File: FAQ

package info (click to toggle)
netatalk 2.0.3-4
  • links: PTS
  • area: main
  • in suites: etch-m68k
  • size: 9,004 kB
  • ctags: 6,109
  • sloc: ansic: 67,633; sh: 8,424; perl: 1,187; makefile: 1,001
file content (525 lines) | stat: -rw-r--r-- 22,398 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
Netatalk FAQ -- dumped from the online version on Wed Apr 27 20:35:01 UTC 2005

For the most recent version of the FAQ please visit
http://netatalk.sourceforge.net/wiki/index.php/FrequentlyAskedQuestions

--------------------------------------------------------------------------------

Q1: What is Netatalk for? What can I do with it?

Q2: What platforms does Netatalk runs on?

Q3: Where can I get more information on Netatalk?

Q4: I use an older Netatalk version. Should I upgrade to 2.0?

Q5: I think, I found a bug in netatalk. Where should I report it?

Q6: Is there an RPM, package, or tarball for my platform?

Q7: Which CNID scheme should I choose for my volumes?

Q8: I want to create a new volume to share via Netatalk. How should I start?

Q9: How does Netatalk integrate with Samba?

Q10: I can't seem to use passwords longer than 8 characters for my Netatalk 
accounts / I would like to use encrypted passwords to authenticate to the 
Netatalk server. How can I fix that?

Q11: What are the .AppleDouble and .AppleDB directories and .Parent files which 
are created in the Netatalk Shares?

Q12: I want to contribute to the FAQ. How should I start?

--------------------------------------------------------------------------------

Q1: What is Netatalk for? What can I do with it?

   A: Netatalk is an OpenSource software package, that can be used to
   turn an inexpensive *NIX machine into an extremely performant and
   reliable file and print server for Macintosh computers.

   Using Netatalk's AFP 3.1 compliant file-server leads to significantly
   higher transmissions speeds compared with Macs accessing a server via
   SaMBa/NFS while providing clients with the best user experience (full
   support for Macintosh metadata, flawlessly supporting mixed
   environments of classic MacOS and MacOS X clients)

   Due to Netatalk speaking AppleTalk, the print-server task can provide
   printing clients with full AppleTalk support as well as the server
   itself with printing capabilities for AppleTalk-only printers.
   Starting with version 2.0, Netatalk seamlessly interacts with CUPS on
   the server

   After all, Netatalk can be used to act as an AppleTalk router,
   providing both segmentation and zone names in Macintosh networks.

--------------------------------------------------------------------------------

Q2: What platforms does Netatalk runs on?

   A: Currently the following operating systems are supported:

Full support (including the complete AppleTalk protocol suite)

     * FreeBSD
     * Linux (Debian, Mandrake, RedHat, SuSE, others should work as well)
     * OpenBSD
     * NetBSD
     * Solaris

Limited support (afpd working over TCP only)

     * MacOS X
     * Tru64 Unix

Platform specific problems:

     * MacOS X 10.0/10.1: If you want to build Netatalk on these versions
       you'll have to add #define HAVE_BROKEN_CPP 1 to config.h
     * RedHat 9.x/Debian 3.1 (probably other recent distros as well):
       Search in the installation chapter for libpthread

--------------------------------------------------------------------------------

Q3: Where can I get more information on Netatalk?

   A: Netatalk's home page can be found at:
   http://netatalk.sourceforge.net/

   Netatalk is maintained at SourceForge. The Netatalk project page on
   SourceForge is located at: http://sourceforge.net/projects/netatalk/.
   The new and improved documentation can be found at:
   http://netatalk.sourceforge.net/2.0/htmldocs/.

