Netatalk authentication gotchas and diagnostic steps for Ubuntu 10.04

Posted: September 11th, 2010 | Author: | Filed under: netatalk, Ubuntu | Tags: , , , , , , , , , , | No Comments »

For some reason the netatalk package that is in the Ubuntu repository doesn’t come with any password authentication packages. So unless you want a fully non password appletalk setup on your Ubuntu server. DO NOT apt-get install netatalk!

I followed Mr. Kretschmann’s handy HowTo for installing Netatalk on Ubuntu. It seems to work for Ubuntu 10.04 (actually it should work with all linux distributions). However when I try login, I kept getting unknown username / password problem.

Here are my installation steps:

1
2
3
4
5
6
7
8
sudo apt-get source netatalk
sudo apt-get build-dep netatalk
sudo apt-get install cracklib2-dev
sudo apt-get install libssl-dev
cd netatalk-2*
sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot
sudo dpkg -i ../netatalk-2*.deb
echo "netatalk hold" | sudo dpkg --set-selections

Here are my diagnostic steps:

  1. Check your afpd.conf and AppleVolumes.default files for any typos, especially when you are cutting and pasting!
  2. If you want to let each user to access his/her own directory, you should put
    1
    ~/ "$u" allow:$u cnidscheme:cdb

    in AppleVolumes.default; $u is the variable for username; instead of username1/username2 combination as listed in the HowTo. The list of variable names is in the comment section of the file or here.

  3. Open Log File Viewer under System -> Administration. What this does is whenever there is any updates in any of the log files, the updated log file on the left will appear bold.
  4. What I encountered was my installation steps above only created the uams_dhx2*.so authentication libraries. My syslog file has these entries
    1
    2
    3
    4
    5
    6
    afpd[17919]: ASIP started on 192.168.168.121:548(5) (2.0.5)
    afpd[17919]: uam: loading (/usr/lib/netatalk/uams_randnum.so)
    afpd[17919]: uam: uam not found (status=-1)
    afpd[17919]: uam: loading (/usr/lib/netatalk/uams_dhx.so)
    afpd[17919]: uam: uam not found (status=-1)
    afpd[17919]: Finished parsing Config File
  5. Go to /usr/lib/netatalk directory and verify which authentication modules you have. Update your afpd.conf appropriately. Mine is:
    1
    - -transall -uamlist uams_dhx2.so -savepassword -advertise_ssh

    dhx2 authentication is only supported by MacOSX machines, if you have OS9 or earlier you will have to have the others fall back to. I think it is much easier to use a normal MacOSX machine to do Appletalk though.

  6. I also noticed in with Netatalk 2.0.5 (vs 2.0.3 in the HowTo), there is a Time Machine support option in the AppleVolumes.default file. So an entry like this:
    1
    ~/TimeMachine "$u" allow:$u cnidscheme:cdb options:usedots,upriv,tm

    would allow a per user login to have their own TimeMachine backup. or you can do it by ip via the $c variable. With that option enabled, I can run TimeMachine without having to create my own sparsebundle etc. You still have to issue the Defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1 command in a terminal of the Mac you want to start TimeMachine though.

  7. Oh after each change, remember to run:
    1
    2
    /etc/init.d/netatalk stop
    /etc/init.d/netatalk start

    I find 2 commands work better than one command using the restart flag.



Leave a Reply

You must be logged in to post a comment.