5
-------------------------------------------------------------------------------
10
1. Introduction to Netatalk
13
How to obtain Netatalk
22
Compiling a new Berkeley DB for Netatalk
24
3. Setting up Netatalk
28
To use AppleTalk or not
30
atalkd acting as an AppleTalk router
34
Setting up the AFP file server
41
Setting up the PAP print server
42
Using AppleTalk printers
46
Using Netatalk as a time server for Macintoshes
48
Starting and stopping Netatalk
50
4. Upgrading from a previous version of Netatalk
55
How to upgrade a volume to 2.0
56
How to use a 1.x CAP encoded volume with 2.0
57
How to use a 1.x NLS volume with 2.0
59
Choosing a CNID storage scheme
61
How to upgrade if no persistent CNID storage was used
62
How to upgrade if a persistent CNID storage scheme was used
63
How to upgrade if a persistent CNID storage scheme was used, the brute
66
Setting up a test server on the same machine
68
Setting up an empty test share
69
Duplicating an already existing share
70
Configuring and running the test afpd
77
3.1. Netatalk UAM overview
81
3.1. atalkd.conf containing one entry
82
3.2. atalkd.conf containing one entry after atalkd started
83
3.3. atalkd.conf containing several entries with the -dontroute option
84
3.4. atalkd.conf containing several entries with the -dontroute option after
86
3.5. atalkd.conf making netatalk a seed router on two interfaces
87
3.6. atalkd.conf configured for "zone mapping"
88
3.7. atalkd.conf for a soft-seed router configuration
89
3.8. atalkd.conf for a soft-seed router configuration after atalkd started
90
3.9. atalkd.conf ready for mixed seed/soft-seed mode
91
3.10. pap printing to a PostScript LaserWriter
92
3.11. pap printing to a non-PostScript printer
93
5.1. Three server definitions using 2 different server signatures
94
5.2. Some ways to change afpd's logging behaviour via -[un]setuplog
95
5.3. afpd.conf default configuration
96
5.4. afpd.conf MacCyrillic setup / UTF8 unix locale
97
5.5. afpd.conf setup for Kerberos V auth
98
5.6. afpd.conf letting afpd appear as three servers on the net
99
5.7. Using variable substitution when defining volumes
100
5.8. use a 1.x style volume
101
5.9. use a 1.x style volume, created with maccode.iso8859-1
102
5.10. papd.conf System V printing system examples
103
5.11. papd.conf examples using pipes
104
5.12. papd.conf CUPS examples
108
This documentation is distributed under the GNU General Public License (GPL)
109
version 2. A copy of the license is included in this documentation, as well as
110
within the Netatalk source distribution. An on-line copy can be found at http:/
111
/www.fsf.org/licenses/gpl.txt
113
Chapter 1. Introduction to Netatalk
115
Netatalk is an OpenSource software package, that can be used to turn an
116
inexpensive *NIX machine into an extremely performant and reliable file and
117
print server for Macintosh computers.
119
Using Netatalk's AFP 3.1 compliant file-server leads to significantly higher
120
transmission speeds compared with Macs accessing a server via SaMBa/NFS while
121
providing clients with the best possible user experience (full support for
122
Macintosh metadata, flawlessly supporting mixed environments of classic MacOS
125
Due to Netatalk speaking AppleTalk, the print-server task can provide printing
126
clients with full AppleTalk support as well as the server itself with printing
127
capabilities for AppleTalk-only printers. Starting with version 2.0, Netatalk
128
seamlessly interacts with CUPS on the server.
130
After all, Netatalk can be used to act as an AppleTalk router, providing both
131
segmentation and zone names in Macintosh networks.
133
Chapter 2. Installation
137
How to obtain Netatalk
146
Compiling a new Berkeley DB for Netatalk
150
If you have previously used an older version of Netatalk, please read the
151
chapter about upgrading first !!!
153
How to obtain Netatalk
155
Please have a look at the netatalk page on sourceforge for the most recent
156
informations on this issue.
158
http://sourceforge.net/projects/netatalk/
162
Binary packages of Netatalk are included in some Linux and UNIX distributions.
163
You might want to have a look at the usual locations, too (http://rpmfind.net/,
164
http://packages.debian.org/, http://www.blastwave.org/ http://www.freebsd.org/
165
ports/index.html, etc.)
171
Prepacked tarballs in .tar.gz and tar.bz2 format are available on the netatalk
176
Downloading of the CVS source can be done quickly and easily.
178
1. Make sure you have cvs installed. which cvs should produce a path to cvs.
182
2. If you don't have one make a source directory. cd to this directory.
184
$> mkdir /path/to/new/source/dir
185
$> cd /path/to/new/source/dir
186
3. Authenticate yourself with cvs. Just hit enter for the password for the
189
$> cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/netatalk login
190
Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/netatalk
191
CVS password: [Enter]
192
4. Now get the source:
194
$> cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/netatalk
195
-r branch-netatalk-2-0 co netatalk
196
cvs server: Updating netatalk
197
U netatalk/.cvsignore
198
U netatalk/CONTRIBUTORS
202
This will create a local directory called "netatalk" and downloads a
203
complete and fresh copy of the netatalk source from the CVS repository.
205
5. Now cd to the netatalk directory and run ./autogen.sh. This will create the
206
configure script required in the next step.
216
Your system needs to meet the following requirements:
218
* A C compiler, Netatalk compiles fine with gcc > 2.7.95
220
To be able to compile with AFP3 support, your system has to support large files
225
On linux systems glibc > 2.2 is required.
227
Required third party software
229
Netatalk makes use of sleepycats' Berkeley DB. At the time of writing, the
230
following versions are supported:
234
* 4.2.52 (recommended)
236
In case Berkeley DB is not installed on your system, please download it from:
238
http://www.sleepycat.com/download/db/index.shtml
240
and follow the installation instructions.
242
Optional third party software
244
Netatalk can use the following third party software to enhance it's
247
* OpenSSL (recommended)
249
OpenSSL is required for encrypted passwords. Without it, the password will
250
be sent over the network in clear text.
254
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
256
Security options are: access control per host, domain and/or service;
257
detection of host name spoofing or host address spoofing; booby traps to
258
implement an early-warning system.
260
TCP Wrappers can be downloaded from: ftp://ftp.porcupine.org/pub/security/
264
PAM provides a flexible mechanism for authenticating users. PAM was
265
invented by SUN Microsystems. Linux-PAM is a suite of shared libraries that
266
enable the local system administrator to choose how applications
269
You can get the Linux PAM documentation and sources from http://
270
www.kernel.org/pub/linux/libs/pam/.
274
SLP (Service Location Protocol) is an IETF standards track protocol that
275
provides a framework to allow networking applications to discover the
276
existence, location, and configuration of networked services in enterprise
279
Mac OS X uses it to locate AFP servers, even though newer version prefer
282
You can download OpenSLP from: http://www.openslp.org/.
286
iconv provides conversion routines for many character encodings. Netatalk
287
uses it to provide charsets it does not have built in conversions for, like
288
ISO-8859-1. On glibc systems, Netatalk can use the glibc provided iconv
289
implementation. Otherwise you can use the GNU libiconv implementation.
291
You can download GNU libiconv from: http://www.gnu.org/software/libiconv/.
295
Configuring the build
297
To build the binaries, first run the program ./configure in the source
298
directory. This should automatically configure Netatalk for your operating
299
system. If you have unusual needs, then you may wish to run
301
$> ./configure --help
303
to see what special options you can enable.
305
The most used configure options are:
307
* --enable-[redhat/suse/cobalt/netbsd/fhs]
309
This option helps netatalk to determine where to install the start scripts.
311
* --with-bdb=/path/to/bdb/installation/
313
In case you installed Berkeley DB in a non-standard location, you will have
314
to give the install location to netatalk, using this switch.
316
Now run configure with any options you need
318
$> ./configure [arguments] [--with-bdb=/bdb/install/path]
320
Configure will end up in an overview showing the settings the Netatalk
321
Makefiles have been created with.
323
If this step fails please visit the troubleshooting guide.
327
With recent RedHat releases, Berkeley DB links to libpthread. Netatalk does not
328
link to libpthread, so detection of Berkeley DB fails when running configure.
329
It's recommended to (re)compile Berkeley DB with --with-mutex="x86/
330
gcc-assembly" (on x86 platforms) to disable the use of libpthread.
331
Alternatively you could use
333
$> LIBS="-lpthread" ./configure [arguments]
335
to trick Netatalk into linking to libpthread. However, this is not recommended,
336
as there have been some trouble reports indicating that linking to libpthread
337
badly damages performance.
343
should produce the Netatalk binaries (this step can take several minutes to
346
When the process finished you can use
350
to install the binaries and documentation (must be done as "root" when using
353
Compiling a new Berkeley DB for Netatalk
355
Netatalk 2.0 requires Berkeley DB version 4.1.25 or newer. Even if you already
356
have a supported version of Berkeley DB installed on your system, there are
357
several reasons, why you might still want to consider building a new version
360
Many linux distributions provide a precompiled Berkeley DB version. This is
361
usually nice, but also has one major drawback: If you update your system to a
362
newer release, the installed version of Berkeley DB may change. This can lead
363
to a number of problems, starting with strange behaviour of Netatalk,
364
unreadable CNID Databases. Most likely Netatalk(afpd) won't start anymore, so
365
you'll have to recompile Netatalk.
367
For instructions compiling Berkeley DB, you should generally refer to the
368
documentation provided by Sleepycat. The following information is meant to help
369
you avoid problems, users experienced in the past.
371
In case you are building on a recent RedHat release, please use --with-mutex=
372
"x86/gcc-assembly" on x86 platforms to prevent Berkeley DB from linking against
375
Using a statically linked Berkeley DB
377
To link Netatalk statically to Berkeley DB, you have to disable shared
378
libraries when building Berkeley DB. If shared libraries exist, Netatalk will
379
always link to them, even if a static version exists in the same location.
382
root# ../dist/configure --prefix=/install/path --disable-shared
386
You should now continue with building Netatalk.
388
Using a dynamically linked Berkeley DB
390
Building a shared version of Berkeley DB is rather straightforward. However,
391
especially under Linux, some care needs to be taken. Underlying system
392
libraries, i.e. libnss_db, might be using Berkeley DB as well. As these
393
libraries have likely been build with another, i.e. older, version of Berkeley
394
DB, linking afpd to a newer version can lead to unexpected results.
396
You need to configure Berkeley DB with the --with-uniquename configure switch
397
to avoid these kind of problems. This insures your new version will not
398
interfere with another installation of Berkeley DB on your system.
401
root# ../dist/configure --prefix=/install/path --with-uniquename
405
If you select an install path other than /usr/local, you will have to configure
406
your linker to look for libraries in this directory.
408
On many operating systems, this is done by adding a new entry to /etc/
411
root# echo /install/path/lib >/etc/ld.so.conf
414
You should now continue with building Netatalk.
416
Chapter 3. Setting up Netatalk
422
To use AppleTalk or not
424
atalkd acting as an AppleTalk router
428
Setting up the AFP file server
435
Setting up the PAP print server
436
Using AppleTalk printers
440
Using Netatalk as a time server for Macintoshes
442
Starting and stopping Netatalk
446
AppleTalk, the network protocol family founded by Apple, contains different
447
protocols for different uses (address resolution, address/name mapping, service
448
location, establishing connections, and the like)
450
A complete overview can be found inside the developer documentation.
452
To use AppleTalk or not
454
You'll need the AppleTalk support built into netatalk in case you want to
455
provide printing services via PAP by papd(8) or file services via AppleTalk via
456
afpd(8) for older AFP clients not capable of using AFP over TCP. You'll need it
457
also, if you want to use the deprecated AppleTalk-based timeserver timelord(8)
458
for older Mac clients.
460
But even if you don't need PAP or AFP over AppleTalk, you might consider using
461
AppleTalk for service propagation/location, having the ease of use for your
462
network clients in mind. The Apple engineers implemented a way to easily locate
463
an AFP server via AppleTalk but establishing the AFP connection itself via AFP
464
over TCP (see the developer documentation for details on this cool feature,
467
To use the different base AppleTalk protocols with netatalk, one has to use
468
atalkd(8). It can also be used as an AppleTalk router to connect different
469
independent network segments to each other.
471
To use AppleTalk/atalkd, your system has to have kernel support for AppleTalk.
472
On some systems supported by netatalk, this isn't currently true (notably
473
True64 Unix) so you can use only netatalk services that do not rely on
474
AppleTalk (which means "AFP over TCP" and requires the -noddp switch in
479
This is the most simple form, you can use AppleTalk with netatalk. In case, you
480
have only one network interface up and running, you haven't to deal with
481
atalkd's config at all: atalkd will use AppleTalk's self-configuration features
482
to get an AppleTalk address and to register itself in the network
485
In case, you have more than one active network interface, you have to make a
488
* Using only one interface: Just add the interface name (en1, le0, eth2, ...
489
for example) to atalkd.conf on a single line. Do only list one interface
492
Example 3.1. atalkd.conf containing one entry
496
Appletalk networking should be enabled on eth0 interface. All the necessary
497
configuration will be fetched from the network
499
At startup time, atalkd will add the real settings (address and network and
500
eventually a zone) to atalkd.conf on its own
502
Example 3.2. atalkd.conf containing one entry after atalkd started
504
eth0 -phase 2 -net 0-65534 -addr 65280.166
506
atalkd filled in the AppleTalk settings that apply to this network segment.
507
A netrange of 0-65534 indicates that there is no AppleTalk router present,
508
so atalkd will fetch an address that matches the following criteria:
509
netrange from inside the so called "startup range" 65280-65533 and a node
510
address between 142 and 255.
512
* When using several interfaces you have to add them line by line following
513
the "-dontroute" switch in atalkd.conf.
515
Example 3.3. atalkd.conf containing several entries with the -dontroute
522
Appletalk networking should be enabled on all three interfaces, but no
523
routing should be done between the different segments. Again, all the
524
necessary configuration will be fetched from the connected networks.
526
Example 3.4. atalkd.conf containing several entries with the -dontroute
527
option after atalkd started
529
eth0 -dontroute -phase 2 -net 0-65534 -addr 65280.152
530
eth1 -dontroute -phase 2 -net 0-65534 -addr 65280.208
531
eth2 -dontroute -phase 2 -net 1-1000 -addr 10.142 -zone "Printers"
533
On eth0 and eth1, there are no other routers present, so atalkd chooses an
534
address from within the startup range. But on eth2 there lives an already
535
connected AppleTalk router, publishing one zone called "Printers" and
536
forcing clients to assign themselves an address in a netrange between 1 and
539
In this case, atalkd will handle each interface as it would be the only
540
active one. This can have some side effects when it comes to the point
541
where AFP clients want to do the magic switch from AppleTalk to TCP, so use
544
In case, you have more than one active network interface and do not take
545
special precautions as outlined above, then autoconfiguration of the interfaces
546
might fail in a situation where one of your network interfaces is connected to
547
a network where no other active AppleTalk router is present and supplies
548
appropriate routing settings.
550
For further information see atalkd.conf(5) and the developer documentation.
552
atalkd acting as an AppleTalk router
554
There exist several types of AppleTalk routers: seed, non-seed and so called
557
* A seed router has its own configuration and publishes this into the network
558
segments it is configured for.
560
* A non-seed router needs a seed router on the interface to which it is
561
connected to learn the network configuration. So this type of AppleTalk
562
router can work completely without manual configuration.
564
* A so called soft-seed router is exactly the same as a non-seed router
565
except the fact, that it can also remember the configuration of a seed
566
router and act as a replacement in case, the real seed router disappears
569
Netatalk's atalkd can act as both a seed and a soft-seed router, even in a
570
mixed mode, where it acts on one interface in this way and on the other in
573
If you leave your atalkd.conf completely empty or simply add all active
574
interfaces line by line without using seed settings (atalkd will act
575
identically in both cases), then atalkd is forced to act as a soft-seed router
576
on each interface, so it will fail on the first interface, where no seed router
577
is accessible to fetch routing information from.
579
In this case, other services, that depend on atalkd, might also fail.
581
So you should have atalkd act as a seed router on one or all active interfaces.
582
A seed router has to supply informations about:
584
* The specific netrange on this segment
586
* Its own AppleTalk address
588
* The zones (one to many) available in this segment
590
* The so called "default zone" for this segment
594
Unless you are the network admin yourself, consider asking her/him before
595
changing anything related to AppleTalk routing, as changing these settings
596
might have side effects for all of your AppleTalk network clients!
598
In an AppleTalk network netranges have to be unique and must not overlap each
599
other. Fortunately netatalk's atalkd is polite enough to check whether your
600
settings are in conflict with already existing ones on the net. In such a case
601
it simply discards your settings and tries to adapt the already established
602
ones on the net (if in doubt, always check syslog for details).
604
Netranges, you can use, include pretty small ones, eg. 42-42, to very large
605
ones, eg. 1-65279 - the latter one representing the maximum. In routed
606
environments you can use any numbers in the range between 1 and 65279 unless
607
they do not overlap with settings of other connected subnets.
609
The own AppleTalk address consists of a net part and a node part (the former 16
610
bit, the latter 8 bit, for example 12057.143). Apple recommends using node
611
addresses of 128 or above for servers, letting client Macs assign themselves an
612
address faster (as they will primarily search for a node address within 1-127
613
in the supplied netrange). As we don't want to get in conflict with Apple
614
servers, we prefer using node addresses of 142 or above.
616
AppleTalk zones have nothing to do with physical networks. They're just a hint
617
for your client's convenience, letting them locate network resources in a more
618
comfortable/faster way. You can either use one zone name across multiple
619
physical segments as well as more than one zone name on a single segment (and
620
various combinations of this).
622
So all you have to do is to draw a network chart containing the physical
623
segments, the netranges you want to assign to each one, the zone names you want
624
to publish in which segments and the default zone per segment (this is always
625
the first zone name, you supply with the "-zone" switch in atalkd.conf).
