How to: Install Netatalk (AFP) on Ubuntu with Encrypted Authentication
Purpose: Install Netatalk (AFP) on Ubuntu with encrypted authentication (using OpenSSL), which is not enabled by default with the Ubuntu netatalk package. By default, the package installed from the Ubuntu universal repositories will transmit your password via clear text (you’ll know this because Mac OS X Tiger will throw a warning saying: “Your password is being sent in clear text!” and Leopard won’t let you connect at all).
This is because, apparently, OpenSSL has a license that is incompatible with Debian’s GPL. Regardless: clear text is bad; encryption is good. And since Ubuntu doesn’t package netatalk with the appropriate encryption support, one must do it oneself.
Updated on 05.18.2008 for Hardy Heron (8.04); should still be compatible with 6.06, 7.04, and 7.10.
about this guide
When I first found that Ubuntu’s netatalk package didn’t support encrypted authentication, I tried to compile netatalk from the source. I didn’t get very far. Throwing up my hands in frustration, I spent some more time on google and found some ideas at the Ubuntu Forums. Pulling together a couple of different posts in some threads, I came up with what I thought to be a pretty simple command-line approach to getting netatalk rolling with encrypted authentication without having to worry about all the dependencies and other craziness that comes with building it from source.
That guide is below.
Since I first posted this guide, I have gotten a lot of good suggestions in the comments and by email (including the recent changes to this guide to make it work for 8.04). I am including all that info with this update.
steps to follow
(You will need to have the Universe Repositories enabled for this to work: /etc/apt/sources.list)
$ mkdir -p ~/src/netatalk$ cd ~/src/netatalk$ sudo aptitude install devscripts cracklib2-dev dpkg-dev libssl-dev$ apt-get source netatalk$ sudo apt-get build-dep netatalk$ cd netatalk-2.0.3$ sudo su# DEB_BUILD_OPTIONS=ssl sudo dpkg-buildpackage -us -uc# debi# exit$ echo "netatalk hold" | sudo dpkg --set-selections
The basic trend of this set of operations is to: create a directory where all the messy files can be stored, download necessary packages, get the netatalk source, compile the source with the ssl option, install the package, then tell Ubuntu never to update the package (because if it did, it would break).
After you are done, you can remove all the source files, if you want, or leave it alone. Either way: once it is installed you should be able to connect using a secure authentication method.
To connect to your AFP server on your Mac Finder, press APPLE-K (or “Go -> Connect to Server”). Enter the server’s IP address and then you will be prompted for your user name and password. After, it will mount your home directory.
Settings for the netatalk service can be found on your Ubuntu machine at /etc/netatalk/. There are a couple configuration files in there with instructions. Good luck.
other tips and tricks
Update (9/24/07 & 10/22/07): I’ve noticed a few people mentioning they get an error when compiling and/or starting netatalk (from ubuntuforums.org as well). Folks with more than one available network adapter (like eth1 and eth2, or virtual adapters created by vmware) seem to run an error when they compile and during runtime . During compile time you might have have an error that ends in:
dpkg: error processing netatalk (--install):subprocess post-installation script returned error exit status 1Errors were encountered while processing:netatalkdebi: debpkg -i failed
After this, you would probably get an error at runtime that looked like:
Starting Netatalk services (this will take a while): nbp_rgstr: Connection timed out
Tim Pope wrote a suggested fix in the comments below that should eliminate the conflict between the multiple adapters. I only have one adapter myself (and don’t use vmware) so I haven’t had a chance to try it yet myself. Let me know if this works for you as well.
86 Comments
Thank you. That was very helpful.
Comment by George Calm
April 30, 2007 @ 3:00 am | Link
Really. Thanks.
Comment by Sven
May 6, 2007 @ 4:34 am | Link
This works great, until I upgrade netatalk, and then it stops working. In thread you linked here from, a poster mentions a conflict with VMWare, but I’m not running any. Reinstalling makes it work again, but it Ubuntu will again see an upgrade for netatalk. Any suggestions/solutions to this are appreaciated.
Comment by chillin
May 17, 2007 @ 8:13 pm | Link
You wrote:
Hmm … these steps will install the latest version of netatalk, which is 2.0.3. So you shouldn’t have to upgrade. I assume that you are using a Ubuntu Desktop edition ? Perhaps the Update Manager doesn’t see the correct version that you have already installed ?
To be honest, I am not sure how to fix the Update Manager if that is what is causing the problem. Have you tried re-installing netatalk and then running an
aptitude upgradeorapt-get upgradeto see if that also messes up your install? I believe that on my system, when I have upgraded, it has held back the netatalk package — but I run a server edition.In short though: you don’t need to upgrade. Go back to the directory you downloaded and compiled everything to and run
sudo debiagain … this should re-install it. (You have may have to remove it first.)Let me know if that works.
Comment by Damon
May 18, 2007 @ 5:53 am | Link
Thanks so much! It worked perfectly, no questions asked!