   There are (at least) two very active e-mail lists to which you can
   subscribe (before asking the lists you should consider searching the
   documentation)

   The first, netatalk-admins, is for usage and setup/compile questions.
   Subscription information as well as an archive are available at:
   http://lists.sourceforge.net/lists/listinfo/netatalk-admins (This can
   be very high volume, but usually a few messages a day). A searchable
   list archive is available at: http://marc.theaimsgroup.com/?l=netatalk

   Netatalk-devel list is more specific to coding and testing. The
   archive and more information can found at:
   http://lists.sourceforge.net/lists/listinfo/netatalk-devel (This list
   varies in volume, but is usually moderately active). A searchable
   archive can be found at:
   http://marc.theaimsgroup.com/?l=netatalk-devel

   If you want to stay in sync with what's happening in CVS, then
   netatalk-cvs is the right place:
   http://lists.sourceforge.net/lists/listinfo/netatalk-cvs. Every commit
   will automagically generate a mail to this list.

   You can access all lists via NNTP, too (currently read-only). Point
   your newsreader to news.gmane.org and subscribe to
   gmane.network.netatalk.user, gmane.network.netatalk.devel and/or
   gmane.network.netatalk.cvs. You can also use gmane's searchable web
   interface to crawl through netatalk-admins, netatalk-devel and
   netatalk-cvs.

   There are other netatalk information sites. Some of these are no
   longer actively updated, some are site-specific. The informations
   presented on those sites are rather outdated, and may not apply to
   this release anymore, so use with care:

     * http://www.anders.com/projects/netatalk/ (covers Netatalk < 1.5)
     * http://www.faredge.com.au/netatalk/index.html (covers Netatalk <
       1.6)
     * http://bloch.anu.edu.au/netatalk/netatalk_sun.html (covers SunOS
       specific informations)

   The "Linux Magazin" published an article about Netatalk 2.0 --
   configuration, installation, upgrading -- in its 03/2004 special
   edition. Unfortunately currently only available in german language:

   http://linux-magazin.de/Artikel/ausgabe/Sonderheft_2004/03/netatalk/

--------------------------------------------------------------------------------

Q4: I use an older Netatalk version. Should I upgrade to 2.0?

   A: Let's have a look at what has changed compared to 1.6.4:

     * Netatalk's file server, afpd, now speaking AFP 3.1 allows long
       filenames, UTF-8 names, large file support and full MacOS X
       compatibility
     * The print server task, papd, can directly interact with CUPS,
       automagically sharing all CUPS queues
     * Kerberos V support, allowing true "Single Sign On"
     * Whole rework of the CNID subsystem, providing reliable and
       persistant storage of file and directory IDs
     * Huge improvements regarding product documentation making
       Netatalk's features accessible more easily
     * Tons of bugs fixed compared to all previous versions

   To make a long story short, everyone not using symlinks inside
   Netatalk shares (this violation of AFP specs is not supported any
   longer) and willing to complete the sometimes extensive upgrade
   process should switch to 2.0.

   But be sure to read carefully the chapter about upgrading in the docs
   first.

--------------------------------------------------------------------------------

Q5: I think, I found a bug in netatalk. Where should I report it?

   A: First of all, try to isolate the problem and see whether it's not a
   feature instead (some of the underlying mac-related basics like
   file/folder IDs and the like, look irritating for people newly
   entering the world of cross-platform networking)

   Then have a look in the archives of both netatalk-admins and
   netatalk-devel list whether it's a known bug, already being worked on,
   or something special.

     http://marc.theaimsgroup.com/?l=netatalk
     http://marc.theaimsgroup.com/?l=netatalk-devel

   If that doesn't help, consider asking the lists whether some others
   might have an idea what's going on (try to avoid using the SourceForge
   discussion forums since most experienced users and developers only
   monitor the mailing lists)

   Before asking the list, try to understand and accept the basic
   principles for reporting bugs and asking for help

   If you're finally sure you found a bug, then please report it at the
   SF Bugs section and post it to the netatalk-devel list as well (no
   list subscription required).

   In case, the developers want you to provide more details about
   crashing processes, have a look at how to use gdb.

--------------------------------------------------------------------------------

Q6: Is there an RPM, package, or tarball for my platform?