627
Given, you finished the steps outlined above, you might want to edit
628
atalkd.conf to fit your needs.
630
You'll have to set the following options in atalkd.conf:
632
* -net (use reasonable values between 1-65279 for each interface)
634
In case, this value is suppressed but -addr is present, the netrange from
635
this specific address will be used
637
* -addr (the net part must match the -net settings if present, the node
638
address should be between 142 and 255)
640
* -zone (can be used multiple times in one single line, the first entry is
643
Note that you are able to set up "zone mapping", that means publishing exactly
644
the same zone name on all AppleTalk segments, as well as providing more than
645
one single zone name per interface. Dumb AppleTalk devices, like LaserWriters,
646
will always register themselves in the default zone (the first zone entry you
647
use in atalkd.conf per interface), more intelligent ones will have the ability
648
to choose one specific zone via a user interface.
650
Example 3.5. atalkd.conf making netatalk a seed router on two interfaces
652
eth0 -seed -phase 2 -net 1-1000 -addr 1000.142 -zone "Printers" -zone "Spoolers"
653
eth1 -seed -phase 2 -net 1001-2000 -addr 2000.142 -zone "Macs" -zone "Servers"
655
The settings for eth0 force AppleTalk devices within the connected network to
656
assign themselves an address in the netrange 1-1000. Two zone names are
657
published into this segment, "Printers" being the so called "standard zone",
658
forcing dumb AppleTalk devices like Laser printers to show up automatically
659
into this zone. AppleTalk printer queues supplied by netatalk's papd can be
660
registered into the zone "Spoolers" simply by adjusting the settings in
661
papd.conf(5). On eth1 we use the different and non-overlapping netrange
662
1001-2000, set the default zone to "Macs" and publish a fourth zone name
665
Example 3.6. atalkd.conf configured for "zone mapping"
667
eth0 -seed -phase 2 -net 1-1000 -addr 1000.142 -zone "foo"
668
lo0 -phase 1 -net 1 -addr 1.142 -zone "foo"
670
We use the same network settings as in the example above but let atalkd publish
671
the same zone name on both segments. As the same zone name will be used on all
672
segments of the AppleTalk network no zone names will show up at all... but
673
AppleTalk routing will still be active. In this case, we connect a so called
674
"non-extended" LocalTalk network (phase 1) to an EtherTalk "extended" network
675
(phase 2) transparently.
677
Example 3.7. atalkd.conf for a soft-seed router configuration
683
As we have more than one interface, atalkd will try to act as an AppleTalk
684
router between both segments. As we don't supply any network configuration on
685
our own we depend on the availability of seed routers in every connected
686
segment. If only one segment is without such an available seed router the whole
689
Example 3.8. atalkd.conf for a soft-seed router configuration after atalkd
692
eth0 -phase 2 -net 10-10 -addr 10.166 -zone "Parking"
693
eth1 -phase 2 -net 10000-11000 -addr 10324.151 -zone "No Parking" -zone "Parking"
694
eth2 -phase 2 -net 65279-65279 -addr 65279.142 -zone "Parking" -zone "No Parking"
696
In this case, active seed routers are present in all three connected networks,
697
so atalkd was able to fetch the network configuration from them and, since the
698
settings do not conflict, act as a soft-seed router from now on between the
699
segments. So even in case, all of the three seed routers would disappear from
700
the net, atalkd would still supply the connected network with the network
701
configuration once learned from them. Only in case, atalkd would be restarted
702
afterwards, the routing information will be lost (as we're not acting as seed
705
Example 3.9. atalkd.conf ready for mixed seed/soft-seed mode
708
eth1 -seed -phase 2 -net 99-100 -addr 99.200 -zone "Testing"
710
In case in the network connected to eth0 lives no active seed router or one
711
with a mismatching configuration (eg. an overlapping netrange of 1-200) atalkd
712
will fail. Otherwise it will fetch the configuration from this machine and will
713
route between eth0 and eth1, on the latter acting as a seed router itself.
715
By the way: It is perfectly legal to have more than one seed router connected
716
to a network segment. But in this case, you should take care that the
717
configuration of all connected routers is exactly the same regarding netranges,
718
published zone names and also the "standard zone" per segment
722
Netatalk supplies two different transport protocols for AFP services and both
723
can run at the same time. Classic AFP over AppleTalk requires the afpd and
724
atalkd daemons. AFP over IP only requires afpd.
726
Setting up the AFP file server
728
AFP (the Apple Filing Protocol) is the protocol Apple Macintoshes use for file
729
services. The protocol has evolved over the years, at the time of this writing
730
7 different "versions" exist. The latest changes to the protocol, called "AFP
731
3.1", were added with the release of Panther (Mac OS X 10.3).
733
AFP3 brought some big changes. For the first time, AppleShare Clients can use
734
filenames up to 255 characters (actually 255 bytes leading to 85-255 chars
735
depending on the glyphs used), UTF-8 is used on the wire and large files (>4GB)
738
The afpd daemon offers the fileservices to Apple Clients. It's configured using
739
the afpd.conf and the AppleVolumes.* files.
743
afpd.conf is the configuration file used by afpd to determine the behaviour and
744
configuration of the different virtual file servers that it provides. Any line
745
not prefixed with '#' is interpreted.
747
If afpd switches set on the command line are in conflict with afpd.conf
748
settings, the latter will have higher priority.
750
Format: - [options] to specify options for the default server and/or "Server
751
name" [options] to specify an additional server.
753
Leaving the afpd.conf file empty equals to the following configuration:
755
- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so -nosavepassword
757
For a more detailed explanation of the available options, please refer to the
758
afpd.conf(5) man page.
762
The AppleVolumes.default file is used to define volumes that will by default be
763
shown to all users, including users logged in as guest. A volume will not be
764
presented in the chooser, if the user has no read access to the specified
767
You can limit access to a specific volume by using the allow and deny options.
769
For a more detailed explanation of the available options, please refer to the
770
AppleVolumes.default(5) man page.
774
Unlike other protocols like smb or nfs, the AFP protocol mostly refers to files
775
and directories by ID and not by a path (the IDs are also called CNID, that
776
means Catalog Node ID). A typical AFP request uses a directory ID and a
777
filename, something like "server, please open the file named 'Test' in the
778
directory with id 167". For example "Aliases" on the Mac basically work by ID
779
(with a fallback to the absolute path in more recent AFP clients. But this
780
applies only to Finder, not to applications).
782
Every file in an AFP volume has to have a unique file ID, IDs must, according
783
to the specs, never be reused, and IDs are 32 bit numbers (Directory IDs use
784
the same ID pool). So, after ~4 billion files/folders have been written to an
785
AFP volume, the ID pool is depleted and no new file can be written to the
786
volume. No whining please :-)
788
Netatalk needs to map IDs to files and folders in the host filesystem. To
789
achieve this, several different CNID backends are available and can be choosed
790
by the cnidscheme option in the AppleVolumes.default(5) configuration file. A
791
CNID backend is basically a database storing ID <-> name mappings.
793
In the past, many users used the so called "last" CNID scheme. However, this
794
scheme has some serious drawbacks, as it is based on the device and inode of a
795
file. Therefore, IDs will be eventually be reused and you can get duplicate IDs
798
The CNID Databases are by default located in the .AppleDB folder in every afpd
799
volume root. With the new ADv2 format, afpd stores the files/directories ID in
800
the corresponding .AppleDouble file as well.
804
There are some CNID related things you should keep in mind when working with
807
* Don't use unix symlinks. Just don't. With a symlink a file/directory
808
"exists" twice, something AFP doesn't allow. There's currently no way this
809
can be resolved, as we either end up with two file/dirs having the same id,
810
or a file having two parents. If you still insist on using them, be aware
811
you're heavily violating the specs. You have been warned...
813
* Don't nest volumes.
815
* CNID backends are databases, so they turn afpd into a file server/database
816
mix. Keep this in mind, killing an afpd process with kill -9 will likely
817
leave the database unusable.
819
* If there's no more space on the filesystem left, the database will get
820
corrupted. You can work around this by either using the -dbpath option and
821
put the database files into another location or, if you use quotas, make
822
sure the .AppleDB folder is owned by a user/group without a quota.
824
* Be careful with CNID databases for volumes that are mounted via NFS. That
825
is a pretty audacious decision to make anyway, but putting a database there
826
as well is really asking for trouble, i.e. database corruption. Use the
827
dbpath: directive in the AppleVolumes.* configuration files to put the
828
databases onto a local disk if you must use NFS mounted volumes.
832
The "concurrent database" backend is based on sleepycat's Berkeley DB. With
833
this backend, several afpd daemons access the CNID database directly. Berkeley
834
DB locking is used to synchronize access, if more than one afpd process is
835
active for a volume. The drawback is, that the crash of a single afpd process
836
might corrupt the database.
840
Access to the CNID database is restricted to the cnid_dbd daemon process. afpd
841
processes communicate with the daemon for database reads and updates. If built
842
with Berkeley DB transactions, the probability for database corruption is
843
practically zero, but performance can be slower than with cdb. As a database
844
process gets spawned for each volume, you're probably better off using cdb for
845
sharing home directories for a larger number of users.
849
The last backend is a semi-persistent backend. IDs will be reused and, what is
850
much worse, you can get duplicate IDs. You should use it for sharing cdroms
851
only, don't use it for sharing normal volumes.
857
Internally, computers don't know anything about characters and texts, they only
858
know numbers. Therefore, each letter is assigned a number. A character set,
859
often referred to as charset or codepage, defines the mappings between numbers
862
If two or more computer systems need to communicate with each other, the have
863
to use the same character set. In the 1960s the ASCII (American Standard Code
864
for Information Interchange) character set was defined by the American
865
Standards Association. The original form of ASCII represented 128 characters,
866
more than enough to cover the English alphabet and numerals. Up to date, ASCII
867
has been the normative character scheme used by computers.
869
Later versions defined 256 characters to produce a more international fluency
870
and to include some slightly esoteric graphical characters. Using this mode of
871
encoding each character takes exactly one byte. Obviously, 256 characters still
872
wasn't enough to map all the characters used in the various languages into one
875
As a result localized character sets were defined later, e.g the ISO-8859
876
character sets. Most operating system vendors introduced their own characters
877
sets to satisfy their needs, e.g. IBM defined the codepage 437 (DOSLatinUS),
878
Apple introduced the MacRoman codepage and so on. The characters that were
879
assigned number larger than 127 were referred to as extended characters. These
880
character sets conflict with another, as they use the same number for different
881
characters, or vice versa.
883
Almost all of those characters sets defined 256 characters, where the first 128
884
(0-127) character mappings are identical to ASCII. As a result, communication
885
between systems using different codepages was effectively limited to the ASCII
888
To solve this problem new, larger character sets were defined. To make room for
889
more character mappings, these character sets use at least 2 bytes to store a
890
character. They are therefore referred to as multibyte character sets.
892
One standardized multibyte charset encoding scheme is known as unicode. A big
893
advantage of using a multibyte charset is that you only need one. There is no
894
need to make sure two computers use the same charset when they are
897
character sets used by Apple
899
In the past, Apple clients used single-byte charsets to communicate over the
900
network. Over the years Apple defined a number of codepages, western users will
901
most likely be using the MacRoman codepage.
903
Codepages defined by Apple include:
905
* MacArabic, MacFarsi
911
* MacChineseTraditional
937
Starting with Mac OS X and AFP3, UTF-8 is used. UTF-8 encodes Unicode
938
characters in an ASCII compatible way, each Unicode character is encoded into
939
1-6 ASCII characters. UTF-8 is therefore not really a charset itself, it's an
940
encoding of the Unicode charset.
942
To complicate things, Unicode defines several normalization forms. While samba
943
uses precomposed Unicode, which most Unix tools prefer as well, Apple decided
944
to use the decomposed normalization.
946
For example lets take the German character '�'. Using the precomposed
947
normalization, Unicode maps this character to 0xE4. In decomposed
948
normalization, '�' is actually mapped to two characters, 0x61 and 0x308. 0x61
949
is the mapping for an 'a', 0x308 is the mapping for a COMBINING DIAERESIS.
951
Netatalk refers to precomposed UTF-8 as UTF8 and to decomposed UTF-8 as
954
afpd and character sets
956
To support new AFP 3.x and older AFP 2.x clients at the same time, afpd needs
957
to be able to convert between the various charsets used. AFP 3.x clients always
958
use UTF-8, AFP 2.2 clients use one of the Apple codepages.
960
At the time of this writing, netatalk supports the following Apple codepages:
972
afpd handles three different character set options:
976
This is the codepage used internally by your operating system. If not
977
specified and your system support Unix locales, afpd tries to detect the
978
codepage, otherwise it defaults to ASCII. afpd uses this codepage to read
979
its configuration files, so you can use extended characters for volume
980
names, login messages, etc. see afpd.conf(5).
984
As already mentioned, older MacOS clients (up to AFP 2.2) use codepages to
985
communicate with afpd. However, there is no support for negotiating the
986
codepage used by the client in the AFP protocol. If not specified
987
otherwise, afpd assumes the MacRoman codepage is used. In case you're
988
clients use another codepage, e.g. MacCyrillic, you'll have to explicitly
989
configure this. see afpd.conf(5).
993
This defines the charset afpd should use for filenames on disk. The default
994
is UTF8. If you have iconv installed, you can use any iconv provided
997
afpd needs a way to preserve extended macintosh characters, or characters
998
illegal in unix filenames, when saving files on a unix filesystem. Earlier
999
versions used the the so called CAP encoding. An extended character (>0x7F)
1000
would be converted to a :xx hex sequence, e.g. the Apple Logo (MacRoman:
1001
0XF0) was saved as :f0. Some special characters will be converted as to :xx
1002
notation as well. '/' will be encoded to :2f, if -usedots is not specified,
1003
a leading dot '.' will be encoded as :2e. Even though this version now uses
1004
UTF-8 as the default encoding for filenames, special characters, like '/'
1005
and a leading '.' will still be CAP style encoded. For western users
1006
another useful setting could be -volcharset ISO-8859-15.
1008
If a character cannot be converted from the mac codepage to the selected
1009
volcharset, afpd will save it as a CAP encoded character. For AFP3 clients,
1010
afpd will convert the UTF-8 character to maccodepage first. If this
1011
conversion fails, you'll receive a -50 error on the mac. Note: Whenever you
1012
can, please stick with the default UTF-8 volume format. see
1013
AppleVolumes.default(5).
1017
AFP authentication basics
1019
Apple chose a flexible model called "User Authentication Modules" (UAMs) for
1020
authentication purposes between AFP client and server. An AFP client initially
1021
connecting to an AFP server will ask for the list of UAMs which the server
1022
provides, and will choose the one with strongest encryption that the client
1025
Several UAMs have been developed by Apple over the time, some by 3rd-party
1028
UAMs supported by Netatalk
1030
Netatalk supports the following ones by default:
1032
* "No User Authent" UAM (guest access without authentication)
1034
* "Cleartxt Passwrd" UAM (no password encryption)
1036
* "Randnum exchange"/"2-Way Randnum exchange" UAMs (weak password encryption,
1037
separate password storage)
1039
* "DHCAST128" UAM (stronger password encryption, should be used these days)
1041
There exist other optional UAMs as well:
1043
* "PGPuam 1.0" UAM (PGP-based authentication for pre-Mac OS X clients. You'll
1044
also need the PGPuam client to let this work)
1046
You'll have to add "--enable-pgp-uam" to your configure switches to have
1049
* "Kerberos IV"/"AFS Kerberos" UAMs (suitable to use Kerberos v4 based
1050
authentication and AFS file servers)
1052
Use "--enable-krb4-uam" at compile time to activate the build of this UAM.
1054
* "Client Krb v2" UAM (Kerberos V, suitable for "Single Sign On" Scenarios
1055
with Mac OS X clients -- see below)
1057
"--enable-krbV-uam" will provide you with the ability to use this UAM.
1059
You can configure which UAMs should be activated by defining $AFPD_UAM_LIST in
1060
netatalk.conf(5). afpd will log which UAMs it's using and if problems occur
1061
while activating them in either netatalk.log or syslog at startup time.
1062
asip-status.pl(1) can be used to query the available UAMs of AFP servers as
1065
Having a specific UAM available at the server does not automatically mean that
1066
a client can use it. Client-side support is also necessary. Fortunately this
1067
isn't such a problem these days since Mac OS X' AFP-client supports DHCAST128
1068
from the beginning on. For older Macintoshes running Mac OS < X DHCAST128
1069
support exists since AppleShare client 3.8.x.
1071
On Mac OS X, there exist some client-side techniques to make the AFP-client
1072
more verbose, so one can have a look what's happening while negotiating the
1073
UAMs to use. Compare with this hint.
1075
Which UAMs to activate?
1077
It depends primarily on your needs and on the kind of Mac OS versions you have
1078
to support. Basically one should try to use DHCAST128 where possible because of
1079
its strength of password encryption.
1081
* Unless you really have to supply guest access to your server's volumes
1082
ensure that you disable "No User Authent" since it might lead accidentally
1083
to unauthorized access. In case you must enable guest access take care that
1084
you enforce this on a per volume base using the access controls the
1085
AppleVolumes.default(5) config file supplies or think about setting up an
1086
own server definition serving these public shares in afpd.conf(5).