I know this is outside the scope of your howto, but do you know what to edit to change the name of the networked drive? netatalk tells my Mac it’s “Home Directory” but I would like to give it a different name.
Thanks again!
Comment by John
June 14, 2007 @ 7:15 pm | Link
You can edit the settings file by going to:
$ sudo nano /etc/netatalk/AppleVolumes.defaultThen, at the very bottom, you will see “Home Directory” in quotes. You can change it to whatever you want. I set mine to “$u” so it shows the username.
D
Comment by Damon
June 14, 2007 @ 7:17 pm | Link
Sorry, I spoke too soon. To all curious, it’s in
/etc/netatalk/AppleVolumes.default
You can add/edit/rename volumes there with a really easy syntax. It’s just
/volume’s/path “Volume Name”
/another/volume “Second Volume’s Name”
Comment by John
June 14, 2007 @ 7:18 pm | Link
this command:
$ sudo aptitude install devscripts cracklib2-dev dpkg-dev libssl-dev
did this:
E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
Reading package lists… Done
Building dependency tree
Reading state information… Done
Initializing package states… Done
Building tag database… Done
E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
That’s as far as I got.
Comment by Eric
July 3, 2007 @ 9:07 am | Link
I usually get that error when another process is using
aptat the same time I try to runaptitude… so, do you have you Package Manager software open at the same time or are you trying to install packages or software with anything else running?If you try a clean reboot, and run this first, and still get this error … well, let me know. I don’t think you should though.
Comment by Damon
July 3, 2007 @ 9:12 am | Link
Hi
did this on Ubuntu and it worked perfectly with instructions. Ubuntu said it updates for netatalk and I updated - now it does not allow connections. Services start up normally upon reboot of pc but when I restart the services I get the following:
nbp_rgstr: Connection timed out
Can’t register dhashen-desktop:Workstation@*
What can I do?
Comment by majikins
July 9, 2007 @ 11:24 am | Link
$ echo "netatalk hold" | sudo dpkg --set-selectionsshould do the trick and hold back netatalk when performing updates
Comment by Magnus
July 11, 2007 @ 10:14 am | Link
I tried building netatalk with SSL and got the following errors. Can you help?
Thank you!
——————————–
pheed@IBM-Linux:~/src/netatalk/netatalk-2.0.3$ DEB_BUILD_OPTIONS=ssl sudo dpkg-buildpackage -us -ucdpkg-buildpackage: source package is netatalk
dpkg-buildpackage: source version is 2.0.3-5
dpkg-buildpackage: source changed by Jonas Smedegaard
dpkg-buildpackage: host architecture i386
dpkg-buildpackage: source version without epoch 2.0.3-5
dpkg-checkbuilddeps: Unmet build dependencies: cdbs (>= 0.4.23-1.1) autotools-dev debhelper (>= 4.2.0) quilt patchutils (>= 0.2.25) cdbs (>= 0.4.27-1) dh-buildinfo d-shlibs (>> 0.19) libdb4.2-dev libwrap0-dev libpam0g-dev libslp-dev libcupsys2-dev heimdal-dev
dpkg-buildpackage: Build dependencies/conflicts unsatisfied; aborting.
dpkg-buildpackage: (Use -d flag to override.)
Comment by Chris Phillips
July 11, 2007 @ 9:10 pm | Link
@ Magnus: thanks for the suggestion. I will add it to the end of the “How To:” — want to test it out myself as well, because, although I haven’t upgraded since I did the install, would like to avoid that problem. Appreciate it!
@ Chris Phillips: sounds like you don’t have all the dependencies ready for the installation … are you sure you ran these three lines:
$ sudo aptitude install devscripts cracklib2-dev dpkg-dev libssl-dev$ apt-get source netatalk
$ sudo apt-get build-dep netatalk
If you did, and you still get these errors … maybe try installing each of “Ummet build dependencies” using apt-get or aptitude? Let me know what happens.
Comment by Damon
July 12, 2007 @ 7:49 am | Link
Damon, thanks for your help. I must have mistyped one of the earlier commands. I tried a second time and it worked perfectly. Thanks again!
Comment by Chris Phillips
July 13, 2007 @ 10:52 pm | Link
please consider it adding to the installation Ubuntu/Debian guide.
Comment by girish
July 17, 2007 @ 11:39 am | Link
Works perfectly on Debian etch via SSH.
Comment by Simone
July 20, 2007 @ 8:37 am | Link
I ran into a couple of issues on 6.10. For one thing, the SSL directory is not set correctly in netatalk*/debian/rules. Going on information I found on Ubuntu forums post ” Netatalk - No encrypted authentication” I modified it to include the correct directory. Also, for some reason it was defaulting to no ssl support for me even though I had it set in $DEB_BUILD_OPTIONS. Once more I ventured into the debian/rules file and just forced it to compile with ssl support. That fixed it.
Comment by Brian
July 22, 2007 @ 1:06 pm | Link
Update: Whoops, just realized I’m actually on 6.06 right now. Made the change a while back and forgot about it :).