   A: Perhaps. These vary in how often they're updated:

   Debian GNU/Linux

     * 1.6 included in all current distributions (1.6.4 available)
     * Newer packages might be available via http://backports.org or at
       http://debian.jones.dk/
     * No version 2 packages currently available (August 2004).
       v2-rc1 installs fine. See a 1.6.4 to 2rc1 guide here.

   FreeBSD

     * 1.6 port: /usr/ports/net/netatalk - maintained by Joe Clark
     * 2.0 port: /usr/ports/net/netatalk-devel - maintained by Joe Clark

   Mandrake

     * RPMs available via http://rpmseek.com/rpm-pl/netatalk.html

   OpenBSD

     * 1.6 port: /usr/ports/net/netatalk/ - not actively maintained
     * 2.0 port: not available, release tarball should build fine

   RedHat Linux

     * 1.6 rpm included in the distribution

   SunOS

     * Recent packages might be available via http://www.blastwave.org

   SuSE Linux

     * 1.6: rpm included in the distribution
     * 2.0: rpm not available, release tarball should build fine

--------------------------------------------------------------------------------

Q7: Which CNID scheme should I choose for my volumes?

   A: Try to use "dbd" if possible. In case, you're about to reach the
   cnid_metad limit of max. 128 volumes (compare with the cnid_metad
   manual page) you should consider using "cdb" instead (for example if
   you have many users and provide them with home directory shares). You
   can switch between those 2 CNID backends without any hassles if afpd
   isn't running while you're changing the backend definition in your
   AppleVolumes.default file.

   The "last" backend is only suitable for sharing HFS CD-ROMs directly
   with netatalk. Avoid it if at all possible, as this backend can lead
   to duplicate IDs which can cause data loss!

   Compare with the relevant chapter in the docs:
   http://netatalk.sourceforge.net/2.0/htmldocs/upgrade.html#choosecnidsc
   heme

--------------------------------------------------------------------------------

Q8: I want to create a new volume to share via Netatalk. How should I start?

   A: Always follow these steps unless you know exactly what you do:

     * Create the sharepoint on the Unix side with appropriate
       permissions. This means setting the SGID bit as well, so the old
       AppleShare semantics (always treating files/folders with the
       permissions that apply to the surrounding folder) will work
       flawlessly. So do not use chmod 775 but chmod 2775 instead.
     * Then decide which volume charset to use (it is strongly
       recommended to use the default UTF8 volcharset but in some special
       cases it might make sense to use another encoding like
       ISO-8859-15, instead. Have a look at the volcharset option)
     * Choose a CNID backend that fits your needs (see the chapter about
       CNID backends in the manual)
     * Finally add an entry in your AppleVolumes file and connect from a
       mac to the volume, to see if things work.

   Note: Unless you're using Netatalk 2.0 or above, it is NOT recommended
   to create a whole bunch of volumes in a batch (eg. by a script) due to
   the way, macintosh clients differentiate between volumes on a server
   (the so called "volume creation time" is used, that means the time you
   created the sharepoint). This issue has been fixed in 2.0, volume
   creation will always differ by at least 1 second.

--------------------------------------------------------------------------------

Q9: How does Netatalk integrate with Samba?

   A: It depends. There are a couple of problems:

     * Filename/foldername encoding: By default both Netatalk 2.0 and
       Samba 3.0 use UTF-8 precomposed on the server side. So at a first
       look, this problem is solved.
     * "Illegal" names, that make Windows choke, are still a problem.
       There exists an AppleVolumes option called "mswindows", which will
       prevent Mac clients from saving such names. But this leads to
       Netatalk's afpd breaking the AFP specifications and is no real
       solution (like a working Samba VFS module, that mangles such names
       on demand in a sane way, would be). Additionally, this option
       breaks saving to Netatalk volumes for several applications, i.e.
       OfficeX.
     * Hiding the metadata stuff from the other platform: You might want
       to hide all the directories and files described in the
       SpecialFilesFolders FAQ entry by using Samba's veto option. You
       can do the same for Mac clients too using Netatalk's veto option
     * File locking: Isn't working due to Netatalk using POSIX locks and
       Samba using its own locking.tdb database. Might be possible to
       work around by a Samba VFS module.

