the afpd.conf file itself.
Here, define directories to export. The access permissions are defined with the customary Unix user and group permissions. This is configured in the AppleVolumes.default file. Along with AppleVolumes.default, additional files can be created, such as AppleVolumes.guest, used by some servers (by giving the option -defaultvol in the afpd.conf file. See the previous section).
![[Important]](admon/important.png) | Important |
|---|---|
Here, the syntax has partially changed. Take this into consideration if you are updating this version from a previous one. For example, it is now allow: instead of access= (a typical symptom would be if, instead of the drive descriptions, you were to see a display of the drive options on the Mac clients in the ). Because the new files are created with the .rpmnew endings during an update, it is possible that your previous settings may no longer function as a result of the modified syntax. Create backups of your configuration files, copy your old configuration into the new files, then rename these files to the proper names. This way, benefit from the current comments contained in the configuration files, which provide a detailed explanation of the options. | |
The example shown here:
/usr/local/psfonts "PostScript Fonts"
indicates that the Linux directory /usr/local/psfonts, located in the root directory, is available as an AppleShare volume with the name “PostScript Fonts”.
Options are separated by a space and attached to the end of a line. A very useful option is the access restriction:
/usr/local/psfonts "PostScript Fonts" allow:User1,@group0
This restricts access to the volume “PostScript Fonts” to the user “User1” and all members of the group “group0”. The users and groups entered here must be known to the Linux system. Likewise, explicitly deny users access with deny:User2. These restrictions only apply to access via AppleTalk and not to the normal access rights users have if they can log in to the server itself.
Netatalk maps the customary Resource Fork of MacOS files to .AppleDouble directories in the Linux file system. Using the noadouble option, set these directories to be created only when they are actually needed. The syntax is:
/usr/local/guests "Guests" options:noadouble
Additional options and features can be found in the explanations included in the file itself.
The tilde (~) in this configuration file stands for the home directory for each and every user on the server. This way, every user can easily access his home directory without each one being defined explicitly here. The example file installed already includes a tilde, which is why Netatalk makes the home directory available by default as long as you do not modify anything in this file.
afpd also searches for a file Applevolumes or .Applevolumes in the home directory of a user logged in to the system. Entries in this file supplement the entries in the server files AppleVolumes.system and AppleVolumes.default to enable individual type and creator file settings and to access specific directories. These entries are extensions and do not allow access for the user for whom access permission is denied from the server side.
The netatalk.pamd file is used, via PAM (pluggable authentication modules), for authentication purposes. Using PAM is, however, irrelevant in this context.
In the AppleVolumes.System file, define which customary MacOS type and creator specifications are assigned to certain file endings. An entire series of default values are already predefined. If a file is displayed by a generic white icon, there is not yet an entry for it in this file. If you encounter a problem with a text file belonging to another system, which cannot be opened properly in MacOS or vice versa, check the entries there.
Make a laserwriter service available by configuring the papd.conf file. The printer must be already functioning locally with lpd, so configure a printer as described in Chapter 5. Printer Operation. If you can print a text file locally using the command lpr file.txt, the first step has been successfully completed.
You do not necessarily need to enter anything in papd.conf if a local printer is configured in Linux, because print jobs can simply be forwarded to the print daemon lpd without additional settings. The printer registers itself in the AppleTalk network as Laserwriter. You can, however, extend your printer entries as follows:
Printer_Reception:pr=lp:pd=/etc/netatalk/kyocera.ppd
This causes the printer named Printer_Reception to appear as a item. The corresponding printer description file is usually provided by the vendor. Otherwise, refer to the file Laserwriter located in the folder. However, when using this file you often cannot use all of the printer's features.
The server can be started at system boot time via its init script or manually with rcatalk start. The init script is located at /etc/init.d/netatalk. The actual starting of the server takes place in the background. It takes about a minute until the AppleTalk interfaces are set up and responsive. Check for the status as shown in the following (all servers are running if OK is reported three times):
rcatalk status Checking for service atalk:OKOKOK
From a Mac running MacOS, check for AppleTalk activation, choose , then double-click . The names of the servers should then appear in the window. Double-click a server and log in. It should then be possible to access a shared volume.
The procedure is a bit different for AppleShare servers configured to use TCP only (and no DDP). To connect, press and enter the respective IP address. If necessary, append the port number, separated by a colon (:).