Comment by Brian
July 22, 2007 @ 2:36 pm | Link
Hey, great work man, I appreciate it.
I adapted some of it for a guide I did on creating an AFP file server with some other features in Ubuntu, hope you don´t mind. You can check out the guide here:
http://www.seadna.net/2007/08/01/how-to-set-up-an-afp-server-in-ubuntu/
Thanks!
Even.
Comment by Even
August 22, 2007 @ 12:04 pm | Link
[…] (Big thanks to Damon Timm for putting together the quickest way to set up AFP with SSL using just those commands above) […]
Pingback by Red Rum » Blog Archive » How to set up an AFP-server in Ubuntu
August 22, 2007 @ 12:49 pm | Link
Thanks Damon, worked like a charm..
Comment by Shaun
September 13, 2007 @ 4:35 pm | Link
Im getting the following error after using the sudo debi command,
Selecting previously deselected package netatalk.(Reading database ... 122889 files and directories currently installed.)
Unpacking netatalk (from netatalk_2.0.3-5_i386.deb) ...
Setting up netatalk (2.0.3-5) ...
Starting Netatalk services (this will take a while): nbp_rgstr: Connection timed out
Can't register milton-desktop:Workstation@*
invoke-rc.d: initscript netatalk, action "start" failed.
dpkg: error processing netatalk (--install):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
netatalk
debi: debpkg -i failed
can’t work out what I’ve done wrong, any idea’s?
Comment by tricky
September 23, 2007 @ 8:06 am | Link
@ tricky: hmm … I am not sure, off hand, what could be causing this problem … unless you have VMWare installed? Check out this post at the Ubuntu Forums. Otherwise, my only suggestion would be to make sure you followed the steps letter-for-letter … sorry I can’t be more help. Let me know if that fixes it.
Comment by Damon
September 23, 2007 @ 8:12 am | Link
This sounds promising as I have messed with VMWare in the past.
Thanks Damon, will report back.
Comment by tricky
September 23, 2007 @ 9:05 am | Link
Thanks Damon.
Removing VMWare worked for me.
Comment by tricky
September 24, 2007 @ 8:53 am | Link
@ tricky:
I’m having your same problem. But I DO use VMware player 2.0 to develop with visual Studio 2005 . ( Work for the university )….
Any ideas about how to get rid of that problem without having to UNINSTALL VMware ???
Here’s my thread in ubuntu forums
http://ubuntuforums.org/showthread.php?t=410274&page=2
Comment by Nicolas Goles
September 24, 2007 @ 9:30 pm | Link
@ Nicolas Goles:
I don’t have a solution, sorry, and don’t have a way to test it since I am not using VMWare — though I would like to try and use it in the future.
My suggestion would be to try the netatalk-admins mailing list … the folks there might have an answer (have helped me with some fairly interesting problems personally).
If you do find a solution would love to include it here and at the forum because as VMWare gains popularity I’m sure others will have the same issue.
Comment by Damon
September 25, 2007 @ 6:09 pm | Link
Hi if you get the error
dpkg: error processing netatalk (--install):subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
netatalk
debi: debpkg -i failed
this is normally due to having more than one network interface (i have 2 and get this issue) the reason its also a vmware issue is they create a virtual network for communication.
the fix for me was simple
navigate to
/etc/netatalkand open upatalkd.confin your preferred text editor (you’ll have to sudo).if you know all your network adapters then skip this paragraph… otherwise open up a terminal and run the command ‘ifconfig -a’ this will list your adapters… in my case i have ‘eth0′, ‘eth1′ and ‘lo’ (ignore lo as its a loopback device but remember the others)
in atalkd.conf add the lines
eth0 -norouteeth1 -noroute
(or whatever the eth you have)
save do the debi and it should all work fine :-)
Comment by Tim Pope
October 22, 2007 @ 5:17 am | Link
@ Tim Pope: Thanks for those suggestions — great! I only have
eth0currently but was considering a system upgrade which would bring me to two or more ethernet adapters (and maybe use of vmware as well) so it’s nice to know there is a work around. I am going to link to your comment in the main post so people can find it easily enough.Thanks!
Comment by Damon
October 22, 2007 @ 6:01 am | Link
Hi,
everything worked fine on the ubuntu side, but when I try to connect a Mac to the server I get an error indicating that I am using a wrong user or password. The dialog box on the mac does’nt let me login as guest, and the username and password I am using are the ones I use to login to the server.
Do I have to specify a different set of passwords? what could be wrong?
Comment by Ramirop
October 26, 2007 @ 4:00 pm | Link
@ Ramirop: hi there. You should be able to use the same username and password as the
~/homedirectory you are attempting to mount … at least, that is the default setting that I got.You should view the contents of:
/etc/netatalk/on the server; there are a couple configurations files and some of them set which directories you can mount and which ones you want to allow guest access for. Guest access is not available by default — you need to select a mount point (and I would recommend it not be your home folder).Take a look there — are instructions in the configurations files. Be sure to save a backup of each file before you change it.
Hope that helps.