1088
* The "ClearTxt Passwrd" UAM is as bad as it sounds since passwords go
1089
unencrypted over the wire. Try to avoid it at both the server's side as
1090
well as on the client's. Note: If you want to provide Mac OS 8/9 clients
1091
with NetBoot-services then you need uams_cleartext.so since the AFP-client
1092
integrated into the Mac's firmware can only deal with this basic form of
1095
* Since "Randnum exchange"/"2-Way Randnum exchange" uses only 56 bit DES for
1096
encryption it should be avoided as well. Another disadvantage is the fact
1097
that the passwords have to be stored in cleartext on the server and that it
1098
doesn't integrate into both PAM scenarios or classic /etc/shadow (you have
1099
to administrate passwords separately by using the afppasswd(1) utility, if
1100
clients should use these UAMs)
1102
* "DHCAST128" should be a good compromise for most people since it combines
1103
stronger encryption with PAM integration. Hopefully Netatalk will support
1104
its successor "DHX2" (Diffie Hellman Exchange 2) in the future, which
1105
provides even stronger encryption.
1107
* Using the Kerberos V ("Client Krb v2") UAM, it's possible to implement real
1108
single sign on scenarios using Kerberos tickets. The password is not sent
1109
over the network. Instead, the user password is used to decrypt a service
1110
ticket for the appleshare server. The service ticket contains an encryption
1111
key for the client and some encrypted data (which only the appleshare
1112
server can decrypt). The encrypted portion of the service ticket is sent to
1113
the server and used to authenticate the user. Because of the way that the
1114
afpd service principal detection is implemented, this authentication method
1115
is vulnerable to man-in-the-middle attacks.
1117
For a more detailed overview over the technical implications of the different
1118
UAMs, please have a look at Apple's File Server Security pages.
1120
Using different authentication sources with specific UAMs
1122
Some UAMs provide the ability to use different authentication "backends",
1123
namely uams_cleartext.so and uams_dhx.so. They can both use either classic Unix
1124
passwords from /etc/passwd (/etc/shadow) or PAM if the system supports that.
1125
uams_cleartext.so can be symlinked to either uams_passwd.so or uams_pam.so,
1126
uams_dhx.so to uams_dhx_passwd.so or uams_dhx_pam.so. So, if it looks like this
1127
in Netatalk's UAMs folder (per default /etc/netatalk/uams/):
1129
uams_clrtxt.so -> uams_pam.so
1130
uams_dhx.so -> uams_dhx_pam.so
1132
then you're using PAM, otherwise classic Unix passwords. The main advantage of
1133
using PAM is that one can integrate Netatalk in centralized authentication
1134
scenarios, eg. via LDAP, NIS and the like. Please always keep in mind that the
1135
protection of your user's login credentials in such scenarios also depends on
1136
the strength of encryption that the UAM in question supplies. So think about
1137
eliminating weak UAMs like "ClearTxt Passwrd" and "Randnum exchange" completely
1140
Netatalk UAM overview table
1142
A small overview of the most common used UAMs.
1144
Table 3.1. Netatalk UAM overview
1146
+----------------------------------------------------------------------------------------------+
1147
| UAM | No User |Cleartxt Passwrd|(2-Way) Randnum| DHCAST128 | Client Krb v2 |
1148
| | Authent | | exchange | | |
1149
|----------+--------------+----------------+---------------+-----------------+-----------------|
1150
| pssword | guest access | max. 8 | max. 8 | max. 64 |Kerberos tickets |
1151
| length | | characters | characters | characters | |
1152
|----------+--------------+----------------+---------------+-----------------+-----------------|
1153
| | |built-in in all | | built-in since | |
1154
| | |Mac OS versions | |AppleShare client| |
1155
| Client |built-in into |except 10.0. Has| built-in into |3.8.4, available | built-in since |
1156
| support | all Mac OS |to be activated |almost all Mac |as a plug-in for | MacOS X 10.2 |
1157
| | versions | explicitly in | OS versions |3.8.3, integrated| |
1158
| | |recent Mac OS X | |in Mac OS X' AFP | |
1159
| | | versions | | client | |
1160
|----------+--------------+----------------+---------------+-----------------+-----------------|
1161
| | |Password will be| 8-byte random | | |
1162
| | | sent in | numbers are |Password will be | Password is not |
1163
| | | cleartext over | sent over the | encrypted with | sent over the |
1164
| | | the wire. Just | wire, |128 bit SSL, user| network. Due to |
1165
| |Enables guest | as bad as it |comparable with| will be | the service |
1166
| |access without| sounds, | DES, 56 bits. | authenticated | principal |
1167
|Encryption|authentication|therefore avoid | Vulnerable to | against the |detection method,|
1168
| |between client| at all if | offline | server but not | this |
1169
| | and server. |possible (note: | dictionary | vice versa. | authentication |
1170
| | | providing | attack. | Therefor weak | method is |
1171
| | |NetBoot services| Requires | against | vulnerable to |
1172
| | | requires the | passwords in |man-in-the-middle|man-in-the-middle|
1173
| | | ClearTxt UAM) | clear on the | attacks. | attacks. |
1174
| | | | server. | | |
1175
|----------+--------------+----------------+---------------+-----------------+-----------------|
1176
| Server |uams_guest.so |uams_cleartxt.so|uams_randnum.so| uams_dhx.so | uams_gss.so |
1177
| support | | | | | |
1178
|----------+--------------+----------------+---------------+-----------------+-----------------|
1179
| | | | Passwords | | |
1180
| Password | | Either /etc/ |stored in clear| Either /etc/ | At the Kerberos |
1181
| storage | None | passwd (/etc/ | text in a | passwd (/etc/ |Key Distribution |
1182
| method | | shadow) or PAM | separate text | shadow) or PAM | Center* |
1184
+----------------------------------------------------------------------------------------------+
1186
* Have a look at this Kerberos overview
1190
Tunneling and all sort of VPN stuff has nothing to do with AFP authentication
1191
and UAMs in general. But since Apple introduced an option called "Allow Secure
1192
Connections Using SSH" and many people tend to confuse both things, we'll speak
1193
about that here too.
1195
Manually tunneling an AFP session
1197
This works since the first AFP servers that spoke "AFP over TCP" appeared in
1198
networks. One simply tunnels the remote server's AFP port to a local port
1199
different than 548 and connects locally to this port afterwards. On MacOS X
1202
ssh -l $USER $SERVER -L 10548:127.0.0.1:548 sleep 3000
1204
After establishing the tunnel one will use "afp://127.0.0.1:10548" in the
1205
"Connect to server" dialog. All AFP traffic including the initial connection
1206
attempts will be sent encrypted over the wire since the local AFP client will
1207
connect to the Mac's local port 10548 which will be forwarded to the remote
1208
server's AFP port (we used the default 548) over SSH.
1210
These sorts of tunnels are an ideal solution if you've to access an AFP server
1211
providing weak authentications mechanisms through the Internet without having
1212
the ability to use a "real" VPN. Note that you can let ssh compress the data by
1213
using its "-C" switch and that the tunnel endpoints can be different from both
1214
AFP client and server (compare with the SSH documentation for details).
1216
Automatically establishing a tunneled AFP connection
1218
Starting with Mac OS X 10.2 Apple added an "Allow Secure Connections Using SSH"
1219
checkbox to the "Connect to Server" dialog. The idea behind: When the server
1220
signals that it can be contacted by SSH then Mac OS X' AFP client tries to
1221
establish the tunnel and automagically sends all AFP traffic through it.
1223
But it took until the release of Mac OS X 10.3 that this feature worked the
1224
first time... partly. In case, the SSH tunnel can't be established the AFP
1225
client silently fell back to an unencrypted AFP connection attempt.
1227
Netatalk's afpd will report that it is capable of handling SSH tunneled AFP
1228
requests, when both -advertise_ssh and -fqdn options are set in afpd.conf(5)
1229
(double check with asip-status.pl(1) after you restarted afpd when you made
1230
changes to the settings). But there are a couple of reasons why you don't want
1231
to use this option at all:
1233
* Tunneling TCP over TCP (as SSH does) is not the best idea. There exist
1234
better solutions like VPNs based on the IP layer.
1236
* Since this SSH kludge isn't a normal UAM that integrates directly into the
1237
AFP authentication mechanisms but instead uses a single flag signalling
1238
clients whether they can try to establish a tunnel or not, it makes life
1239
harder to see what's happening when things go wrong.
1241
* You cannot control which machines are logged on by Netatalk tools like nu
1242
or macusers since all connection attempts seem to be made from localhost.
1244
* On the other side you've to limit access to afpd to localhost only (TCP
1245
wrappers) and disable AFP over DDP when you want to ensure that all AFP
1246
sessions are SSH encrypted or...
1248
* ...when you're using 10.2 - 10.3.3 then you get the opposite of what you'd
1249
expect: potentially unencrypted AFP communication (including logon
1250
credentials) on the network without a single notification that establishing
1251
the tunnel failed. Apple fixed that not until Mac OS X 10.3.4.
1253
* Encrypting all AFP sessions via SSH can lead to a significantly higher load
1254
on the Netatalk server
1258
Netatalk can act as both a PAP client to access AppleTalk-capable printers and
1259
a PAP server. The former by using the pap(1) utility and the latter by starting
1260
the papd(8) service.
1262
The "Printer Access Protocol" as part of the AppleTalk protocol suite is a
1263
fully 8 bit aware and bidirectional printing protocol, developed by Apple in
1264
1985. 8 bit aware means that the whole set of bytes can be used for printing
1265
(binary encoding). This has been a great advantage compared with other
1266
protocols like Adobe's Standard Protocol to drive serial and parallel
1267
PostScript printers (compare with Adobe TechNote 5009) or LPR which made only
1268
use of the lower 128 bytes for printing because the 8th bit has been reserved
1271
Bidirectional means that printing source (usually a Macintosh computer) and
1272
destination (a printer or spooler implementation) communicate about both
1273
destination's capabilities via feature queries (compare with Adobe TechNote
1274
5133) and device status. This allows the LaserWriter driver on the Macintosh to
1275
generate appropriate device specific PostScript code (color or b/w, only
1276
embedding needed fonts, and so on) on the one hand and notifications about the
1277
printing process or problems (paper jam for example) on the other.
1279
Setting up the PAP print server
1281
Netatalk's papd is able to provide AppleTalk printing services for Macintoshes
1282
or, to be more precise, PAP clients in general. Netatalk does not contain a
1283
full-blown spooler implementation itself, papd only handles the bidirectional
1284
communication and submittance of printjobs from PAP clients. So normally one
1285
needs to integrate papd with a Unix printing system like eg. classic SysV lpd,
1286
BSD lpr, LPRng, CUPS or the like.
1288
Since it is so important to answer the client's feature queries correctly, how
1289
does papd achieve this? By parsing the relevant keywords of the assigned PPD
1290
file. That said, it's always necessary to carefully choose the right PPD at the
1293
Netatalk formerly had built-in support for System V lpd printing in a way that
1294
papd saved the printed job directly into the spooldir and calls lpd afterwards,
1295
to pick up the file and do the rest. Due to incompatibilities with many lpd
1296
implementations the normal behaviour was to print directly into a pipe instead
1297
of specifying a printer by name and using lpd interaction. With Netatalk 2.0
1298
another alternative has been implemented: direct interaction with CUPS (Note:
1299
when CUPS support is compiled in, then the SysV lpd support doesn't work at
1300
all). Detailed examples can be found in the papd.conf(5) manual page.
1302
Integrating papd with SysV lpd
1304
Unless CUPS support has been compiled in (which is default from Netatalk 2.0
1305
on) one simply defines the lpd queue in question by setting the pr parameter to
1306
the queue name. If no pr parameter is set, the default printer will be used.
1308
Using pipes with papd
1310
An alternative to the technique outlined above is to direct papd's output via a
1311
pipe into another program. Using this mechanism almost all printing systems can
1312
be driven. Netatalk supplies three "wildcards" that get substituted with values
1313
of the already printed job:
1317
will be substituted with the contents of the %%For: comment in the
1322
If authenticated printing has been enabled then this will be substituted
1323
with the user name of the printjob's originator.
1327
will be substituted with the contents of the %%Title: comment of the
1330
Using these wildcards, one can pass those parameters directly to programs or
1331
implement small wrapper scripts to call the printing system in question.
1333
Using direct CUPS support
1335
Starting with Netatalk 2.0, direct CUPS integration is available. In this case,
1336
defining only a queue name as pr parameter won't invoke the SysV lpd daemon but
1337
uses CUPS instead. Unless a specific PPD has been assigned using the pd switch,
1338
the PPD configured in CUPS will be used by papd, too.
1340
There exists one special share named "cupsautoadd". If this is present in
1341
papd.conf, then all available CUPS queues will be served automagically using
1342
the parameters assigned to this global share. But subsequent printer
1343
definitions can be used to override these global settings for individual
1346
Using AppleTalk printers
1348
Netatalk's papstatus(8) can be used to query AppleTalk printers, pap(1) to
1349
print to them. With psf(8) there exists a lpd filter program suitable for
1350
converting other formats (like text) to PostScript output, do page accounting
1351
and eventually change the page order using psorder(1). But these days, modern
1352
printing systems like CUPS can do the latter tasks for themselves in a more
1355
pap can be used stand-alone or as part of an output filter or a CUPS backend
1356
(which is the preferred method since one does not have to deal with all the
1359
Example 3.10. pap printing to a PostScript LaserWriter
1361
pap -p"ColorLaserWriter 16/600@*" /usr/share/doc/gs/examples/tiger.ps
1363
The file /usr/share/doc/gs/examples/tiger.ps is sent to a printer called
1364
"ColorLaserWriter 16/600" in the standard zone "*". The device type is
1365
"LaserWriter" (can be suppressed since it is the default).
1367
Example 3.11. pap printing to a non-PostScript printer
1369
gs -q -dNOPAUSE -sDEVICE=cdjcolor -sOutputFile=- test.ps | pap -E
1371
GhostScript is used to convert a PostScript job to PCL3 output suitable for a
1372
Color DeskWriter. Since no file has been supplied on the command line, pap
1373
reads the data from stdin. The printer's address will be read from the .paprc
1374
file in the same directory, pap will be called (in our example simply
1375
containing "Color DeskWriter:DeskWriter@Printers"). The -E switch forces pap to
1376
not wait for an EOF from the printer.
1380
Using Netatalk as a time server for Macintoshes
1382
timelord, an AppleTalk based time server, is deprecated these days. Use NTP
1385
For further information please have a look at the timelord(8) manual page.
1387
Starting and stopping Netatalk
1389
The Netatalk distribution comes with several operating system specific startup
1390
script templates that are tailored according to the options given to the
1391
"configure" script before compiling. Currently, templates are provided for
1392
NetBSD, BSD, RedHat, SuSE and True64. You can select to install the generated
1393
startup script(s) by specifying a system type to "configure". To automatically
1394
install startup scripts for e.g. the SuSE Linux distribution try to give the
1395
--enable-suse option to "configure". Some of the scripts can be further
1396
parametrized by the configuration file netatalk.conf (described in the
1397
netatalk.conf(5) manual page), some obtain that information in another,
1398
operating system specific way (like Netbsd).
1400
Since new releases of Linux distributions appear all the time and the startup
1401
procedure for the other systems mentioned above might change as well, it is
1402
probably a good idea to not blindly install a startup script but to look at it
1403
first to see if it will work on your system. If you use Netatalk as part of a
1404
fixed setup, like a Linux distribution, an RPM or a BSD package, things will
1405
probably have been arranged properly for you. The following therefore applies
1406
mostly for people who have compiled Netatalk themselves.
1408
The following daemons need to be started by whatever startup script mechanism
1411
* atalkd (if you use the AppleTalk protocol)
1415
* cnid_metad (if the dbd CNID backend is used)
1417
* papd (if you want to provide print services via AppleTalk)
1419
* timelord (for old style time synchronisation via AppleTalk)
1421
Additionally, make sure that the various configuration files (afpd.conf,
1422
AppleVolumes.default, papd.conf etc.) are in the right place and that
1423
netatalk.conf (if used) contains the right entries. If you want e.g. papd to be
1424
started using this mechanism, set the environment variable "PAPD_RUN" to "yes"
1425
in netatalk.conf. See the manual pages for details.
1427
Chapter 4. Upgrading from a previous version of Netatalk
1438
Volumes and filenames
1440
How to upgrade a volume to 2.0
1441
How to use a 1.x CAP encoded volume with 2.0
1442
How to use a 1.x NLS volume with 2.0
1444
Choosing a CNID storage scheme
1446
How to upgrade if no persistent CNID storage was used
1447
How to upgrade if a persistent CNID storage scheme was used
1448
How to upgrade if a persistent CNID storage scheme was used, the brute
1451
Setting up a test server on the same machine
1453
Setting up an empty test share
1454
Duplicating an already existing share
1455
Configuring and running the test afpd
1459
Version 2.0 of the Netatalk suite includes significant changes and enhancements
1460
in functionality compared to previous versions. AFP 3.x is now supported which
1461
allows UTF-8 encoded filenames of up to 255 bytes (85-255 chars) in length
1462
amongst other things. The Catalogue Node ID (CNID) subsystem has been reworked
1463
as well and should now be much more robust. For an overview of what CNIDs are
1464
and why you need them please see the CNID section in the manual.
1466
The downside of these enhancements is that upgrading to Netatalk 2.0 is not a
1467
process that can be easily automated. Too many factors depend on site specific
1468
configuration and administrators have to make choices that suit their
1469
requirements. This document attempts to clarify the issues and outline the
1470
steps that need to be taken for a successful upgrade. As usual, the first of
1471
these steps should be to make a complete backup of all volumes and home
1472
directories that were in use with Netatalk before. Afterwards, you'll have to
1475
1. what encoding to use for filenames in the future and how to convert
1478
2. what storage scheme to use for CNIDs and maybe convert an existing database
1481
The following two sections deal with each of these areas in turn.
1483
Volumes and filenames
1485
Previous Netatalk versions saved filenames in the so called CAP encoding by
1486
default. Alternatively, there was the NLS system, that allowed you to convert
1487
filenames to other codepages, like ISO-8859-1.
1489
For Netatalk 2.0 the charset conversion routines had to be completely rewritten
1490
to support AFP 3.x. For more indepth information on character sets please read
1491
the Unicode/charsets section in the manual.