   You might also want to read this discussion on the netatalk-devel
   list: http://marc.theaimsgroup.com/?t=109111837300003&r=1&w=2

--------------------------------------------------------------------------------

Q10: I can't seem to use passwords longer than 8 characters for my Netatalk
accounts / I would like to use encrypted passwords to authenticate to the
Netatalk server. How can I fix that?

   Short answer: On Classic systems, use AppleShare client 3.8.2 or above
   (this problem does not apply to MacOS X, as OS X has always contained
   support for UAMs that can use more than 8 characters).

   Long answer: The length of the password that can be used to
   authenticate against the server depends on the UAM in use. With the
   older cleartext UAM and the RandNum/2Way RandNum UAMs, the upper limit
   has been 8 bytes. Apple has since added DHX authentication, which
   supports up to 64 characters.

   So if both server and client support at least the DHX UAM, then you
   can use passwords longer than 8 characters.

   Have a look at the authentication chapter in the manual for more
   details on this whole issue.

--------------------------------------------------------------------------------

Q11: What are the .AppleDouble and .AppleDB directories and .Parent files
which are created in the Netatalk Shares?

   A: Inside netatalk share points you will find several files and
   directories which are created automatically by the afpd process either
   for its own internal use or for the internal use of the MacOS.

   None of them should be directly visible in the Finder on the Mac.

   Many of them have to be writeable in order for netatalk to function
   properly. This can present problems if users have shell access to the
   netatalk server. At the very least, users can "hide" files inside
   these writeable folders. At worst, a malicious user could confuse
   netatalk in a bad way. It is unlikely that a malicious user could
   cause loss of another user's data by exploiting permissions on these
   items.

   Below is what we hope to be a comprehensive list of these files and
   directories, their purpose, and a discussion of what Unix permissions
   should be set on them.

   Note that in general on Netatalk shares, all directories should have
   the setgid bit set. This forces any new files or folders created to
   have the same group as the folder they were created in. On some
   operating systems, notably FreeBSD, the group owner is always
   inherited from the parent directory, so the setgid bit is not
   necessary.

.AppleDouble

   This directory exists inside each folder on a Netatalk share. It
   contains meta information like creator/type and eventually the
   resource fork of each file in that folder. Its permissions should
   match those of its parent directory, i.e. anyone who has write access
   to the parent directory must have write access to the corresponding
   .AppleDouble directory.

.AppleDouble/.Parent

   This file specifically contains meta information about the directory.
   If the directory is the volume root then it contains the volume
   specific metadata, especially the "volume creation time" (important
   since AppleShare clients differentiate bitween different volumes on
   the same server by this timestamp)

.AppleDesktop/

   This directory exists under the top level of each share point. It
   contains the "desktop database" which is the method by which the MacOS
   associates a type/creator code with a particular application (for an
   in-depth discussion have a look at
   http://www.tempel.org/macdev/#DTDB). Without it, documents will lose
   their application-specific icons and will have a generic icon instead.
   Double-clicking documents will also fail.

   To allow the desktop database to be maintained correctly, any user who
   is likely to copy an application on to the share must have write
   access to this directory and all directories below it.

.AppleDesktop/.volinfo

   This file contains afpd internal volume specific information like
   $MAC_CHARSET/$VOL_CHARSET, AppleDouble scheme, CNID backend (including
   cnid_metad settings if applicable), dbpath and the like. The
   information in this file will be also used by tools like megatron(1)
   to correctly convert files to data exchange formats like MacBinary for
   example.

Icon\r and .AppleDouble/Icon\r

   These files will exist in any folder, including the top level of a
   share, if it has a custom icon and has been created with MacOS
   versions prior to MacOS X. Make them writeable to any user who should
   be allowed to change that custom icon; make them read-only if you
   don't want the custom icon to be changeable.