Damon
Comment by Damon
October 26, 2007 @ 8:05 pm | Link
Hi Damon,
Hope you can shed some light here.. I have ubuntu 7.10 running netatalk, with a USB2.0 HFS+ (non-journaled) drive hooked up. It works fine, however the permissions are a mess.
IE, I can’t even mount the drive in netatalk (samba works fine), MacOS just gives me some weird Finder error when I try to mount it.
My AppleVolumes.default is set to
/mnt/mac “Network Mac” allow:username
I’m not sure if I’m doing something wrong, but there aren’t any recent “docs” on netatalk to properly setup something like this. The reason I’m using HFS is because I need to move the drive back and forth between ubuntu and a mac at work and I need to keep it consistent.
Any help you could offer would be great
Comment by JR
October 26, 2007 @ 8:23 pm | Link
@ JR: Sounds like maybe you are on the right track with the permissions being an issue — though I don’t know exactly what the problem is. Sorry. Maybe without journaling setup netatalk can’t store the required information for each file or something … I’m really not sure.
My recommendation is join the Netatalk Admin Mailing List:
https://lists.sourceforge.net/lists/listinfo/netatalk-admins
You can post your question there. I have asked some questions in the past and get quick answers. Sorry I can’t help more. Let me know if you find an answer.
Comment by Damon
October 27, 2007 @ 7:48 am | Link
[…] I found two posts by Damon Timm and Durk Hellinga (on Vivaldi Street in Leeuwarden, Netherlands, no less) that describe the general process. However, as my comment on Durk’s blog says, I had some problems with circular dependencies. When you try to build the package with dpkg-buildpackage, it complains about some dependencies: % DEB_BUILD_OPTIONS=ssl dpkg-buildpackage dpkg-checkbuilddeps: Unmet build dependencies: cdbs (>= 0.4.6) debhelper (>= 4.1.46) dh-buildinfo d-shlibs (>> 0.19) libdb4.2-dev libwrap0-dev libpam0g-dev libslp-dev libcupsys2-dev heimdal-dev (>= 0.7.1-3) debuild: fatal error at line 993: You do not appear to have all build dependencies properly met, aborting. (Use -d flag to override.) If you have the pbuilder package installed you can run /usr/lib/pbuilder/pbuilder-satisfydepends as root to install the required packages, or you can do it manually using dpkg or apt using the error messages just above this message. […]
Pingback by SAKUZAKU » Blog Archive » Making netatalk Work on Debian with Leopard
October 29, 2007 @ 2:59 am | Link
Hi,
I’ve troubles login in to my netatalk. I tried this guide out, but the problem still remain. I can set everything up and get it running. But after I enter my login and password I get this error:
Connection Failed.
Please help me!
PS. I run debian on the server and leopard on the macbook.
Comment by Glass
October 29, 2007 @ 3:43 pm | Link
Thanks,
that worked well. Unfortunately the netatalk-server does only connect to lo0. my atalkd.conf looks like this:
eth0 -router -phase 2 -net 1-1000 -addr 1000.142 -zone “Macs”
i copied the asip-status.pl - script to my mac and checked from there it tells me:
Network address: 127.0.1.1 (TCP/IP address)
Network address: 1000.142 (ddp address)
i saw some other references to problems like this while googling (which is how i found out about asip-status.pl) but i could not find a solution. Do you happen to have an idea?
Comment by Mike Beck
November 3, 2007 @ 11:29 am | Link
@ Glass: Hi there, sorry you are having trouble. Are you able to ping your server or make other types of connections ? (such as through ssh or apache?) Do you have firewall (iptables) running on the server ? portmap ? The first thing I would suggest is determining if you requests for a connection are even reaching the server. If they are, and netatalk isn’t responding … then can go from there ? Have you tried a port scan of the server to see if the ports are open and available for netatalk ?
@ Mike Beck: Geez, am not sure what’s wrong there. I don’t have any configuration variables in my
/etc/netatalk/atalkd.conffile. After the default installation you aren’t getting any connections? I would suggest contacting the mailing list. I have the link a few comments above this. Sorry!Comment by Damon
November 4, 2007 @ 8:48 am | Link
@ Damon: First, thanks for you reply.
I can connect to my server with ssh, apache, smb, vnc etc etc. I can also connect to netatalk, but not login. If I stop the netatalk service, I don’t get the login screen. I have also tried to change the port without success. I still get the login screen, but I can’t login (says it fails error “-5002″).
Comment by Glass
November 4, 2007 @ 2:24 pm | Link
[…] This is obviously because the new Finder only shows SMB- and AFP-shares in the sidebar. I won’t use SMB, that’s for sure. So I installed netatalk (with encryption support) using one of the many good and easy to follow instructions and it does a very good job. I liked NFS a lot (and I’d still be able to mount it manually, btw.), but for my setup AFP suites much better. It (at least feels) much faster and snappier, does authentication and automatically shows the user’s home directory. […]
Pingback by Daniel’s Weblog » Blog Archive » Where have all my NFS shares gone?