1493
As a consequence, Netatalk 2.0 now stores filenames in UTF-8 by default.
1494
Additionally you have to specify a maccodepage in afpd.conf, if your Mac
1495
clients are not using MacRoman.
1497
The format of the metadata files stored in the .AppleDouble folders has changed
1498
from AppleDouble v1 to AppleDouble v2. Netatalk 2.0 is still able to use AD1
1499
files, if configured. Otherwise ADv1 files will silently be updated to the new
1500
ADv2 format, which will prevent you from using this volume with 1.x again.
1504
Do not share a 1.x volume with Netatalk 2.0 without setting the proper options!
1508
You should consider 'upgrading' your volumes using the new defaults UTF-8 and
1509
AppleDouble v2, even if this is a time consuming process. AFP 3.x uses UTF-8
1510
and it is impossible to fully map UTF-8 to any of the old volume formats.
1512
How to upgrade a volume to 2.0
1514
To convert the 1.x CAP or NLS encoded volumes on the server, we provide the
1515
uniconv(1) utility. Please see the man page for details.
1517
Another option to perform an upgrade, is to copy all files using a Mac client.
1518
Either copy the volume to a Mac while you are still running 1.6, then install
1519
2.0 and copy the data back to a fresh share, or try to set up the volume with
1520
the compatibility options described below and do a share to share copy.
1522
How to use a 1.x CAP encoded volume with 2.0
1524
Using a 1.x CAP encoded volume is still possible with Netatalk 2.0. To work
1525
properly, the following options need to be set, matching your 1.x setup:
1531
AppleVolumes.default:
1537
You have to make sure maccodepage matches your Apple clients codepage. For
1538
western users the default Mac_Roman should be fine.
1540
Set volcharset to ASCII.
1542
Set adouble:v1, this will make sure the metadata files will not be changed to
1543
AppleDouble v2. If you do not set this option, it will not be possible to use
1544
the volume with Netatalk 1.x anymore.
1550
- -transall -maccodepage:MAC_CENTRALEUROPE
1552
AppleVolumes.default:
1554
/path/to/share "1.x Volume" adouble:v1 volcharset:ASCII
1556
How to use a 1.x NLS volume with 2.0
1558
Whether you can still use an 1.x NLS encoded volume with Netatalk 2.0 mainly
1559
depends on which NLS setting you used with 1.x.
1561
Make sure you set the correct maccodepage in afpd.conf !
1565
Use the following settings in AppleVolumes.default:
1567
/path/to/share "1.x Volume" adouble:v1 volcharset:ISO-8859-1
1568
maccode.iso8859-1.adapted
1570
Sorry, you're out of luck. This NLS contains a non standard mapping and is
1571
not supported by afpd anymore. You'll have to convert the volume to a
1576
Using the following settings in AppleVolumes.default might work, but is
1579
/path/to/share "1.x Volume" adouble:v1 volcharset:CP437
1582
Using the following settings in AppleVolumes.default might work, but is
1585
/path/to/share "1.x Volume" adouble:v1 volcharset:CP850
1588
Using the following settings in AppleVolumes.default might work, but is
1591
/path/to/share "1.x Volume" adouble:v1 volcharset:KOI8-R
1595
All of the above require iconv to be installed and to supply the volcharset
1598
Choosing a CNID storage scheme
1600
Previous versions of Netatalk allocated CNIDs either on the fly or CNIDs were
1601
recorded in a persistent database. "On the fly methods" work by either
1602
generating a CNID from the device and inode number or simply by using a counter
1603
that is increased by one on each access to a file or directory from the client.
1604
The counter only lasts for the lifetime of an afpd daemon process and inode
1605
numbers are reused for a different file once the original file has been
1606
deleted. These methods therefore violate a fundamental assumption: A CNID once
1607
assigned must never be reused for the lifetime of a volume. Netatalk 2.0
1608
supports one "On the fly scheme" called last. It computes CNIDs for files from
1609
device and inode of the file and uses a counter for directories. You should
1610
think twice about using it in production. Depending on your needs and the
1611
semantics of the underlying file system it might be OK on read only volumes,
1612
but even there we are not certain if OS X clients will work properly.
1614
That leaves the CNID schemes that use persistent storage for CNIDs. Netatalk
1615
2.0 supports two: cdb and dbd. Both are based on the Berkeley DB database
1616
library as before. One difference is, though, that you are not restricted to
1617
using a single scheme for all of your volumes that has to be determined at
1618
compile time. The CNID scheme (also called a "CNID backend") is now a runtime
1619
option for a volume. That means that you can make the choice per volume based
1620
on your requirements. Here are the properties as well as the advantages and
1621
disadvantages of the three supported schemes:
1623
1. last: See above. Avoid, if at all possible.
1625
2. cdb: Roughly analogous to the Netatalk 1.6.x versions with what was called
1626
then the "DID scheme" option set to "cnid" and the "CNID with Concurrent
1627
Data Store" option set to "yes". Access to the CNID database for a volume
1628
happens directly from the Netatalk afpd daemons. A Berkeley DB locking
1629
scheme (the "Concurrent Data Store" bit) is used to avoid database
1630
inconsistencies. Robustness is much improved compared to previous releases.
1631
The CNID database can only become corrupted if an afpd daemon crashes
1632
unexpectedly, is killed by the administrator or the whole machine crashes.
1634
3. dbd: There is only a single daemon that accesses the CNID database for a
1635
given volume. Any afpd process that wishes to retrieve or update CNIDs for
1636
that volume needs to do it via the daemon. The CNID can database be (this
1637
is a compile time option) updated under Berkeley DB transactional
1638
protection. This design combined with the transactional updates makes the
1639
CNID database crashproof: Any of the participating afpd daemons, the
1640
database daemon itself or the whole machine can crash and the CNID database
1641
should still be in a consistent state. The downside to this is that the
1642
speed of updates and retrieval is slower than with the cdb scheme. If this
1643
is a problem, you might want to disable transactions at Netatalk compile
1644
time (currently, the default is to compile without transactions anyway).
1645
That will give you safety against afpd crashing, but not if the machine
1646
goes down unexpectedly. Also, have a look at the nosync option documented
1647
in the cnid_dbd manual page.
1649
It is also possible to switch between cdb and dbd for a given volume, since
1650
they use the same database format. You just have to shut down all processes
1651
accessing the database cleanly, make the necessary configuration changes and
1652
restart. Please note, that you can easily specify a default CNID backend for
1653
all shares by applying the cnidscheme option to the ":DEFAULT:" share (compare
1654
with the AppleVolumes.default(5) manual page for details).
1656
Note that the dbd backend needs an auxiliary daemon, called cnid_metad, to
1657
work. It should be started together with afpd. If the dbd backend is compiled
1658
into afpd (the default), this should happen automatically. If you cannot find
1659
it in the process list even though the dbd backend is used please check for
1660
errors in the startup scripts.
1662
If you compile Netatalk 2.0 yourself and invoke configure --help, you'll notice
1663
that there are in fact more CNID backends to chose from. Don't use any of them.
1664
They are either broken or incomplete. Some of them might turn into something
1665
useful in the future.
1667
How to upgrade if no persistent CNID storage was used
1669
That is easy. Just pick a CNID backend from above, configure it properly in
1670
afpd.conf and the AppleVolumes file and start up the necessary Netatalk
1671
processes. The databases will be automatically created in a subdirectory
1672
.AppleDB of the volume in question.
1674
How to upgrade if a persistent CNID storage scheme was used
1676
In that case the CNID databases need to be upgraded. A script called
1677
cnid2_create that comes with Netatalk 2.0 does most of the work. The steps you
1678
have to take depend on what version of Berkeley DB is installed on your system.
1679
If you already use one of the supported versions of Berkeley DB (4.1.25 or
1680
4.2.52) for your old Netatalk installation and plan to use it for Netatalk 2.0
1681
as well just use the db_dump and db_load utilities that came with it as
1682
indicated below. Otherwise it is probably best to have the old and the new (to
1683
be used with Netatalk 2.0) version of Berkeley DB installed side by side until
1684
you have finished the upgrade. The reason for this is that we will dump out the
1685
old databases with the currently installed version of Berkeley DB in ASCII
1686
format and reload them with the new version. This avoids any incompatibility
1687
problems between Berkeley DB releases with respect to the on-disk format.
1689
For each volume to be upgraded, follow these steps
1691
* Stop all afpd daemons accessing the volume.
1693
* Change to the database directory for that volume, most likely the .AppleDB
1694
subdirectory of the volume toplevel directory in question.
1696
* Dump the contents of cnid.db and didname.db using the old (installed)
1697
version of Berkeley DB like this:
1699
db_dump -f cnid.dump cnid.db
1700
db_dump -f didname.dump didname.db
1702
Make sure the db_dump utility you are using is the correct (currently used)
1703
one. Use the full path to the db_dump executable if in doubt. So if this
1704
database was created with Berkeley DB 3.xx installed in /usr/local/db3 use
1705
/usr/local/db3/bin/db_dump instead. This will create two files, cnid.dump
1706
and didname.dump in the current directory.
1708
* Run the cnid2_create script:
1710
/path/to/netatalk/bin/cnid2_create
1712
The script assumes that .AppleDB is a subdirectory of the volume directory
1713
to be upgraded. If that is not the case give the full path name of the
1714
volume as the first argument to cnid2_create. The script will create a file
1715
cnid2.dump in ASCII format.
1717
* Remove the old Berkeley DB environment and logfiles (if present):
1720
* Load cnid2.dump into the new database. You should use the db_load utility
1721
of Berkeley DB that will be used with version 2.0 of Netatalk. So if
1722
Berkeley DB 4.xx lives in /usr/local/db4 use
1724
/usr/local/db4/bin/db_load -f cnid2.dump cnid2.db
1726
This will create the new database file, cnid2.db. Remove the old database
1727
files cnid.db, didname.db and devino.db. The intermediate files cnid.dump,
1728
didname.dump and cnid2.dump can be removed now or at some later time.
1730
If you do not want to have two versions of Berkeley DB installed side by side
1731
during the upgrade, you should first dump out the old databases as indicated
1732
above for all volumes, upgrade Berkeley DB and then load them with db_load. The
1733
cnid2_create script can be run before or after the upgrade. Berkeley DB
1734
environment and logfiles should still be removed before running db_load.
1736
How to upgrade if a persistent CNID storage scheme was used, the brute force
1739
If you are absolutely sure what you are doing, you can also just clear out all
1740
database files from the .AppleDB directories. They will be recreated, but will
1741
not contain the same CNIDs as before!! That might lead to all sorts of
1742
problems, like aliases not working any more on clients. As I said, make sure
1743
you know the consequences and don't mind them.
1745
Setting up a test server on the same machine
1747
Providing a test environment in parallel with the existing production
1748
installation is not difficult and, if done properly, it should not in any way
1749
disrupt the normal operation. However, as always, it is recommended to make a
1750
backup of the existing installation before proceeding. When compiling a newer
1751
netatalk version you should also take care that you do not overwrite the
1752
binaries of an older version (make use of the --prefix= configure option).
1754
There could be more than two afpd servers running on one UNIX box. You just
1755
have to be careful to keep them from running into each other:
1757
* the shares/volumes (AppleVolumes.default)
1759
* the PID file (afpd -P command line option)
1761
* the port number (-port option in afpd.conf)
1763
* no use of AppleTalk (-noddp option in afpd.conf)
1765
You should test the new Netatalk version with both a freshly created new share
1766
and another one that has been duplicated/converted from an already existing
1767
volume. This helps finding mistakes you probably made in the upgrade process
1768
when the first share behaves well and the latter not.
1770
Setting up an empty test share
1772
First, you have to provide some space for the test share. Just create a
1773
directory on one of your data filesystems. However, this directory must not be
1774
accessible from the production afpd server. Don't forget to set appropriate
1775
permissions for the share. For example:
1777
mkdir /macdata/testshare
1778
chown root.macusers /macdata/testshare
1779
chmod g+wrx,g+s /macdata/testshare
1781
Duplicating an already existing share
1783
Ensure that users cannot access the share in question and copy the whole
1784
contents (including all the metadata directories like .AppleDB) to another
1787
cp -pr /production/testshare /macdata/
1789
Then do the somewhat extensive upgrade of CNID databases and filename encodings
1790
outlined earlier in this chapter.
1792
Configuring and running the test afpd
1794
Normally the test afpd cannot listen on the standard afpovertcp port, because
1795
that one is already bound by the production afpd. So the afpd.conf should look
1798
- -noddp -nouservol -port 5480 -loginmsg "WARNING: test server"
1800
You also have to present the share to the Mac users by editing the
1801
AppleVolumes.default file. Remove the line containing a single "~" at the end
1802
of the file and append something like:
1804
/macdata/testshare "Test Volume (not production)"
1806
That should be the only uncommented line in the file. Do not forget to adjust
1807
encoding and AppleDouble setting when you're not using the recommended defaults
1810
In case you have many users and want to restrict access to the test server,
1811
there is a provision for that in the AppleVolumes.default file. First, create a
1812
group named, say, afpdtest, and put in it all users you would want to enable
1813
access to the test volumes. Then, instead of the line above, append a line like
1816
/macdata/testshare "Test Volume (not production)" allow:@afpdtest
1818
The test afpd server can be started now:
1820
$TESTDIR/sbin/afpd -P /var/run/afpd-test.pid
1822
You can also put this line in the production netatalk start script, in the
1823
"start" case. In the "stop" case, you should insert
1825
[ -f /var/run/afpd-test.pid ] && kill `cat /var/run/afpd-test.pid`
1827
The production server has to know about the test server. Otherwise the Mac
1828
users would not be able to see the test server in their choosers. Append the
1829
following line to the production afpd.conf (usually in /etc/netatalk/
1832
"Test server (not production)" -proxy -uamlist "" -port 5480
1834
and restart the production netatalk. Note that the port directive here should
1835
match the one which appears above in the test afpd.conf.
1839
Note that there is a limit of 31 characters for the server's name. Should the
1840
name be longer, then afpd will just refuse to register the server.
1842
The test server should appear in the chooser on Macs. You can also test that
1843
from the UNIX command line:
1849
netstat -an | grep 5480
1851
If everything went fine spread the word about the test server among your more
1852
experienced Mac users and see whether things work as expected.
1854
Chapter 5. Manual Pages
1858
achfile - change type and/or creator of Apple Macintosh files (netatalk format)
1859
acleandir - clean up a directory containing netatalk Apple Macintosh files
1860
aecho - send AppleTalk Echo Protocol packets to network hosts
1861
afile - display type and creator of Apple Macintosh files (netatalk format)
1862
afpd - AppleTalk Filing Protocol daemon
1863
afpd.conf - Configuration file used by afpd(8) to determine the setup of its
1864
file sharing services
1865
afppasswd - netatalk password maintenance utility
1866
AppleVolumes.default - Configuration file used by afpd(8) to determine the
1867
shares made available through Appletalk
1868
apple_cp - Do an apple copy, copying file metadata and the resource fork as
1870
apple_mv - Do an apple move, moving metadata and the resource fork as well
1871
apple_rm - Do an apple remove, remove metadata and resource fork as well
1872
asip-status.pl - Queries AFP servers for their capabilities
1873
atalk - AppleTalk protocol family
1874
atalkd - AppleTalk RTMP, NBP, ZIP, and AEP manager
1875
atalkd.conf - Configuration file used by atalkd(8) to determine the interfaces
1876
used by the master Netatalk daemon
1877
atalk_aton - AppleTalk address parsing
1878
cnid_dbd - implement access to CNID databases through a dedicated daemon
1880
cnid_index - check and repair Netatalk CNID database indexes
1881
cnid_metad - start cnid_dbd daemons on request
1882
getzones - list AppleTalk zone names
1883
megatron - Macintosh file format transformer
1884
nbp - access NBP database
1885
nbp_name - NBP name parsing
1886
netatalk.conf - Configuration file used by netatalk(8) to determine its general
1888
netatalk-config - script to get information about the installed version of
1890
pap - client interface to remote printers using Printer Access Protocol
1891
papd - AppleTalk print server daemon
1892
papd.conf - Configuration file used by papd(8) to determine the configuration
1893
of printers used by the Netatalk printing daemon
1894
papstatus - get the status of an AppleTalk-connected printer
1895
psf - PostScript filter
1896
psorder - PostScript pageorder filter
1897
timelord - Macintosh time server daemon
1898
timeout - Send a signal to a program after a certain time
1899
uniconv - convert Netatalk volume encoding
1901
This is a collection of the man pages delivered with Netatalk.
1905
achfile - change type and/or creator of Apple Macintosh files (netatalk format)
1909
achfile [ -t type ] [ -c creator ] file...
1913
achfile changes the Macintosh type and/or creator of the file arguments which
1914
have a corresponding .AppleDouble file.
1918
-t type change the type.
1920
-c creator change the creator.
1924
returns exit status 0 if all files changed successfully
1930
-------------------------------------------------------------------------------
1934
acleandir - clean up a directory containing netatalk Apple Macintosh files
1938
acleandir [-rnvi] dirname
1942
acleandir cleans up the directory dirname. By default it simply removes
1943
"orphan" AppleDouble files, i.e. those which do not have a corresponding data
1950
Also remove the .AppleDouble directory if it contains no AppleDouble files
1951
after "orphan" removal. This will result in the finder location of dirname
1952
within its parent being lost.
1956
Recursive. Clean up directories recursively.
1960
Display the filenames of "orphans" but don't remove any. Display size if
1961
"orphan" appears to contain a resource fork.
1965
Interactive. Prompt for confirmation before a removal. A y in answer
1966
confirms that the removal should proceed.
