Apple File Protocol (AFP) using NetAtalk on CentoS

 

It is important to note that the AFP protocol implemented by netatalk preceeds such elements as TimeMachine and does not support calls used in the latest versions of Apples AFP. 

For generalized data-file sharing (or a networked Time Machine drive) you may be better off with Samba.

For networked home directories (or PHD) you may be better off with NFS v3.


If however, you want the combination of security and unix style permissions or if you just want AFP for  reasons of your own, NetAtalk may be for you.  Here is how to make it work:


First Install the required components:


yum install gcc

yum install automake autoconf

yum install db4-devel

yum install db4

yum install cups-devel

yum install GSSAPI

yum install libgssapi-devel

yum install libgssapi

yum install  libgssapi-devel

yum install krb5-devel

yum install krb4-devel

yum install pam-devel

yum install shadow-devel

yum install openssl-devel

yum install cracklib-devel

yum install cracklib


Then, edit the following files  to ensure compatibility with db4.


/bin/cnid/cnid_index.c and /etc/cnid_dbd/dbif.c


-    ret = db->stat(db, &sp, 0);

  1. +   ret = db->stat(db, NULL, &sp, 0);


Run configure:


./configure --enable-redhat --enable-cups --enable-pgp-uam --enable-krb4-uam --enable-krbV-uam --with-pam --with-shadow --with-ssldir=/usr --with-cracklib



ensure the following after configuring:


Configure summary:

    Install style:

         redhat

    AFP:

         AFP 3.x calls activated: yes

         Large file support (>2GB) for AFP3: yes

         DDP enabled: yes

    CNID:

         backends:  cdb dbd last

    UAMS:

         DHX     (PAM SHADOW)

         RANDNUM (PAM SHADOW)

         Kerberos V

         Kerberos IV

         PGP

         passwd  (PAM SHADOW)

         guest

    Options:

         CUPS support:           yes

         SLP support:            no

         tcp wrapper support:    yes

         quota support:          yes

         admin group support:    yes

         valid shell check:      yes

         cracklib support:       yes

         dropbox kludge:         no

         force volume uid/gid:   no

         Apple 2 boot support:   no



Make and install the software.


To configure a shared directory:


Sample line to share a file:  Note the option to enforce Unix permissions.  Without this anyone can take ownership of anything, overwriting the existing ownership and permissions no matter what the original ones are!!


In /usr/local/etc/netatalk/AppleVolumes.default:


/data options:upriv allow:eric,jane,kerstin,spidy,leon


-----------------

In /usr/local/etc/netatalk/netatalk.conf


Turn some things off (like appletalk)

ATALKD_RUN=no

PAPD_RUN=no

CNID_METAD_RUN=yes

AFPD_RUN=yes

TIMELORD_RUN=no

A2BOOT_RUN=no


------------------


In /usr/local/etc/netatalk/afpd.conf


- -tcp --uamlist uams_dhx.so,uams_clrtxt.so,uams_passwd.so,uams_gss.so


-------------------


And to advertise via avahi:


In: /etc/avahi/services/afpd.service


<?xml version="1.0" standalone='no'?><!--*-nxml-*-->

<!DOCTYPE service-group SYSTEM "avahi-service.dtd">

<service-group>

<name replace-wildcards="yes">%h AFP</name>

<service>

<type>_afpovertcp._tcp</type>

<port>548</port>

</service>

</service-group>



--------------------------


startup the atalk and avahi-daemon from init.d and away you go.


Note that if you have security features such as firewalling turned on, you will need to deal with opening the required ports.