November 7, 2007 @ 3:41 am | Link
@ Glass: I’ll be honest, I don’t know what’s going on. Sorry. I am not really a netatalk guru. Just browsed enough web pages to put together this “how to”. Smile. Try their mailing list (mentioned above). They have been very helpful to me.
Comment by Damon
November 9, 2007 @ 9:10 pm | Link
I, too, am having problems. I added eth0 -noroute, eth1 -noroute, and even tried adding irda0 -noroute, and am still not getting the final step to work.
Anyone have any ideas?
casey@casey-laptop:~/src/netatalk/netatalk-2.0.3$ sudo debi
(Reading database … 104274 files and directories currently installed.)
Preparing to replace netatalk 2.0.3-6ubuntu1 (using netatalk_2.0.3-6ubuntu1_i386.deb) …
Stopping Netatalk Daemons: afpd cnid_metad papd timelord atalkd.
Unpacking replacement netatalk …
Setting up netatalk (2.0.3-6ubuntu1) …
Installing new version of config file /etc/default/netatalk …
Installing new version of config file /etc/init.d/netatalk …
Installing new version of config file /etc/pam.d/netatalk …
Starting Netatalk services (this will take a while): noroute: attribute not found.
eth1: disabled.
atalkd: zero interfaces, exiting.
invoke-rc.d: initscript netatalk, action “start” failed.
dpkg: error processing netatalk (–install):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
netatalk
debi: debpkg -i failed
Comment by casey
November 11, 2007 @ 2:45 pm | Link
Thankx,
just wanna say thankx; it work for me @ once :-D I,m using a Imac G5 with tiger 10.4.10 and ubuntu desktop 7.10 and it all worked.
so thankx for this tutorial
Comment by Sukkelkind
November 13, 2007 @ 2:46 am | Link
@casey: I had the same error. Read atalkd.conf again - it looks like they changed the -noroute option to -dontroute. I’m running netatalk 2.0.3 - if you’re running the same version, it’s very likely that this is your problem.
So add:
eth0 -dontroute
eth1 -dontroute
Comment by Silviu
November 20, 2007 @ 10:13 am | Link
[…] http://www.damontimm.com […]
Pingback by dunull.org » Ubuntu and Mac OS X - Sharing folders with netatalk
November 21, 2007 @ 6:38 am | Link
[…] Install netatalk with ssh enabled on your Linux box (instructions for doing this on Ubuntu are found here). […]
Pingback by Pherg.net » Blog Archive » Mac OS 10.5 Time Machine with Linux Server
November 29, 2007 @ 9:31 am | Link
Worked a treat on 64bit Ubuntu… Many thanks…
Comment by Alex
December 7, 2007 @ 1:28 pm | Link
[…] How to: Install Netatalk (AFP) on Ubuntu with Encrypted Authentication […]
Pingback by How to: Install Netatalk (AFP) on Ubuntu with Encrypted Authentication @ โหน่ง : N^o^NG
December 11, 2007 @ 8:53 am | Link
I’ve got two netatalk servers (ubuntu 7.10 server) running on the same subnet. I can connect to either server from the same client from an OS X client, but not both (at the same time).
If I connect to one server as user “A”, then try to connect to the other server as user “B”, .. the Volume (user “B”) doesn’t appear. Rather, an unselectable “A” volume appears in the Connect to Server dialog (OS X client).
Any ideas?
Comment by billy code
January 3, 2008 @ 2:26 pm | Link
@ billy code: When you say “User A” do you mean “User A - Mac Client” or “User A - Server Client” ? I know I have had strange results when trying to mount multiple AFP servers from a single Mac; however, I haven’t had a problem having multiple users from a single Mac Client connect to different shares of a server.
Comment by Damon
January 5, 2008 @ 11:38 am | Link
Well have tried almost everything.
u will have to deinstall vmware fully “purge”
apt-get autoremove netatalk –purge
remove the src dir in ~
deinstall vmware software only. not the winxp dir/or any other os dir.
follow instructions above.
reinstall an be happy ” I mean vmware”
Comment by Rajkumar
January 5, 2008 @ 12:49 pm | Link
[…] So I got the Apple to talk Ubuntu. Well it was so cool. […]
Pingback by These cool things « Golbing
January 12, 2008 @ 12:20 am | Link
Damon.
Well done. As long as I followed your advice exactly it worked great with Gutsy Gibbon and Leopard!
Great and useful blog.
Terry
Comment by Terry Grignon
January 12, 2008 @ 12:25 am | Link
Great Thanks from France !!! This run out of the box…
Comment by Fred
January 17, 2008 @ 9:22 am | Link
[…] Well it turns out netatalk on Debian based systems is not linked to openssl and hence can’t do the DHX password encryption. Initially I was ticked off at this but after reading the bug and Debian legal’s position, I get why this is the case. I went about the process of rebuilding netatalk with the very helpful howto here and with additional help from this article. […]
Pingback by quagga’s bits » Alright, it’s time for a netatalk replacement
February 21, 2008 @ 11:01 am | Link
Very nice. Worked perfectly for even a newbie like me. I am using Ubuntu Server 6.06 LAMP install and Leopard.