1970
Verbose. Display the names of all "orphans" and .AppleDouble directories
1971
removed. Reports the size if the "orphan" appears to contain a resource
1976
Aggressive. Remove all AppleDouble files, not just "orphans". Also remove
1977
the .AppleDesktop directory if present. Impies -d option. Use with caution
1978
as the Macintosh type/creator and finder location of all files will be lost
1979
and the content of some documents, such as Symantec Projects, will be
1984
returns exit status 0 unless bad options are provided or a directory is not
1985
given on the command line.
1991
-------------------------------------------------------------------------------
1995
aecho - send AppleTalk Echo Protocol packets to network hosts
1999
aecho [ -c count ] ( address | nbpname )
2003
aecho repeatedly sends an Apple Echo Protocol (AEP) packet to the host
2004
specified by the given AppleTalk address or nbpname and reports whether a reply
2005
was received. Requests are sent at the rate of one per second.
2007
address is parsed by atalk_aton(3). nbpname is parsed by nbp_name(3). The nbp
2008
type defaults to `Workstation'.
2010
When aecho is terminated, it reports the number of packets sent, the number of
2011
responses received, and the percentage of packets lost. If any responses were
2012
received, the minimum, average, and maximum round trip times are reported.
2016
Check to see if a particular host is up and responding to AEP packets:
2018
example% aecho bloodsport
2019
11 bytes from 8195.13: aep_seq=0. time=10. ms
2020
11 bytes from 8195.13: aep_seq=1. time=10. ms
2021
11 bytes from 8195.13: aep_seq=2. time=10. ms
2022
11 bytes from 8195.13: aep_seq=3. time=10. ms
2023
11 bytes from 8195.13: aep_seq=4. time=10. ms
2024
11 bytes from 8195.13: aep_seq=5. time=9. ms
2026
----8195.13 AEP Statistics----
2027
6 packets sent, 6 packets received, 0% packet loss
2028
round-trip (ms) min/avg/max = 9/9/10
2034
Stop after count packets.
2038
ping(1), atalk_aton(3), nbp_name(3), aep(4), atalkd(8).
2040
-------------------------------------------------------------------------------
2044
afile - display type and creator of Apple Macintosh files (netatalk format)
2052
afile displays the name and Macintosh type and creator of the file arguments.
2053
Tests whether the file is an AppleDouble header, in which case it checks the
2054
corresponding data fork exists, or assumes it is a data fork in which case it
2055
looks for the corresponding AppleDouble to find the type/creator information.
2057
afile does not look at any of the extension mapping files such as
2058
AppleVolumes.system.
2064
Include directories and data files of unknown type (i.e. without
2065
corresponding AppleDouble) in output.
2069
returns exit status 0 if all files have a corresponding valid .AppleDouble
2070
header or data fork, or 99 for bad command line options. Otherwise it returns
2071
the following error code relating to the last invalid file.
2073
1 file doesn't exist
2075
2 file is unreadable
2079
4 file is AppleDouble without data fork
2081
5 file is AppleDouble with unreadable data fork
2083
6 file is data fork without AppleDouble
2085
7 file is data fork with unreadable AppleDouble
2087
8 file is data fork with short AppleDouble
2089
9 bad magic in AppleDouble
2095
-------------------------------------------------------------------------------
2099
afpd - AppleTalk Filing Protocol daemon
2103
afpd [-duptDTvI] [-f defaultvolumes] [-s systemvolumes] [-n nbpname] [-c
2104
maxconnections] [-g guest] [-P pidfile] [-S port] [-L message] [-F config] [-U
2109
afpd provides an AppleTalk Filing Protocol (AFP) interface to the Unix file
2110
system. It is normally started at boot time from /etc/rc.
2112
The list of volumes offered to the user is generated from /etc/netatalk/
2113
AppleVolumes.system and one of /etc/netatalk/AppleVolumes.default, ~/
2114
AppleVolumes, or ~/.AppleVolumes. The AppleVolumes files is used to specify
2115
volumes to mount and file name extension mappings. It is formatted as follows,
2116
one specification per line: pathname [ volumename ] .extension [ type [ creator
2117
] ] If volumename is unspecified, the last component of pathname is used. No
2118
two volumes may have the same name. If type is unspecified '????' is used. If
2119
creator is unspecified 'UNIX' is used. The extension '.' sets the default
2120
creator and type for otherwise untyped Unix files. Blank lines and lines
2121
beginning with `#' are ignored.
2127
Specifies that the daemon should not fork. If netatalk has been configured
2128
with --enable-debug1, a trace of all AFP commands will be written to
2133
Prevents clients from saving their passwords. (Equivalent to -nosavepasswd
2138
Allows clients to change their passwords. (Equivalent to -setpasswd in
2143
Use DDP (AppleTalk) as transport protocol. (Equivalent to -ddp in
2148
Use TCP/IP as transport protocol. (Equivalent to -tcp in afpd.conf.)
2152
Print version information and exit.
2156
Use a platform specific icon. (Equivalent to -icon in afpd.conf.)
2160
Specifies that defaultvolumes should be read for a list of default volumes
2161
to offer, instead of /etc/netatalk/AppleVolumes.default.
2165
Specifies that systemvolumes should be read for a list of volume that all
2166
users will be offered, instead of /etc/netatalk/AppleVolumes.system.
2170
Read the user's AppleVolumes file first. This option causes volume names in
2171
the user's AppleVolumes file to override volume names in the system's
2172
AppleVolumes file. The default is to read the system AppleVolumes file
2173
first. Note that this option doesn't effect the precendence of filename
2174
extension mappings: the user's AppleVolumes file always has precedence.
2178
Specifies that nbpname should be used for NBP registration, instead of the
2179
first component of the hostname in the local zone.
2183
Specifies the maximum number of connections to allow for this afpd. The
2188
Specifies the name of the guest account. The default is 'nobody'.
2192
Specifies the file in which afpd stores its process id.
2196
Specifies the port to register with when doing AFPoverTCP. Defaults to 548.
2197
(Equivalent to -port in afpd.conf.)
2201
Specifies the login message that will be sent to clients. (Equivalent to
2202
-loginmsg in afpd.conf.)
2206
Specifies the configuration file to use. (Defaults to /etc/netatalk/
2207
netatalk/afpd.conf.)
2211
Comma-separated list of UAMs to use for the authentication process.
2212
(Equivalent to -uamlist in afpd.conf.)
2216
Use this umask for the creation of folders in Netatalk.
2220
Signals that are sent to the main afpd process are propagated to the children,
2221
so all will be affected.
2225
Sending a SIGHUP to afpd will cause it to reload its configuration files.
2229
The afpd process will send the message "The server is going down for
2230
maintenance." to the client and shut itself down in 5 minutes. New
2231
connections are not allowed. If this is sent to a child afpd, the other
2232
children are not affected. However, the main process will still exit,
2233
disabling all new connections.
2237
The afpd process will look in the message directory configured at build
2238
time for a file named message.pid. For each one found, a the contents will
2239
be sent as a message to the associated AFP client. The file is removed
2240
after the message is sent. This should only be sent to a child afpd.
2241
Warning: If the --with-message-dir option was not used, this will kill the
2244
To shut down a user's afpd process it is recommended that SIGKILL (-9) NOT
2245
be used, except as a last resort, as this may leave the CNID database in an
2246
inconsistent state. The safe way to terminate an afpd is to send it a
2247
SIGTERM (-15) signal and wait for it to die on its own.
2251
/etc/netatalk/AppleVolumes.default
2253
list of default volumes to mount
2255
/etc/netatalk/AppleVolumes.system
2257
list of volumes to offer all users
2261
user's list of volumes to mount
2263
/etc/netatalk/netatalk/msg/message.pid
2265
contains messages to be sent to users.
2271
hosts_access(5), afpd.conf(5), AppleVolumes.default(5), AppleVolumes.system(5).
2273
-------------------------------------------------------------------------------
2277
afpd.conf - Configuration file used by afpd(8) to determine the setup of its
2278
file sharing services
2282
/etc/netatalk/afpd.conf is the configuration file used by afpd to determine the
2283
behavior and configuration of the different virtual file servers that it
2286
Any line not prefixed with # is interpreted. The configuration lines are
2287
composed like: server name [ options ] If a - is used instead of a server name,
2288
the default server is specified. Server names must be quoted if they contain
2289
spaces. They must not contain ":" or "@". The path name must be a fully
2290
qualified path name, or a path name using either the ~ shell shorthand or any
2291
of the substitution variables, which are listed below.
2295
Each server has to be configured on a single line.
2297
The possible options and their meanings are:
2303
Specifies path to AppleVolumes.default file (default is /etc/netatalk/
2304
AppleVolumes.default).
2308
Specifies path to AppleVolumes.system file (default is /etc/netatalk/
2309
AppleVolumes.system).
2313
Enables or disables reading of the users' individual volumes file entirely.
2317
Enables or disables reading of the users' individual volumes file before
2318
processing the global AppleVolumes.default file.
2320
Authentication Methods
2322
-uamlist [uams list]
2324
Comma separated list of UAMs. (The default is uams_clrtxt.so,uams_dhx.so).
2326
The most commonly used UAMs are:
2334
(uams_pam.so or uams_passwd.so) Allow logins with passwords transmitted
2339
allows Random Number and Two-Way Random Number Exchange for
2340
authentication (requires a separate file containing the passwords,
2341
either /etc/netatalk/afppasswd file or the one specified via
2342
-passwdfile. See afppasswd(1) for details
2346
(uams_dhx_pam.so or uams_dhx_passwd.so) Allow Diffie-Hellman eXchange
2347
(DHX) for authentication.
2351
Allow Kerberos V for authentication (optional)
2355
Sets the default path for UAMs for this server (default is /etc/netatalk/
2358
-k5keytab [path], -k5service [service], -k5realm [realm]
2360
These are required if the server supports the Kerberos 5 authentication
2365
With OS X Apple introduced the AFP3 protocol. One of the big changes was, that
2366
AFP3 uses Unicode names encoded as UTF-8 decomposed. Previous AFP/OS versions
2367
used codepages like MacRoman, MacCentralEurope, etc.
2369
To be able to serve AFP3 and older clients at the same time, afpd needs to be
2370
able to convert between UTF-8 and Mac codepages. Even OS X clients partly still
2371
rely on codepages. As there's no way, afpd can detect the codepage a pre AFP3
2372
client uses, you have to specify it using the -maccodepage option. The default
2373
is MacRoman, which should be fine for most western users.
2375
As afpd needs to interact with unix operating system as well, it need's to be
2376
able to convert from UTF-8/MacCodepage to the unix codepage. By default afpd
2377
uses the systems LOCALE, or ASCII if your system doesn't support locales. You
2378
can set the unix codepage using the -unixcodepage option. If you're using
2379
extended characters in the configuration files for afpd, make sure your
2380
terminal matches the -unixcodepage.
2382
-unixcodepage [CODEPAGE]
2384
Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8". This is
2385
used to convert strings to/from the systems locale, e.g. for
2386
authenthication, server messages and volume names. Defaults to LOCALE if
2387
your system supports it, otherwise ASCII will be used.
2389
-maccodepage [CODEPAGE]
2391
Specifies the mac clients codepage, e.g. "MAC_ROMAN". This is used to
2392
convert strings and filenames to the clients codepage for OS9 and Classic,
2393
i.e. for authentication and AFP messages (SIGUSR2 messaging). This will
2394
also be the default for the volumes maccharset. Defaults to MAC_ROMAN.
2398
-loginmaxfail [number]
2400
Sets the maximum number of failed logins, if supported by the UAM
2405
Sets the path to the Randnum UAM passwd file for this server (default is /
2406
etc/netatalk/afppasswd).
2408
-passwdminlen [number]
2410
Sets the minimum password length, if supported by the UAM
2414
Enables or disables the ability of clients to save passwords locally
2418
Enables or disables the ability of clients to change their passwords via
2419
chooser or the "connect to server" dialog
2425
Enables or disables AFP-over-Appletalk. If -proxy is specified, you must
2426
instead use -uamlist "" to prevent DDP connections from working.
2430
Enables or disables AFP-over-TCP
2434
Make both available (default)
2440
Allows Mac OS X clients (10.3.3 or above) to automagically establish a
2441
tunneled AFP connection through SSH. If this option is set, the server's
2442
answers to client's FPGetSrvrInfo requests contain an additional entry. It
2443
depends on both client's settings and a correctly configured and running
2444
sshd(8) on the server to let things work.
2448
Setting this option is not recommended since globally encrypting AFP
2449
connections via SSH will increase the server's load significantly. On the
2450
other hand, Apple's client side implementation of this feature in MacOS X
2451
versions prior to 10.3.4 contained a security flaw.
2453
-ddpaddr [ddp address]
2455
Specifies the DDP address of the server. The default is to auto-assign an
2456
address (0.0). This is only useful if you are running AppleTalk on more
2461
Specifies a fully-qualified domain name, with an optional port. This is
2462
discarded if the server cannot resolve it. This option is not honored by
2463
AppleShare clients <= 3.8.3. This option is disabled by default. Use with
2464
caution as this will involve a second name resolution step on the client
2465
side. Also note that afpd will advertise this name:port combination but not
2466
automatically listen to it.
2468
-ipaddr [ip address]
2470
Specifies the IP address that the server should advertise and listens to
2471
(the default is the first IP address of the system). This option also
2472
allows to use one machine to advertise the AFP-over-TCP/IP settings of
2473
another machine via NBP when used together with the -proxy option.
2477
Allows a different TCP port to be used for AFP-over-TCP. The default is
2482
Runs an AppleTalk proxy server for the specified AFP-over-TCP server. If
2483
the address and port aren't given, then the first IP address of the system
2484
and port 548 will be used. If you don't want the proxy server to act as a
2485
DDP server as well, set -uamlist "".
2487
-server_quantum [number]
2489
This specifies the DSI server quantum. The minimum value is 303840
2490
(0x4A2E0). The maximum value is 0xFFFFFFFFF. If you specify a value that is
2491
out of range, the default value will be set (which is the minimum). Do not
2492
change this value unless you're absolutely sure, what you're doing
2496
Do not register this server using the Service Location Protocol (if SLP
2497
support was compiled in). This is useful if you are running multiple
2498
servers and want one to be hidden, perhaps because it is advertised
2499
elsewhere, ie. by a SLP Directory Agent.
2501
Miscellaneous Options
2505
Allows users of a certain group to be seen as the superuser when they log
2506
in. This option is disabled by default.
2508
-authprintdir [path]
2510
Specifies the path to be used (per server) to store the files required to
2511
do CAP-style print authentication which papd will examine to determine if a
2512
print job should be allowed. These files are created at login and if they
2513
are to be properly removed, this directory probably needs to be umode 1777.
2517
-authprintdir will only work for clients connecting via DDP. Almost all
2518
modern Clients will use TCP.
2522
With this switch enabled, afpd won't advertise that it is capable of server
2523
notifications, so that connected clients poll the server every 10 seconds
2524
to detect changes in opened server windows. Note: Depending on the number
2525
of simultaneously connected clients and the network's speed, this can lead
2526
to a significant higher load on your network!
2530
Do not use this option any longer as Netatalk 2.0 correctly supports server
2531
notifications, allowing connected clients to update folder listings in case
2532
another client changed the contents.
2534
-cnidserver [ipaddress:port]
2536
Specifies the IP address and port of a cnid_metad server, required for CNID
2537
dbd backend. Defaults to localhost:4700.
2541
Specifies the user that guests should use (default is "nobody"). The name
2546
Use the platform-specific icon
2548
-loginmesg [message]
2550
Sets a message to be displayed when clients logon to the server. The
2551
message should be in unixcodepage and should be quoted. Extended characters
2560
AFP 3.x waits number hours before disconnecting clients in sleep mode.
2561
Default is 10 hours.
2563
-signature { user:<text> | host }
2565
Specify a server signature. This option is useful while running multiple
2566
independent instances of afpd on one machine (eg. in clustered
2567
environments, to provide fault isolation etc.). "host" signature type
2568
allows afpd generating signature automatically (based on machine primary IP
2569
address). "user" signature type allows administrator to set up a signature
2570
string manually. The maximum length is 16 characters
2572
Example 5.1. Three server definitions using 2 different server signatures
2574
first -signature user:USERS
2575
second -signature user:USERS
2576
third -signature user:ADMINS
2578
First two servers will appear as one logical AFP service to the clients -
2579
if user logs in to first one and then connects to second one, session will
2580
be automatically redirected to the first one. But if client connects to
2581
first and then to third, will be asked for password twice and will see
2582
resources of both servers. Traditional method of signature generation
2583
causes two independent afpd instances to have the same signature and thus
2584
cause clients to be redirected automatically to server (s)he logged in
2591
Extended logging capabilities are only available if Netatalk was built using
2592
--with-logfile. As of Netatalk 2.0, the default is --without-logfile since the
2593
logger code is partially broken and needs a complete rewrite (the -setuplog
2594
option might not work as expected). If Netatalk was built without logger
2595
support then the daemons log to syslog.
2597
-[un]setuplog "<logtype> <loglevel> [<filename>]"
2599
Specify that the given loglevel should be applied to log messages of the
2600
given logtype and that these messages should be logged to the given file.
2601
If the filename is ommited the loglevel applies to messages passed to
2602
syslog. Each logtype may have a loglevel applied to syslog and a loglevel
2603
applied to a single file. Latter -setuplog settings will override earlier
2604
ones of the same logtype (file or syslog).
2606
logtypes: Default, Core, Logger, CNID, AFP
2608
Daemon loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, LOG_NOTE, LOG_INFO,
2609
LOG_DEBUG, LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, LOG_DEBUG9, LOG_MAXDEBUG
2611
Example 5.2. Some ways to change afpd's logging behaviour via -[un]setuplog
2615
-setuplog "logger log_maxdebug /var/log/netatalk-logger.log"
2616
-setuplog "afpdaemon log_maxdebug /var/log/netatalk-afp.log"
2617
-unsetuplog "default level file"
2618
-setuplog "default log_maxdebug"
2622
These options are useful for debugging only.