:2eVolumeIcon.icns (.VolumeIcon.icns)

   MacOS X stores a custom volume icon into this file (this won't be
   displayed on Macs running MacOS versions < X)

.AppleDB/

   This folder will exist eventually at the top level of each sharepoint
   driven by the cdb or dbd CNID-backends. When using cdb any user who
   has write access to any part of the share must have full write access
   to this directory and all the files within it otherwise the
   CNID-backend will not work properly. Please note that you can force a
   different location of this folder via the dbpath option in
   AppleVolumes.default.

Network\ Trash\ Folder/

   This exists at the top level of each sharepoint. This is where files
   that are put in the Trash on clients (prior to MacOS X) go, until the
   Trash is emptied.

   The permissions of items in this directory are a pretty complicated
   subject, but basically you should make this directory and everything
   in it world-writeable if you want the Trash can to work properly. If
   you don't make it writeable then users will get a message "That item
   cannot be put in the Trash. Do you want to delete it immediately?" if
   they try to put something in the Trash.

   Unfortunately networked trash handling is broken in current versions
   of Mac OS X even if this directory is writeable. Apple is aware of
   this problem and is working on a solution.

Temporary\ Items/

   This folder may exist at the top level of a sharepoint. This folder is
   used by certain applications (Adobe Photoshop among others) to store,
   well, temporary items. These programs may not work correctly if this
   folder is missing or not writeable, when a user tries to work on a
   document stored in that Netatalk share.

TheFindByContentFolder/

   This folder is used by Sherlock 2 (MacOS 8/9) to store information
   used by its Find by Content feature. Make it writeable by users if you
   want to allow them to update the Find by Content index on a netatalk
   share. Otherwise, make it read-only.

:2eFBCIndex (.FBCIndex)

   FBC = FindByContent
   These Files generated by OS X are roughly equivalent to OS 9's
   "TheFindByContentFolder". Get generated only if a search with
   activated indexing was performed. Make it writeable by users if you
   want to allow them to update the Find by Content index on a netatalk
   share. Otherwise, make it read-only.

:2eFBCLockFolder (.FBCLockFolder)

   contains the :2eFBCSemaphoreFile (.FBCSemaphoreFile) for OS X. Also
   used for "Find by Content" indexing. Compare with
   http://www.thexlab.com/faqs/failedindex.html for details.

TheVolumeSettingsFolder/

   This folder is created at the top level of each share point. It always
   appears to be empty. It would be wise to set its permissions the same
   as the top level of the sharepoint.

:2eDS_Store (.DS_Store)

   This file may appear in share points which have been accessed by a
   machine running Mac OS X and contains folder specific metadata as well
   as file specific like eg. file comments. Its permissions should be set
   to match those of the enclosing directory.

   For more info on how this file could pose a potential security risk if
   you are sharing the same folder by HTTP, see:

   http://cert.uni-stuttgart.de/archive/bugtraq/2001/09/msg00106.html

--------------------------------------------------------------------------------

Q12: I want to contribute to the FAQ. How should I start?

   A: Consider generating a Wiki-Account. That means use a descriptive
   username as Wikiword and append it to
   http://netatalk.sourceforge.net/wiki/index.php/ (eg.
   http://netatalk.sourceforge.net/wiki/index.php/MyUserName). Describe
   yourselve or simply provide your real name at this page. To assign
   yourselve a password, you have to enter a password hash, you can get
   from the password encryption tool.

   If you're in hurry, then skip the above step and concentrate on the
   contents solely. But before you should become familiar with the Wiki
   text formatting rules.

   Please post only topics of general interest to the FAQ. If in doubt,
   consider discussing it at either netatalk-admins or netatalk-devel
   list.

   Use this as a template for each and every new page you want to create:
     _________________________________________________________________

   !!Q:
   A:
   <i>[ Back to the FAQ | FrequentlyAskedQuestions ]</i>
     _________________________________________________________________

   Finally add your new page to the index by using the appropriate
   WikiWord as link.