Comment by Heather
March 28, 2008 @ 8:19 am | Link
Worked flawlessly, many thanks, excellent
Comment by francine
April 7, 2008 @ 9:10 am | Link
Anyone having the
“subprocess post-installation script returned error exit status 1″
problem who has not been able to get everything installed given the other suggestions here, I found this bug which adds one more step which cleared it up for me. Not sure if you need to do this in conjunction with the other fix or not, I did both and I am now up and running.
Fixed by changing two files:
1) /etc/default/netatalk
FROM: ATALK_NAME=`/bin/hostname –short`
TO: ATALK_NAME=`/bin/hostname`
2) /etc/init.d/netatalk
FROM: ATALK_NAME=`/bin/hostname –short`
TO: ATALK_NAME=`/bin/hostname`
FROM: https://bugs.launchpad.net/ubuntu/+source/netatalk/+bug/158076
Comment by Andrew
April 10, 2008 @ 12:55 am | Link
@ Andrew: What version of Ubuntu (if you are using Ubuntu) are you using ? Just curious …
Comment by Damon
April 10, 2008 @ 7:36 am | Link
@Damon
When I had to do that I was using Ubuntu 7.10, now after upgrading to Ubuntu 8.04 I only need to put the dontroute flag into the config file.
Andrew
Comment by Andrew
April 27, 2008 @ 5:50 pm | Link
[…] http://www.damontimm.com/blog/how-to-install-netatalk-afp-on-ubuntu-with-encrypted-authentication/ […]
Pingback by IDLYS » Blog Archive » Ubuntu Hardy Heron (8.04) avec Leopard (10.5)
April 29, 2008 @ 10:33 am | Link
This workaround appears to no longer work in Ubuntu Hardy. The dhx module is not built. If debian/rules is altered to point ssl to where it actually is, that makes no difference either. Given up and gone back to gentoo, which builds a fully-functional netatalk out of the ebuild.
Comment by Rachel
May 14, 2008 @ 7:00 am | Link
[…] Damon Timm has a great post on installing netatalk on Ubuntu with SSL support. I won’t go through the licensing issues again (I feel like enough people have done that already). Suffice to say, Ubuntu doesn’t ship netatalk with SSL enabled, and Leopard requires SSL support to connect to AFP shares out of the box. It’s easy enough to allow Leopard to use plaintext passwords with the following command: […]
Pingback by sethbc’s (infrequent) blog… » Blog Archive » Leopard, AFP and the Hardy Heron
May 15, 2008 @ 10:25 am | Link
When running
DEB_BUILD_OPTIONS=ssl sudo dpkg-buildpackage -us -uc
In Hardy I get
Found 736 different copyright and licensing combinations.
ERROR: The following new or changed copyright notices discovered:
UNKNOWN [1998 Owen TaylorPermission to use, copy, modify, and distribute this software and / notice appear in all copies and that / notice and this permission notice appear in supporting]: doc/htmldocs/netatalkconfig.1.html
To fix the situation please do the following:
1) Investigate the above changes and update debian/copyright as needed
2) Replace debian/copyright_hints with debian/copyright_newhints
make: *** [debian/stamp-copyright-check] Error 1
dpkg-buildpackage: failure: debian/rules build gave error exit status 2
Any idea’s
Comment by CB
May 18, 2008 @ 6:24 am | Link
@ CB: check out the comment above yours - I haven’t had a chance to update this “how to”, hope to do so soon. I’m not running a fresh version of Hardy yet … However, in the mean time, check out the pingback above. Hope you have good luck.
Comment by Damon
May 18, 2008 @ 6:44 am | Link
Got in a bit of a pickle as I have installed avahi-daemon and seem to have various Netatalk folders in my Home directory, but can’t see it in /etc.
MacBookPro see’s the share in side bar (10.5) but fails to connect even after clear text enabled.
How do I uninstall and start a fresh
Comment by CB
May 18, 2008 @ 7:27 am | Link
Got it!
Installed again with synaptic and it works.
Thanks for help, got my head round it now
Comment by CB
May 18, 2008 @ 7:36 am | Link
Thank you very much, Damon!
It works on my Ubuntu 8.04 Hardy Heron. But I still can not access my extra mount HD, For example, I have another HD, it’s mounted on /media/disk. I have this line:
/media/disk/ShareFiles “ShareFiles”
in the file of AppleVolumes.default. I can not access this “ShareFiles”
Could you please help me? Thanks again!
Comment by Jay
May 27, 2008 @ 10:33 pm | Link
@ Jay: did your default configuration work ? That is, were you able to visit your “Home Directory” as it is so cleverly called ?
If you were able to mount this directory, before making changes to the file, then I can think of only: [a] did you restart all the netatalk services after the change ? [b] are you even getting an option of “ShareFiles” when you mount (alongside “Home Directory”) or is that mount point absent ? [c] does your user have the correct permissions to view “ShareFiles” on the server ?