2626
Sets the tickle timeout interval (in seconds). Defaults to 30.
2630
Specify the number of tickles to send before timing out a connection. The
2631
default is 4, therefore a connection will timeout after 2 minutes.
2635
Example 5.3. afpd.conf default configuration
2637
- -transall -uamlist uams_clrtxt.so,uams_dhx.so
2639
Example 5.4. afpd.conf MacCyrillic setup / UTF8 unix locale
2641
- -transall -maccodepage mac_cyrillic -unixcodepage utf8
2643
Example 5.5. afpd.conf setup for Kerberos V auth
2645
- -transall -uamlist uams_clrtxt.so,uams_dhx.so,uams_guest.so,uams_gss.so \
2646
-k5service afpserver -k5keytab /path/to/afpserver.keytab \
2647
-k5realm YOUR.REALM -fqdn your.fqdn.namel:548
2649
Example 5.6. afpd.conf letting afpd appear as three servers on the net
2651
"Guest Server" -uamlist uams_guest.so -loginmesg "Welcome guest!"
2652
"User Server" -uamlist uams_dhx.so -port 12000
2653
"special" -notcp -defaultvol <path> -systemvol <path>
2657
afpd(8), afppasswd(1), AppleVolumes.default(5)
2659
-------------------------------------------------------------------------------
2663
afppasswd - netatalk password maintenance utility
2667
afppasswd [-acfn] [ -p passwd file ] [ -u minimum uid ]
2671
afppasswd allows the maintenance of afppasswd files created by netatalk for use
2672
by the uams_randnum.so UAM (providing the "Randnum exchange" and "2-Way Randnum
2673
exchange" User Authentication Modules).
2675
afppasswd can either be called by root with parameters, or can be called by
2676
local system users with no parameters to change their AFP passwords.
2680
With this utility you can only change the passwords used by two specific UAMs.
2681
As they provide only weak password encryption, the use of the "Randnum
2682
exchange" and "2-Way Randnum exchange" UAMs is deprecated unless one has to
2683
support very old AFP clients, that can not deal with the more secure
2684
"DHCAST128" UAM instead. Please compare with the Authentication chapter inside
2685
Netatalk's documentation.
2689
Local user changing their own password:
2692
Enter NEW AFP password: (hidden)
2693
Enter NEW AFP password again: (hidden)
2694
afppasswd: updated password.
2700
Add a new user to the afppasswd file.
2704
Create and/or initialize afppasswd file or specific user.
2708
Force the current action.
2712
Path to afppasswd file.
2716
If cracklib support is built into netatalk this option will cause cracklib
2717
checking to be disabled, if the superuser does not want to have the
2718
password run against the cracklib dictionary.
2722
This is the minimum user id (uid) that afppasswd will use when creating
2729
-------------------------------------------------------------------------------
2733
AppleVolumes.default - Configuration file used by afpd(8) to determine the
2734
shares made available through Appletalk
2738
/etc/netatalk/AppleVolumes.default is the configuration file used by afpd to
2739
determine what portions of the file system will be shared via Apple Filing
2740
Protocol, as well as their behaviour. Any line not prefixed with # is
2741
interpreted. The configuration lines are composed like:
2743
path [ volume name ] [ options ]
2745
The path name must be a fully qualified path name, or a path name using either
2746
the ~ shell shorthand or any of the substitution variables, which are listed
2749
The volume name is the name that appears in the Chooser ot the "connect to
2750
server" dialog on Macintoshes to represent the appropriate share. If there are
2751
spaces in the name, it should be in quotes (i.e. "File Share"). The volume name
2752
may not exceed 27 characters in length, and cannot contain the ':' character.
2756
Each volume has to be configured on a single line.
2758
The possible options and their meanings are:
2762
specify the format of the metadata files, which are used for saving Mac
2763
resource fork as well. Earlier versions used AppleDouble V1, the new
2764
default format is V2. Starting with Netatalk 2.0, the scheme MacOS X uses
2765
currently (10.3.x), is also supported
2769
Using adouble:osx is not recommended for production use. Its only aim is to
2770
temporarely share eg. FAT32 formatted FireWire harddrives written on a
2771
Macintosh with afpd. Apple's metadata scheme lacks several essential
2772
features, so using it on the server's side will break both CNIDs and MacOS
2775
allow:[users/groups]
2777
The allow option allows the users and groups that access a share to be
2778
specified. Users and groups are specified, delimited by commas. Groups are
2779
designated by a @ prefix. Example: allow:user1,user2,@group
2783
The deny option specifies users and groups who are not allowed access to
2784
the share. It follows the same format as the allow option.
2786
cnidscheme:[backend]
2788
set the CNID backend to be used for the volume, default is [cdb] available
2789
schemes: [cdb,dbd,last]
2793
Sets the database information to be stored in path. You have to specifiy a
2794
writable location, even if the volume is read only.
2796
maccharset:[charset]
2798
specifies the mac client codepage for this Volume, e.g. "MAC_ROMAN",
2799
"MAC_CYRILLIC". If not specified the setting from afpd.conf is inherited.
2800
This setting is only required if you need volumes, where the mac codepage
2801
differs from the one globally set in afpd.conf.
2805
This allows multiple options to be specified in a comma delimited format.
2806
The available options are:
2810
Limit disk size reporting to 2GB. This can be used for older
2811
Macintoshes using newer Appleshare clients.
2815
Specifies the share as being read only for all users. The .AppleDB
2816
directory has to be writeable, you can use the -dbpath option to
2821
Don't do :hex translation for dot files. note: when this option gets
2822
set, certain file names become illegal. These are .Parent and anything
2823
that starts with .Apple. Also, dot files created on the unix side are
2828
a non-zero return code from root_preexec closes the volume immediately,
2829
preventing clients to mount/see the volume in question.
2833
a non-zero return code from preexec close the volume being immediately,
2834
preventing clients to mount/see the volume in question.
2838
This option allows you to set a volume password, which can be a maximum of
2839
8 characters long (using ASCII strongly recommended at the time of this
2844
command to be run when the volume is mounted, ignored for user defined
2849
command to be run when the volume is closed, ignored for user defined
2852
root_preexec:[command]
2854
command to be run as root when the volume is mounted, ignored for user
2857
root_postexec:[command]
2859
command to be run as root when the volume is closed, ignored for user
2862
rolist:[users/groups]
2864
Allows certain users and groups to have read-only access to a share. This
2865
follows the allow option format.
2867
rwlist:[users/groups]
2869
Allows certain users and groups to have read/write access to a share. This
2870
follows the allow option format.
2874
hide files and directories,where the path matches one of the '/' delimited
2875
vetoed names. Matches are partial, e.g. path is /abc/def/file and veto:/abc
2876
/ will hide the file.
2878
volcharset:[charset]
2880
specifies the volume codepage, e.g. "UTF8", "UTF8-MAC", "ISO-8859-15".
2883
Variable substitutions
2885
You can use variables in both volume path and volume name.
2887
1. if you specify an unknown variable, it will not get converted.
2889
2. if you specify a known variable, but that variable doesn't have a value, it
2892
The variables which can be used for substitutions are:
2900
client's ip or appletalk address
2904
volume pathname on server
2908
full name (contents of the gecos field in the passwd file)
2920
client's ip, without port
2924
server name (this can be the hostname)
2928
user name (if guest, it is the user that guest is running as)
2932
volume name (either ADEID_NAME or basename of path)
2936
appletalk zone (may not exist)
2940
prints dollar sign ($)
2942
When using variable substitution in the volume name, always keep in mind, not
2943
to exceed the 27 characters limit
2945
Example 5.7. Using variable substitution when defining volumes
2947
/home/groups/$g "Groupdir for $g"
2948
~ "$f is the best one"
2950
We define "groupdirs" for each primary group and use a personalized server name
2955
The AFP protocol mostly refers to files and directories by ID and not by name.
2956
Netatalk needs a way to store these ID's in a persistent way, to achieve this
2957
several different CNID backends are available. The CNID Databases are by
2958
default located in the .AppleDB folder in the volume root.
2962
"Concurrent database", backend is based on Sleepycat's Berkely DB. With
2963
this backend several afpd deamons access the CNID database directly.
2964
Berkeley DB locking is used to synchronize access, if more than one afpd
2965
process is active for a volume. The drawback is, that the crash of a single
2966
afpd process might corrupt the database.
2970
Access to the CNID database is restricted to the cnid_metad daemon process.
2971
afpd processes communicate with the daemon for database reads and updates.
2972
If built with Berkeley DB transactions the probability for database
2973
corruption is practically zero, but performance can be slower than with cdb
2977
This backend is an exception, in terms of ID persistency. ID's are only
2978
valid for the current session. This is basically what afpd did in the 1.5
2979
(and 1.6) versions. This backend is still available, as it is useful for
2980
e.g. sharing cdroms.
2982
Warning: It is NOT recommended to use this backend for volumes anymore, as
2983
afpd now relies heavily on a persistent ID database. Aliases will likely
2984
not work and filename mangling is not supported.
2986
Even though ./configure --help might show that there are other CNID backends
2987
available, be warned those are likely broken or mainly used for testing. Don't
2988
use them unless you know what you're doing, they may be removed without further
2989
notice from future versions.
2993
With OS X Apple introduced the AFP3 protocol. One of the most important changes
2994
was that AFP3 uses unicode names encoded as UTF-8 decomposed. Previous AFP/OS
2995
versions used codepages, like MacRoman, MacCentralEurope, etc.
2997
afpd needs a way to preserve extended macintosh characters, or characters
2998
illegal in unix filenames, when saving files on a unix filesystem. Earlier
2999
versions used the the so called CAP encoding. An extended character (>0x7F)
3000
would be converted to a :xx sequence, e.g. the Apple Logo (MacRoman: 0XF0) was
3001
saved as :f0. Some special characters will be converted as to :xx notation as
3002
well. '/' will be encoded to :2f, if -usedots is not specified, a leading dot
3003
'.' will be encoded as :2e.
3005
This version now uses UTF-8 as the default encoding for names. Special
3006
characters, like '/' and a leading '.' will still be CAP style encoded .
3008
The -volcharset option will allow you to select another volume encoding. E.g.
3009
for western users another useful setting could be -volcharset ISO-8859-15. apfd
3010
will accept any iconv(1) provided charset. If a character cannot be converted
3011
from the mac codepage to the selected volcharset, afpd will save it as a CAP
3012
encoded character. For AFP3 clients, afpd will convert the UTF-8 character to
3013
-maccharset first. If this conversion fails, you'll receive a -50 error on the
3016
Note: Whenever you can, please stick with the default UTF-8 volume format.
3018
Compatibility with earlier versions
3020
To use a volume created with an earlier afpd version, you'll have to specify
3021
the following options:
3023
Example 5.8. use a 1.x style volume
3025
/path/to/volume "Volname" adouble:v1 volcharset:ASCII
3027
In case you used an NLS you could try using a compatible iconv charset for
3030
Example 5.9. use a 1.x style volume, created with maccode.iso8859-1
3032
/path/to/volume "Volname" adouble:v1 volcharset:ISO-8859-1
3034
You should consider converting old style volumes to the new UTF-8/AD2 format.
3035
The safest way to do this, is to create a new volume with the default options
3036
and copy the files between this volumes with a mac.
3038
Note: Using above example options will allow you to downgrade to 1.x netatalk
3041
Note: Some 1.x NLS files used non standard mappings, e.g.
3042
maccode.iso8859-1.adapted. This is not supported anymore. You'll have to copy
3043
the contents of those volumes files to a Mac and then back to the netatalk
3044
server, preferably to an UTF-8 volume.
3048
The following options should only be used after serious consideration. Be sure
3049
you fully understood the, sometimes complex, consequences, before using them.
3053
The casefold option handles, if the case of filenames should be changed.
3054
The available options are:
3056
tolower - Lowercases names in both directions.
3058
toupper - Uppercases names in both directions.
3060
xlatelower - Client sees lowercase, server sees uppercase.
3062
xlateupper - Client sees uppercase, server sees lowercase.
3066
This allows multiple options to be specified in a comma delimited format.
3067
The available options are:
3071
If set afpd uses the ID information stored in AppleDouble V2 header
3072
files to reduce database load. Don't set this option if the volume is
3073
modified by non AFP clients (NFS/SMB/local). Defaults to off.
3077
Enables crlf translation for TEXT files, automatically converting
3078
macintosh line breaks into Unix ones. Use of this option might be
3079
dangerous since some older programs store binary data files as type
3080
"TEXT" when saving and switch the filetype in a second step. Afpd will
3081
potentially destroy such files when "erroneously" changing bytes in
3082
order to do line break translation.
3086
Allows a volume to be declared as being a "dropbox." Note that netatalk
3087
must be compiled with dropkludge support for this to function. Warning:
3088
This option is deprecated and might not work as expected.
3092
Forces filename restrictions imposed by MS WinXX. Warning: This is NOT
3093
recommened for volumes mainly used by Macs. Please make sure you fully
3094
understand this option before using it.
3098
This option breaks direct saving to netatalk volumes from some
3099
applications, i.e. OfficeX.
3103
Forces afpd to not create .AppleDouble directories unless macintosh
3104
metadata needs to be written. This option is only useful if you want to
3105
share files mostly used NOT by macs, causing afpd to not automatically
3106
create .AppleDouble subdirs containing AD header files in every
3107
directory it enters (which will it do by default).
3109
In case, you save or change files from mac clients, AD metadata files
3110
have to be written even in case you set this option. So you can't avoid
3111
the creation of .AppleDouble directories and its contents when you give
3112
macs write access to a share and they make use of it.
3114
Try to avoid noadouble whenever possible.
3118
always use 0 for device number, helps when the device number is not
3119
constant across a reboot, cluster, ...
3123
don't advertise createfileid, resolveid, deleteid calls.
3127
Disables :hex translations for anything except dot files. This option
3128
makes the '/' character illegal.
3132
Provides compatibility with Apple II clients.
3136
don't stat volume path when enumerating volumes list, useful for
3137
automounting or volumes created by a preexec script.
3141
use AFP3 unix privileges. Become familiar with the new "unix
3142
privileges" AFP permissions concepts in MacOS X before using this
3147
afpd.conf(5), afpd(8)
3149
-------------------------------------------------------------------------------
3153
apple_cp - Do an apple copy, copying file metadata and the resource fork as
3158
/usr/bin/apple_cp SOURCE DEST /usr/bin/apple_cp SOURCE... DIRECTORY
3162
apple_cp is a perl script to copy SOURCE to DEST or multiple SOURCE(s) to
3163
DIRECTORY. It also copies the file specific metadata (including resource forks)
3164
to the .AppleDouble directory for DEST or DIRECTORY. If the .AppleDouble
3165
directory doesn't exist for DEST or DIRECTORY it will create it.
3169
/usr/bin/apple_cp test.text /target/directory/
3171
/usr/bin/apple_cp test.text /target/directory/test2.text
3173
/usr/bin/apple_cp test.text testing.text /target/directory/
3177
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3181
apple_mv(1), apple_rm(1).
3183
-------------------------------------------------------------------------------
3187
apple_mv - Do an apple move, moving metadata and the resource fork as well
3191
/usr/bin/apple_mv SOURCE DEST /usr/bin/apple_mv SOURCE... DIRECTORY
3195
apple_mv is a perl script to move SOURCE to DEST or multiple SOURCE(s) to
3196
DIRECTORY. It also moves the file specific metadata (including resource forks)
3197
to the .AppleDouble directory for DEST or DIRECTORY. If the .AppleDouble
3198
directory doesn't exist for DEST or DIRECTORY it will create it.
3202
/usr/bin/apple_mv test.text /target/directory/
3204
/usr/bin/apple_mv test.text /target/directory/test2.text
3206
/usr/bin/apple_mv test.text testing.text /target/directory/
3210
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3214
apple_cp(1), apple_rm(1).
3216
-------------------------------------------------------------------------------
3220
apple_rm - Do an apple remove, remove metadata and resource fork as well
3224
/usr/bin/apple_rm FILE...
3228
apple_rm is a perl script that removes FILE(s) as well as the .AppleDouble
3229
metadata file(s) that corresponds to FILE(s). These AppleDouble header files
3230
eventually also contain the resource fork if the files had one. apple_rm does
3231
not delete directories.
3235
/usr/bin/apple_rm test.text
3237
/usr/bin/apple_rm test.text testing.text
3241
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3245
apple_cp(1), apple_mv(1).
3247
-------------------------------------------------------------------------------
3251
asip-status.pl - Queries AFP servers for their capabilities
3255
/usr/bin/asip-status.pl ADDRESS:PORT...
3259
asip-status.pl is a perl script that sends a FPGetSrvrInfo request to an AFP
3260
server at ADDRESS:PORT and displays the results, namely "Machine type", the
3261
server's name, supported AFP versions, UAMs and AFP flags, the "server
3262
signature" and the network addresses, the server provides AFP services on.
3264
When you don't supply :PORT, then the default AFP port, 548, will be used.
3268
/usr/bin/asip-status.pl 192.168.21.2
3269
AFP reply from 192.168.21.2:548
3270
Flags: 1 Cmd: 3 ID: 57005
3273
Machine type: Macintosh
3274
AFP versions: AFPVersion 1.1,AFPVersion 2.0,AFPVersion 2.1,AFP2.2
3275
UAMs: Cleartxt passwrd,Randnum exchange,2-Way Randnum exchange
3276
Flags: SupportsCopyFile,SupportsChgPwd,SupportsServerMessages,
3277
SupportsServerSignature,SupportsTCP/IP,SupportsSuperClient
3278
Server name: PowerMac 9600/200
3280
04 c1 6e 59 04 c1 6e 59 04 c1 6e 59 04 c1 6e 59 ..nY..nY..nY..nY
3282
Network address: 192.168.21.2:548 (tcp/ip address and port)
3283
Network address: 10.20 (ddp address)
3284
/usr/bin/asip-status.pl 192.168.21.1:10548
3285
AFP reply from 192.168.21.1:10548
3286
Flags: 1 Cmd: 3 ID: 57005
3289
Machine type: Netatalk
3290
AFP versions: AFPVersion 1.1,AFPVersion 2.0,AFPVersion 2.1,AFP2.2,AFPX03,
3292
UAMs: Cleartxt passwrd,Randnum exchange,2-Way Randnum exchange,DHCAST128
3293
Flags: SupportsCopyFile,SupportsServerMessages,SupportsServerSignature,
3294
SupportsTCP/IP,SupportsSrvrNotifications,SupportsOpenDirectory,
3295
SupportsUTF8Servername,SupportsSuperClient
3296
Server name: Fire V480
3298
83 29 cc 60 83 29 cc 60 83 29 cc 60 83 29 cc 60 .).`.).`.).`.).`
3300
Network address: 192.168.21.1:10548 (TCP/IP address and port)
3301
Network address: 65282.142 (ddp address)
3302
UTF8 Servername: Fire V480
3306
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3308
-------------------------------------------------------------------------------
3312
atalk - AppleTalk protocol family
3316
#include <sys/types.h>
3317
#include <netatalk/at.h>
3321
The AppleTalk protocol family is a collection of protocols layered above the
3322
Datagram Delivery Protocol (DDP), and using AppleTalk address format. The
3323
AppleTalk family may provide SOCK_STREAM (ADSP), SOCK_DGRAM (DDP), SOCK_RDM
3324
(ATP), and SOCK_SEQPACKET (ASP). Currently, only DDP is implemented in the
3325
kernel; ATP and ASP are implemented in user level libraries; and ADSP is
3330
AppleTalk addresses are three byte quantities, stored in network byte order.
3331
The include file <netatalk/at.h> defines the AppleTalk address format.
3333
Sockets in the AppleTalk protocol family use the following address structure:
3335
struct sockaddr_at {
3338
struct at_addr sat_addr;
3342
The port of a socket may be set with bind(2). The node for bind must always be
3343
ATADDR_ANYNODE: ``this node.'' The net may be ATADDR_ANYNET or ATADDR_LATENET.
3344
ATADDR_ANYNET coresponds to the machine's ``primary'' address (the first
3345
configured). ATADDR_LATENET causes the address in outgoing packets to be
3346
determined when a packet is sent, i.e. determined late. ATADDR_LATENET is
3347
equivalent to opening one socket for each network interface. The port of a
3348
socket and either the primary address or ATADDR_LATENET are returned with
3353
bind(2), getsockname(2), atalkd(8).
3355
-------------------------------------------------------------------------------
3359
atalkd - AppleTalk RTMP, NBP, ZIP, and AEP manager
3363
atalkd [-f configfile] [-1] [-2]
3367
atalkd is responsible for all user level AppleTalk network management. This
3368
includes routing, name registration and lookup, zone lookup, and the AppleTalk
3369
Echo Protocol (similar to ping(8)). atalkd is typically started at boot time,
3370
out of /etc/rc. It first reads from its configuration file, /etc/netatalk/
3371
atalkd.conf. If there is no configuration file, atalkd will attempt to
3372
configure all available interfaces and will create a configuration file. The
3373
file consists of a series of interfaces, one per line. Lines with `#' in the
3374
first column are ignored, as are blank lines. The syntax is
3376
interface [ -seed ] [ -phase number ] [ -net net-range ] [ -addr address ] [
3377
-zone zonename ] ...
3379
Note that all fields except the interface are optional. The loopback interface
3380
is configured automatically. If -seed is specified, all other fields must be
3381
present. Also, atalkd will exit during bootstrap�ping, if a router disagrees
3382
with its seed information. If -seed is not given, all other information may be
3383
overriden during auto-configuration. If no -phase option is given, the default
3384
phase as given on the command line is used (the default is 2). If -addr is
3385
given and -net is not, a net-range of one is assumed.
3387
The first -zone directive for each interface is the ``default'' zone. Under
3388
Phase 1, there is only one zone. Under Phase 2, all routers on the network are
3389
configured with the default zone and must agree. atalkd maps ``*'' to the
3390
default zone of the first interface. Note: The default zone for a machine is
3391
determined by the configuration of the local routers; to appear in a
3392
non-default zone, each service, e.g. afpd, must individually specify the
3393
desired zone. See also nbp_name(3).
3397
If you are connecting a netatalk router to an existing AppleTalk internet, you
3398
should first contact your local network administrators to obtain appropriate
3401
atalkd can provide routing between interfaces by configuring multiple
3402
interfaces. Each interface must be assigned a unique net-range between 1 and
3403
65279 (0 and 65535 are illegal, and addresses between 65280 and 65534 are
3404
reserved for startup). It is best to choose the smallest useful net-range, i.e.
3405
if you have three machines on an Ethernet, don't chose a net-range of
3406
1000-2000. Each net-range may have an arbitrary list of zones associated with
3411
Below is an example configuration file for a sun4/40. The machine has two
3412
interfaces, ``le0'' and ``le1''. The ``le0'' interface is configured
3413
automatically from other routers on the network. The machine is the only router
3414
for the ``le1'' interface.
3417
le1 -seed -net 9461-9471 -zone netatalk -zone Argus
3419
atalkd automatically acts as a router if there is more than one interface.
3423
/etc/netatalk/atalkd.conf configuration file
3427
On some systems, atalkd can not be restarted.
3433
-------------------------------------------------------------------------------
3437
atalkd.conf - Configuration file used by atalkd(8) to determine the interfaces
3438
used by the master Netatalk daemon
3442
/etc/netatalk/atalkd.conf is the configuration file used by atalkd to configure
3443
the Appletalk interfaces and their behavior
3445
Any line not prefixed with # is interpreted. The configuration lines are
3448
Interface [ options ]
3450
The simplest case is to have either no atalkd.conf, or to have one that has no
3451
active lines. In this case, atalkd should auto-discover the local interfaces on
3452
the machine. Please note that you cannot split lines.
3454
The interface is the network interface that this to work over, such as eth0 for
3455
Linux, or le0 for Sun.
3457
The possible options and their meanings are:
3461
Allows specification of the net and node numbers for this interface,
3462
specified in Appletalk numbering format (example: -addr 66.6).
3466
Disables Appletalk routing. It is the opposite of -router.
3470
Allows the available net to be set, optionally as a range.
3472
-noallmulti (linux only)
3474
On linux the interfaces, atalkd uses, are set to ALLMULTI by default caused
3475
by countless NICs having problems without being forced into this mode (some
3476
even don't work with allmulti set). In case, you've a NIC known to support
3477
multicasts properly, you might want to set this option causing less packets
3482
Specifies the Appletalk phase that this interface is to use (either Phase 1
3487
Like -seed, but allows single interface routing. It is the opposite of
3492
The seed option only works if you have multiple interfaces. It also causes
3493
all missing arguments to be automagically configured from the network.
3497
Specifies a specific zone that this interface should appear on (example:
3498
-zone "Parking Lot"). Please note that zones with spaces and other special
3499
characters should be enclosed in parentheses.
3505
-------------------------------------------------------------------------------
3509
atalk_aton - AppleTalk address parsing
3513
#include <sys/types.h>
3514
#include <netatalk/at.h>
3516
atalk_aton(cp, ata);
3518
struct at_addr * ata;
3522
The atalk_aton() routine converts an ASCII representation of an AppleTalk
3523
address to a format appropriate for system calls. Acceptable ASCII
3524
representations include both hex and base 10, in triples or doubles. For
3525
instance, the address `0x1f6b.77' has a network part of `8043' and a node part
3526
of `119'. This same address could be written `8043.119', `31.107.119', or
3527
`0x1f.6b.77'. If the address is in hex and the first digit is one of `A-F', a
3528
leading `0x' is redundant.
3534
-------------------------------------------------------------------------------
3538
cnid_dbd - implement access to CNID databases through a dedicated daemon
3543
cnid_dbd dbdir ctrlfd clntfd
3547
cnid_dbd provides an interface for storage and retrieval of catalog node IDs
3548
(CNIDs) and related information to the afpd daemon. CNIDs are a component of
3549
Macintosh based file systems with semantics that map not easily onto Unix file
3550
systems. This makes separate storage in a database necessary. cnid_dbd is part
3551
of the CNID backend framework of afpd and implements the dbd backend.
3553
cnid_dbd is never started via the command line or system startup scripts but
3554
only by the cnid_metad daemon. There is at most one instance of cnid_dbd per
3557
cnid_dbd uses the Berkleley DB database library and optionally supports
3558
transactionally protected updates if the netatalk package is compiled with the
3559
appropriate options. Using the dbd backend without transactions will protect
3560
the CNID database against unexpected crashes of the afpd daemon. Using the dbd
3561
backend with transactions will avoid corruption of the CNID database even if
3562
the system crashes unexpectedly.
3564
cnid_dbd uses the same on-disk database format as the cdb backend. It is
3565
therefore possible to switch between the two backends as necessary.
3567
cnid_dbd inherits the effective userid and groupid from cnid_metad on startup,
3568
which is normally caused by afpd serving a netatalk volume to a client. It
3569
changes to the Berkleley DB database home directory dbdir that is associated
3570
with the volume. If the userid inherited from cnid_metad is 0 (root), cnid_dbd
3571
will change userid and groupid to the owner and group of the database home
3572
directory. Otherwise, it will continue to use the inherited values. cnid_dbd
3573
will then attempt to open the database and start serving requests using
3574
filedescriptor clntfd. Subsequent instances of afpd that want to access the
3575
same volume are redirected to the running cnid_dbd process by cnid_metad via
3576
the filedescriptor ctrlfd.
3578
cnid_dbd can be configured to run forever or to exit after a period of
3579
inactivity. If cnid_dbd receives a TERM or an INT signal it will exit cleanly
3580
after flushing dirty database buffers to disk and closing Berkleley DB database
3581
environments. It is safe to terminate cnid_dbd this way, it will be restarted
3582
when necessary. Other signals are not handled and will cause an immediate exit,
3583
possibly leaving the CNID database in an inconsistent state (no transactions)
3584
or losing recent updates during recovery (transactions).
3586
If transactions are used the Berkleley DB database subsystem will create files
3587
named log.xxxxxxxxxx in the database home directory dbdir, where xxxxxxxxxx is
3588
a monotonically increasing integer. These files contain information to replay
3589
database changes and are not automatically removed, unless the
3590
logfile_autoremove option is specified in the db_param configuration file (see
3591
below). Please see the sections Database and log file archival, Log file
3592
removal and the documentation of the db_archive command line utility in the
3593
Berkeley DB Tutorial and Reference for information when and how it is safe to
3594
remove these files manually.
3596
Do not use cnid_dbd for databases on NFS mounted file systems. It makes the
3597
whole point of securing database changes properly moot. Use the dbdir: Option
3598
in the appropriate AppleVolumes configuration file to put the database onto a
3603
cnid_dbd reads configuration information from the file db_param in the database
3604
directory dbdir on startup. If the file does not exist or a parameter is not
3605
listed, suitable default values are used. The format for a single parameter is
3606
the parameter name, followed by one or more spaces, followed by the parameter
3607
value, followed by a newline. The following parameters are currently
3612
This flag is ignored unless transactional support is enabled. If set to 1,
3613
unused Berkeley DB transactional logfiles (log.xxxxxxxxxx in the database
3614
home directory) are removed on startup of cnid_dbd. This is usually safe if
3615
the content of the database directory is backed up on a regular basis.
3620
Determines the size of the Berkeley DB cache in kilobytes. Default: 1024.
3621
Each cnid_dbd process grabs that much memory on top of its normal memory
3622
footprint. It can be used to tune database performance. The db_stat utility
3623
with the -m option that comes with Berkely DB can help you determine wether
3624
you need to change this value. The default is pretty conservative so that a
3625
large percentage of requests should be satisfied from the cache directly.
3626
If memory is not a bottleneck on your system you might want to leave it at
3627
that value. The Berkeley DB Tutorial and Reference Guide has a section
3628
Selecting a cache size that gives more detailed information.
3632
This flag is ignored unless transactional support is enabled. If it is set
3633
to 1, transactional changes to the database are not synchronously written
3634
to disk when the transaction completes. This will increase performance
3635
considerably at the risk of recent changes getting lost in case of a crash.
3636
The database will still be consistent, though. See Transaction Throughput
3637
in the Berkeley DB Tutorial for more information. Default: 0.
3639
flush_frequency, flush_interval
3641
flush_frequency (Default: 100) and flush_interval (Default: 30) control how
3642
often changes to the database are written to the underlying database files
3643
if no transactions are used or how often the transaction system is
3644
checkpointed for transactions. Both of these operations are performed if
3645
either i) more than flush_frequency requests have been received or ii) more
3646
than flush_interval seconds have elapsed since the last save/checkpoint. If
3647
you use transactions with nosync set to zero these parameters only
3648
influence how long recovery takes after a crash, there should never be any
3649
lost data. If nosync is 1, changes might be lost, but only since the last
3650
checkpoint. Be careful to check your harddisk configuration for on disk
3651
cache settings. Many IDE disks just cache writes as the default behaviour,
3652
so even flushing database files to disk will not have the desired effect.
3656
is the maximum number of connections (filedescriptors) that can be open for
3657
afpd client processes in cnid_dbd. Default: 16. If this number is exceeded,
3658
one of the existing connections is closed and reused. The affected afpd
3659
process will transparently reconnect later, which causes slight overhead.
3660
On the other hand, setting this parameter too high could affect performance
3661
in cnid_dbd since all descriptors have to be checked in a select() system
3662
call, or worse, you might exceed the per process limit of open file
3663
descriptors on your system. It is safe to set the value to 1 on volumes
3664
where only one afpd client process is expected to run, e.g. home
3669
is the number of seconds of inactivity before an idle cnid_dbd exits.
3670
Default: 600. Set this to 0 to disable the timeout.
3674
is a flag value. If set cnid_dbd will automatically check the database
3675
indexes. Default: 0. Set this to 1 to enable checking.
3679
cnid_metad(8), afpd(8)
3681
-------------------------------------------------------------------------------
3685
cnid_index - check and repair Netatalk CNID database indexes
3693
cnid_index is a utility to check CNID databases for consistency. If needed, the
3694
indexes are repaired. It works for databases created by the cdb and dbd
3697
Volumes usind the dbd CNID scheme can also be checked automatically, for
3698
further information please see the cnid_dbd(8) man page.
3702
When using cnid_index on cdb handled databases, cnid_index cannot check if
3703
another process (afpd) accesses the CNID databases. In this case, you have to
3704
manually ensure no other process accesses the database when running cnid_index.
3708
cnid_dbd(8), afpd(8)
3710
-------------------------------------------------------------------------------
3714
cnid_metad - start cnid_dbd daemons on request
3718
cnid_metad [-d] [ -h hostname ] [ -p port ] [ -u user ] [ -g group ] [ -s
3723
cnid_metad waits for requests from afpd to start up instances of the cnid_dbd
3724
daemon. It keeps track of the status of a cnid_dbd instance once started and
3725
will restart it if necessary. cnid_metad is normally started at boot time from
3726
/etc/rc or equivalent and runs until shutdown. afpd needs to be configured with
3727
the -cnidserver option in afpd.conf in order to access cnid_metad. It is
3728
possible to run more than one instance of cnid_metad on the same machine if
3729
different values for the interface and/or port are specified with the -h and -p
3736
cnid_metad will remain in the foreground and will also leave the standard
3737
input, standard output and standard error file descriptors open. Useful for
3742
Use hostname as the network interface for requests as opposed to the
3747
Use port as the port number for reqests. Default is 4700.
3751
Switch to the userid of user before serving requests. This userid will be
3752
inherited by all cnid_dbd daemon processes started.
3756
Switch to the groupid of group before serving requests. This groupid will
3757
be inherited by all cnid_dbd daemon processes started. Both user and group
3758
must be specified as strings.
3760
-s cnid_dbd pathname
3762
Use cnid_dbd pathname as the pathname of the executeable of the cnid_dbd
3763
daemon. The default is /usr/sbin/cnid_dbd.
3767
The number of cnid_dbd subprocecesses is currently limited to 128. This
3768
restriction will be lifted in the future.
3770
cnid_metad does not block or catch any signals apart from SIGPIPE. It will
3771
therefore exit on most signals received. This will also cause all instances of
3772
cnid_dbd's started by that cnid_metad to exit gracefully. Since state about and
3773
IPC access to the subprocesses is only maintained in memory by cnid_metad this
3774
is desired behaviour. As soon as cnid_metad is restarted afpd processes will
3775
transparently reconnect.
3779
cnid_dbd(8), afpd(8)
3781
-------------------------------------------------------------------------------
3785
getzones - list AppleTalk zone names
3789
getzones [ -m | -l ] [address]
3793
Getzones is used to obtain a list of AppleTalk zone names using the Zone
3794
Information Protocol (ZIP). It sends a GetZoneList request to an AppleTalk
3795
router. By default, it sends the request to the locally running atalkd(8).
3801
List the name of the local zone only; this is accomplished by sending a ZIP
3806
List the local zones; this is accomplished by sending a GetLocalZones
3811
Contact the AppleTalk router at address. address is parsed by atalk_aton
3816
atalk_aton(3), atalkd(8).
3818
-------------------------------------------------------------------------------
3822
megatron, unhex, unbin, unsingle, hqx2bin, single2bin, macbinary - Macintosh
3823
file format transformer
3827
megatron [sourcefile...]
3829
unbin [sourcefile...]
3831
unhex [sourcefile...]
3833
unsingle [sourcefile...]
3835
hqx2bin [sourcefile...]
3837
single2bin [sourcefile...]
3839
macbinary [sourcefile...]