That’s all I can think of — you could also make sure that the “Home Directory” options match that of your “ShareFiles” options.
Damon
Comment by Damon
May 28, 2008 @ 6:43 am | Link
Hi Damon,
Thank you very much!
I hope I can give you more and clear explanations about what I did as the following.
1. After I install Netatalk, I modified my AppleVolumes.default file with these two lines:
~/ “Home Directory”
/media/disk/ShareFiles “ShareFiles”
2. I restart my Ubuntu, after log-in my Ubunt, I mount the second HD @ /media/disk, I have correct permission on the folder of ShareFiles, no any problem.
3. Then, I start my netatalk server on Ubuntu, then connect to Ubuntu from Mac, connect as the same user name and password on Ubuntu.
4. I can view two icons of “Home Directory” and “ShareFiles” on Mac, after I hit the icon of “ShareFiles”, a warning message pop-up, xxx can not find out…, but no any problem for the Icon of “Home Directory”;
It worked for my old Ubuntu 7.10 before. I hope you can help me, thank you very much again, Damon!
Jay.
Comment by Jay
May 28, 2008 @ 10:41 am | Link
Hi Damon,
I tried it again. If I change /media/disk/ShareFiles “ShareFiles” to /media/disk “ShareDisk”, I can access this mounted disk. I don’t understand why?
Anyway, I can use this Netatalk service now.
Thank you very much!
Jay.
Comment by Jay
May 28, 2008 @ 7:00 pm | Link
I don’t know either - that’s odd. Glad it works though!
Comment by Damon
May 28, 2008 @ 8:09 pm | Link
I have had Netatalk working for a long time on a Ubuntu box that I use as my Music Server. I recently updated both Mac to 10.5 and Ubuntu 8.04 I now get the message ‘home directory could not be mounted’ when connecting via the Mac. Netatalk is running and I have success connecting this way to another laptop running Ubuntu 8.04.
Any ideas
Comment by order
June 15, 2008 @ 3:42 am | Link
@ order: when you say you have success connecting this way to another laptop do you mean that you can connect from the Mac 10.5 to the laptop but not to your music server (both of which are running Ubuntu 8.04) and both of which have netatalk installed via the instructions above ? Did you do an in-place upgrade of Ubuntu on the Music Server ? I don’t know if I can help, but a little more information might let someone else chime in as well.
Comment by Damon
June 15, 2008 @ 12:11 pm | Link
You may have a good point with that. I did a in place upgrade on the Music Server and a clean install on the Laptop. Maybe a backup of the data and a clean install would be the best way to handle this. I’m a Mac support man by trade and have always taken the time to zero and do a clean build to get the best results. I don’t know if their is a command line on Linux to clean out unwanted crufted. On Mac 10.4 I used Applejack to fix permissions and fix low level problems. In Ubuntu I’m a newbie who likes just likes to learn.
Comment by order
June 17, 2008 @ 4:24 pm | Link
@ order: I don’t know of a command line way to clean up any of the brokenness of an in-place upgrade either. I prefer a clean slate myself, however, I have done one in-place upgrade from 6.06.1 to 8.04 and my netatalk didn’t break — so I am 1 for 1. Though I hesitate to try it again.
Comment by Damon
June 19, 2008 @ 5:38 am | Link
@ rachel: I have struggled to get this to build with the proper DHX support on Hardy and above, but I finally got it working last night. I’m not certain which of these steps did it, but it might be worth a try.
1) Completely remove netatalk, cracklib2-dev and libssl-dev:
sudo aptitude purge netatalk cracklib2-dev libssl-dev
2) Use a slightly different syntax for setting the build options (as per this page):
After downloading the netatalk source, edit ~/src/netatalk/netatalk-2.0.3/debian/rules. Find the line which says:
DEB_UPDATE_RCD_PARAMS := defaults 50
Add this line directly beneath it, then save the file:
DEB_BUILD_OPTIONS=ssl
3) I used a different command to build:
dpkg-buildpackage
4) Then installed with:
dpkg -i ~/src/netatalk/netatalk_2.0.3-9_i386.deb
After sorting the multiple ethernet issue (VMware), the modules are all in place and everything works perfectly (including the avahi daemon)!
What is strange is that I *thought* I had got this working when I first set things up over a year ago, because Tiger had stopped warning about cleartext passwords. It seems that wasn’t the case after all! Thanks to everyone who has contributed, it has really been helpful.
Comment by Dan Walker
July 23, 2008 @ 4:48 am | Link
[…] http://www.damontimm.com/blog/how-to-install-netatalk-afp-on-ubuntu-with-encrypted-authentication/ […]
Pingback by Chris Carey Blog » Blog Archive » Apple File Sharing AFP from Ubuntu Linux
July 26, 2008 @ 4:11 pm | Link
@Damon: thanks for compiling alle that. Thanks to you I could access my Ubuntu fileserver from my all new shiny MacOS X Leopard in an instant after having installed the latter. Very helpful!
Comment by Moss
August 2, 2008 @ 4:47 pm | Link
[…] I’ve spent my entire evening fixing my appletalk set up after I accidentally ‘upgraded’ my handcrafted netatalk with the stock ubuntu one. I crafted my own because the stock package doesn’t support encrypted passwords. […]
Pingback by netatalk and os x playing up | spatial nodes
August 6, 2008 @ 7:53 am | Link
Hi,
Thanks for the guide. Maybe someone here can help - still having trouble connecting to my shares; I think the openssl is still not getting built in properly. Mac is running 10.4, ubuntu is 8.04. On the Mac I enter the address of my server (afp://10.0.0.100), and I get one of two problems.
1: I get the authorization dialog, enter my username and password (on the server). It tells me that the server does not support openssl and so it will try to send the password in cleartext. Next, “An Error Occurred,” and that’s it.
2: this just showed up, first time i’ve seen it actually, when I try to connect to the server:
“The operation cannot be completed because one or more required items cannot be found. (Error code -35)”
It’s weird, everytime I do a new linux install I go through this process and it never gets any easier. :)
Comment by ben
August 12, 2008 @ 11:14 pm | Link
@ Ben: what type of Ubuntu install are you doing: 64-bit AMD ? i386 ? PPC ?
I have never had the problem you describe myself; have you tried to connect via AFP from another Ubuntu machine using afpfs-ng ? Or tried a different Mac ?
Using afpfs-ng you can get some more verbose debugging information if the problem persists.
Sorry I don’t have more suggestions.
Comment by Damon
August 13, 2008 @ 10:04 am | Link
Hi!
I’ve set up netatalk-2.03-9 on my Ubuntu 8.04 machine. It builds and installs fine. When I try to connect from my Leopard machine it rejects my login and says “Your password has expired”.
I’ve checked my user at the ubuntu machine, and it’s password and account is set to never expire. I even tried to set it to 2030-something, but I get the same error.
System time on both machines are the same and correct.
Any Ideas?
Comment by Nicklas Werneman
August 19, 2008 @ 11:09 am | Link
@Damon: I’m using the i386 install (though the machine is an AMD64). No other computers handy right now … I’ve made this work many times in the past, can’t figure out what i’ve forgotten this time.
from the autoconf - are these options right? i notice it doesn’t say anywhere in there whether the SSL support was in fact compiled in; and is it a problem if it doesn’t compile with cracklib?
Install style:
debian
AFP:
AFP 3.x calls activated: yes
Large file support (>2GB) for AFP3: yes
DDP enabled: yes
CNID:
backends: cdb dbd last
UAMS:
Kerberos V
Kerberos IV
passwd (PAM SHADOW)
guest
Options:
CUPS support: yes
SLP support: no
Zeroconf support: no
tcp wrapper support: yes
quota support: yes
admin group support: yes
valid shell check: yes
cracklib support: no
dropbox kludge: no
force volume uid/gid: no
Apple 2 boot support: no
Comment by Ben
August 19, 2008 @ 11:34 pm | Link
ok, so more details.
in the logs i see that it can’t load uams_dhx.so, the Diffie-Hellman key exchange. uams_dhx.so is in fact missing from /usr/lib/netatalk. i guess this is precisely the thing that is supposed to be built with OpenSSL, isn’t it? so no wonder it doesn’t work. :)
hm, now off to figure out why it’s still not building properly … will try damon timm’s instructions again …
Comment by Ben
August 19, 2008 @ 11:58 pm | Link
[Solved] ! I think.
Perhaps this will help others, as well. And it’ll help remind ME the next time :)
1. for debugging: tail -f /var/log/syslog. The errors on the Mac side are pretty useless, as per the Apple Human Interface Guidelines. This will show better information.
2. for some reason, just doing
wasn’t enough - it still wasn’t building with ssl support. Elsewhere I found another suggestion, to edit the debian/rules file. In there, the ’ssl’ option expands to a few things, including setting the configure option
but actually that config flag wants the LOCATION of the ssl directory. (see ./configure –help).
should work better. Actually, for me again it didn’t - the original DEB_BUILD_OPTIONS flag wasn’t even tripping the necessary clause! there’s an if/else to only include SSL if you set that flag. unnecessary, since the whole point of this is to get SSL, really.
in debian/rules
before:
after:
after that, the package build and install process worked, I got the openssl included. hoorah!
4. even so, still couldn’t connect from the mac. looking in the server logs showed a bad CNID error, whatever that is, from the .AppleDB directory. This was left over from previous linux versions when I had netatalk set up before. So I deleted that, plus the .AppleDesktop and .AppleDouble directories for good measure. And now it works! phew.
thanks Damon!
Comment by Ben
August 20, 2008 @ 1:10 am | Link
Anyone having any ideas why I get “Your password has expired”?
See earlier post for details.
/Nick
Comment by Nicklas Werneman
August 21, 2008 @ 7:43 am | Link
Leave a Comment