3843
megatron is used to transform files from BinHex, MacBinary, AppleSingle, or
3844
netatalk style AppleDouble formats into MacBinary or netatalk style AppleDouble
3845
formats. The netatalk style AppleDouble format is the file format used by afpd,
3846
the netatalk Apple Filing Protocol (AppleShare) server. BinHex, MacBinary, and
3847
AppleSingle are commonly used formats for transferring Macintosh files between
3848
machines via email or file transfer protocols. megatron uses its name to
3849
determine what type of tranformation is being asked of it.
3851
If megatron is called as unhex , unbin or unsingle, it tries to convert file(s)
3852
from BinHex, MacBinary, or AppleSingle into AppleDouble format. BinHex is the
3853
format most often used to send Macintosh files by e-mail. Usually these files
3854
have an extension of ".hqx". MacBinary is the format most often used by
3855
terminal emulators "on the fly" when transferring Macintosh files in binary
3856
mode. MacBinary files often have an extension of ".bin". Some Macintosh
3857
LAN-based email packages use uuencoded AppleSingle format to "attach" or
3858
"enclose" files in email. AppleSingle files don't have a standard filename
3861
If megatron is called as hqx2bin, single2bin, or macbinary, it will try to
3862
convert the file(s) from BinHex, AppleSingle, or AppleDouble into MacBinary.
3863
This last translation may be useful in moving Macintosh files from your afpd
3864
server to some other machine when you can't copy them from the server using a
3865
Macintosh for some reason.
3867
If megatron is called with any other name, it uses the default translation,
3870
If no source file is given, or if sourcefile is `-', and if the conversion is
3871
from a BinHex or MacBinary file, megatron will read from standard input.
3873
The filename used to store any output file is the filename that is encoded in
3874
the source file. MacBinary files are created with a ".bin" extension. In the
3875
case of conflicts, the old file is overwritten!
3881
-------------------------------------------------------------------------------
3885
nbplkup, nbprgstr, nbpunrgstr - access NBP database
3889
nbplkup [-r maxresponses] [-A address] [-m maccodepage] nbpname
3891
nbprgstr [-A address] [-p port] [-m maccodepage] nbpname
3893
nbpunrgstr [-A address] [-m maccodepage] nbpname
3897
nbprgstr registers nbpname with atalkd(8), at the given port. nbpunrgstr
3898
informs atalkd that nbpname is no longer to be advertised.
3900
nbplkup displays up to maxresponses (default 1000) entities registered on the
3901
AppleTalk internet. nbpname is parsed by nbp_name(3). An `=' for the object or
3902
type matches anything, and an `*' for zone means the local zone. The default
3903
values are taken from the NBPLKUP environment variable, parsed as an nbpname.
3905
Environment Variables
3909
default nbpname for nbplkup
3913
the codepage used by the clients on the Appletalk network
3917
the codepage used to display extended characters on this shell.
3921
Find all devices of type LaserWriter in the local zone.
3923
example% nbplkup :LaserWriter
3924
Petoskey:LaserWriter 7942.129:218
3925
Gloucester:LaserWriter 8200.188:186
3926
Rahway:LaserWriter 7942.2:138
3927
517 Center:LaserWriter 7942.2:132
3928
ionia:LaserWriter 7942.2:136
3929
Evil DEC from Hell:LaserWriter 7942.2:130
3930
Hamtramck:LaserWriter 7942.2:134
3931
Iron Mountain :LaserWriter 7942.128:250
3936
nbp_name(3), atalkd(8).
3938
-------------------------------------------------------------------------------
3942
nbp_name - NBP name parsing
3957
nbp_name() parses user supplied names into their component object, type, and
3958
zone. obj, type, and zone should be passed by reference, and should point to
3959
the caller's default values. nbp_name() will change the pointers to the
3960
parsed-out values. name is of the form object:type@zone, where each of object,
3961
:type, and @zone replace obj, type, and zone, respectively. type must be
3962
proceeded by `:', and zone must be preceded by `@'.
3966
The argument of afpd(8)'s -n option is parsed with nbp_name(). The default
3967
value of obj is the first component of the machine's hostname (as returned by
3968
gethostbyname(3)). The default value of type is ``AFPServer'', and of zone is
3969
``*'', the default zone. To cause afpd to register itself in some zone other
3970
than the default, one would invoke it as
3972
afpd -n @some-other-zone
3974
obj and type would retain their default values.
3978
obj, type, and zone return pointers into static area which may be over-written
3981
-------------------------------------------------------------------------------
3985
netatalk.conf - Configuration file used by netatalk(8) to determine its general
3990
/etc/netatalk/netatalk.conf is the configuration file used by afpd to determine
3991
what portions of the file system will be shared via Appletalk, as well as their
3994
Any line not prefixed with # is interpreted. The configuration lines are
3999
The possible options and their meanings are:
4003
Sets the id of the guest user to a local user on the system.
4007
Sets the maximum number of clients that can simultaneously connect to the
4012
Enables the afpd daemon if set to "yes". This should be enabled if you are
4013
planning on using netatalk as a file server.
4017
Sets the default UAMs for afpd (and papd, if printer authentication is
4018
compiled in) to use.
4020
Example: AFPD_UAMLIST="-U uams_guest.so,uams_randnum.so"
4024
Enables the cnid_metad daemon if set to "yes". This should be enabled if
4025
you are going to use the dbd CNID backend.
4029
"yes" will set netatalk to initialize in the background, and "no" will
4030
cause normal initialization.
4034
Sets the machines' Appletalk name.
4038
Sets the machines' Appletalk zone.
4042
Enables the atalkd daemon if set to "yes". This should be enabled if you
4043
are planning on providing Appletalk services.
4047
Enables the papd daemon if set to "yes". This should be enabled if you are
4048
planning on using netatalk as a print server.
4052
Set the Mac client codepage, used by atalkd and papd to convert extended
4053
characters from the Unix to the Mac codepage.
4057
Set the Unix codepage, used by atalkd and papd to convert extended
4058
characters from the Unix to the Mac codepage. Has to match the codepage of
4059
the configuration files.
4063
atalkd(8), atalkd.conf(5)
4065
-------------------------------------------------------------------------------
4069
netatalk-config - script to get information about the installed version of
4074
netatalk-config [ --prefix [=DIR]] [ --exec_prefix [=DIR]] [--help] [--version]
4075
[--libs] [--libs-dirs] [--libs-names] [--cflags] [--macros]
4079
netatalk-config is a tool that is used to determine the compiler and linker
4080
flags that should be used to compile and link programs that use the netatalk
4085
netatalk-config accepts the following options:
4089
Print a short help for this command and exit.
4093
Print the currently installed version of netatalk on the standard output.
4097
Print the linker flags that are necessary to link against the netatalk
4102
Print only the -l/-R part of --libs.
4106
Print only the -l part of --libs.
4110
Print the compiler flags that are necessary to compile a program linked
4111
against the netatalk run-time libraries.
4115
Print the netatalk m4 directory.
4119
If specified, use PREFIX instead of the installation prefix that netatalk
4120
was built with when computing the output for the --cflags and --libs
4121
options. This option is also used for the exec prefix if --exec-prefix was
4122
not specified. This option must be specified before any --libs or --cflags
4125
--exec\_prefix=PREFIX
4127
If specified, use PREFIX instead of the installation exec prefix that
4128
netatalk was built with when computing the output for the --cflags and
4129
--libs options. This option must be specified before any --libs or --cflags
4134
Copyright � 1998 Owen Taylor
4136
Permission to use, copy, modify, and distribute this software and its
4137
documentation for any purpose and without fee is hereby granted, provided that
4138
the above copyright notice appear in all copies and that both that copyright
4139
notice and this permission notice appear in supporting documentation.
4141
Man page adapted for netatalk-config by Sebastian Rittau in 2001.
4143
-------------------------------------------------------------------------------
4147
pap - client interface to remote printers using Printer Access Protocol
4151
pap [ -A address ] [-c] [-d] [-e] [-E] [ -p nbpname ] [ -s statusfile ] [-w]
4156
pap is used to connect and send files to an AppleTalk connected printer using
4157
the Apple Printer Access Protocol (PAP). When pap starts execution, it tries to
4158
open a session with the printer using PAP, and then downloads the files to the
4161
If no files are given on the command line, pap begins reading from standard
4164
If no printer is specified on the command line, pap looks for a file called
4165
.paprc in the current working directory and reads it to obtain the nbpname of a
4166
printer. Blank lines and lines that begin with a `#' are ignored. type and zone
4167
default to LaserWriter and the zone of the local host, respectively.
4169
Note that pap is designed to be useful as a communication filter for sending
4170
lpd(8) spooled print jobs to AppleTalk connected printers. See psf(8) for hints
4171
on how to use it this way.
4177
Connect to the printer with Appletalk address address and do not consult
4178
the .paprc file to find a printer name. See atalk_aton(3) for the syntax of
4183
Take cuts. The PAP protocol specified a simple queuing procedure, such that
4184
the clients tell the printer how long they have been waiting to print. This
4185
option causes pap to lie about how long it has been waiting.
4189
Enable debug output.
4193
Send any message from the printer to stderr instead of stdout. psf(8)
4194
invokes pap with this option.
4198
Don't wait for EOF from the printer. This option is useful for printers
4199
which don't implement PAP correctly. In a correct implementation, the
4200
client side should wait for the printer to return EOF before closing the
4201
connection. Some clients don't wait, and hence some printers have related
4202
bugs in their implementation.
4206
Connect to the printer named nbpname and do not consult the .paprc file to
4207
find a printer name. See nbp_name(3) for the syntax of nbpname.
4211
Update the file called statusfile to contain the most recent status message
4212
from the printer. pap gets the status from the printer when it is waiting
4213
for the printer to process input. The statusfile will contain a single line
4214
terminated with a newline. This is useful when pap is invoked by psf(8)
4215
within lpd's spool directory.
4219
Wait for the printer status to contain the word "waiting" before sending
4220
the job. This is to defeat printer-side spool available on HP IV and V
4225
Wait for the printer status to contain the word "idle" before sending the
4226
job. This is to defeat printer-side spool available on HP IV and V
4233
file read to obtain printer name if not specified on command line
4237
nbp_name(3), atalk_aton(3), lpd(8), psf(8).
4239
-------------------------------------------------------------------------------
4243
papd - AppleTalk print server daemon
4247
papd [-d] [-f configfile] [-p printcap]
4251
papd is the AppleTalk printer daemon. This daemon accepts print jobs from
4252
AppleTalk clients (typically Macintosh computers) using the Printer Access
4253
Protocol (PAP). When used with System V printing systems, papd spools jobs
4254
directly into an lpd(8) spool directory and wakes up lpd after accepting a job
4255
from the network to have it re-examine the appropriate spool directory. The
4256
actual printing and spooling is handled entirely by lpd.
4258
papd can also pipe the print job to an external program for processing, and
4259
this is the preferred method on systems not using CUPS to avoid compatibility
4260
problems with all the flavours of lpd in use.
4262
As of version 2.0, CUPS is also supported. Simply using cupsautoadd as first
4263
papd.conf entry will share all CUPS printers automagically using the PPD files
4264
configured in CUPS. It ist still possible to overwrite these defaults by
4265
individually define printer shares. See papd.conf(5) for details.
4267
papd is typically started at boot time, out of system init scripts. It first
4268
reads from its configuration file, /etc/netatalk/papd.conf. The file is in the
4269
same format as /etc/printcap. See printcap(5) for details. The name of the
4270
entry is registered with NBP.
4272
The following options are supported:
4274
Name Type Default Description
4275
pd str '.ppd' Pathname to PPD file
4276
pr str 'lp' LPD or CUPS printer name (or pipe to a print command)
4277
op str 'operator' Operator name for LPD spooling
4278
au bool false Whether to do authenticated printing or not
4279
ca str NULL Pathname used for CAP-style authentification
4280
sp bool false PSSP-style authetication
4281
am str NULL UAMS to use for authentication
4282
pa str NULL Printer's AppleTalk address
4283
co str NULL CUPS options as supplied to the lp(1) command with "-o"
4284
fo bool false adjust lineending for foomatic-rip
4286
If no configuration file is given, the hostname of the machine is used as the
4287
NBP name and all options take their default value.
4293
Do not fork or disassociate from the terminal. Write some debugging
4294
information to stderr.
4298
Consult configfile instead of /etc/netatalk/papd.conf for the configuration
4303
Consult printcap instead of /etc/printcap for LPD configuration
4308
PSSP (Print Server Security Protocol) is an authentication protocol carried out
4309
through postscript printer queries to the print server. Using PSSP requires
4310
LaserWriter 8.6.1 or greater on the client mac. The user will be prompted to
4311
enter their username and password before they print. It may be necessary to
4312
re-setup the printer on each client the first time PSSP is enabled, so that the
4313
client can figure out that authentication is required to print. You can enable
4314
PSSP on a per-printer basis. PSSP is the recommended method of authenticating
4315
printers as it is more robust than CAP-style authentication, described below.
4317
CAP-style authentication gets its name from the method the CAP (Columbia
4318
APpletalk) package used to authenticate its mac clients' printing. This method
4319
requires that a user login to a file share before they print. afpd records the
4320
username in a temporary file named after the client's Appletalk address, and it
4321
deletes the temporary file when the user disconnects. Therefore CAP style
4322
authentification will not work for clients connected to afpd via TCP/IP. papd
4323
gets the username from the file with the same Appletalk address as the machine
4324
connecting to it. CAP-style authentication will work with any mac client. If
4325
both CAP and PSSP are enabled for a particular printer, CAP will be tried
4326
first, then papd will fall back to PSSP.
4328
The list of UAMs to use for authentication (specified with the 'am' option)
4329
applies to all printers. It is not possible to define different authentication
4330
methods on each printer. You can specify the list of UAMS multiple times, but
4331
only the last setting will be used. Currently only uams_guest.so and
4332
uams_clrtxt.so are supported as printer authentication methods. The guest
4333
method requires a valid username, but not a password. The Cleartext UAM
4334
requires both a valid username and the correct password.
4338
As of this writing, Mac OS X makes no use of PSSP authentication any longer.
4339
CAP-style authentication normally won't be an option, too caused by the use of
4340
AFP over TCP these days.
4344
/etc/netatalk/papd.conf
4346
Default configuration file.
4350
Printer capabilities database.
4354
PostScript Printer Description file. papd answers configuration and font
4355
queries from printing clients by consulting the configured PPD file. Such
4356
files are available for download from Adobe, Inc. (http://www.adobe.com/
4357
support/downloads/main.htm), or from the printer's manufacturer. If no PPD
4358
file is configured, papd will return the default answer, possibly causing
4359
the client to send excessively large jobs.
4363
papd accepts characters with the high bit set (a full 8-bits) from the clients,
4364
but some PostScript printers (including Apple Computer's LaserWriter family)
4365
only accept 7-bit characters on their serial interface by default. The same
4366
applies for some printers when they're accessed via TCP/IP methods (remote LPR
4367
or socket). You will need to configure your printer to accept a full 8 bits or
4368
take special precautions and convert the printjob's encoding (eg. by using co=
4369
"protocol=BCP" when using CUPS 1.1.19 or above).
4371
When printing clients run MacOS 10.2 or above, take care that PPDs do not make
4372
use of *cupsFilter: comments unless the appropriate filters are installed at
4373
the client's side, too (remember: Starting with 10.2 Apple chose to integrate
4374
CUPS into MacOS X). For in-depth information on how CUPS uses PPDs see chapter
4375
3.4 in http://tinyurl.com/zbxn).
4379
lpr(1),lprm(1),printcap(5),lpc(8),lpd(8), lp(1).
4381
-------------------------------------------------------------------------------
4385
papd.conf - Configuration file used by papd(8) to determine the configuration
4386
of printers used by the Netatalk printing daemon
4390
/etc/netatalk/papd.conf is the configuration file used by papd to configure the
4391
printing services offered by netatalk. Please note that papd must be enabled in
4392
/etc/netatalk/netatalk.conf for this to take any effect. papd shares the same
4393
defaults as lpd on many systems, but not Solaris.
4395
Any line not prefixed with # is interpreted. The configuration lines are
4398
printername:[options]
4400
On systems running a System V printing system the simplest case is to have
4401
either no papd.conf, or to have one that has no active lines. In this case,
4402
atalkd should auto-discover the local printers on the machine. Please note that
4403
you can split lines by using \\fR.
4405
printername may be just a name (Printer 1), or it may be a full name in
4406
nbp_name format (Printer 1:LaserWriter@My Zone).
4408
Systems using a BSD printing system should make use of a pipe to the printing
4409
command in question within the pr option (eg. pr=|/usr/bin/lpr -J%J -u%U).
4410
Note: When printing using a pipe, papd recognizes several wildcards: %F will be
4411
replaced by the name present in the "%%For:" comment in the PostScript stream,
4412
same with %J for the "%%Title:" comment. %U will be substituted with the login
4413
name (the latter applies only when authenticated printing is in effect).
4415
When CUPS support is compiled in, then cupsautoadd as the first entry in
4416
papd.conf will automagically share all CUPS printers by papd utilizing the PPDs
4417
assigned in CUPS (customizable -- see below). This can be overwritten for
4418
individal printers by subsequently adding individual entries using the CUPS
4419
queue name as pr entry. Note: CUPS support is mutually exclusive with System V
4420
support described above.
4422
The possible options are colon delimited (:), and lines must be terminated with
4423
colons. The possible options and flags are:
4427
The am option allows specific UAMs to be specified for a particular
4428
printer. It has no effect if the au flag is not present or if papd
4429
authentication was not built into netatalk. Note: possible values are
4430
uams_guest.so and uams_clrtxt.so only. The first method requires a valid
4431
username, but no password. The second requires both a valid username and
4432
the correct password.
4436
If present, this flag enables authentication for the printer. Please note
4437
that papd authentication must be built into netatalk for this to take
4442
The co option allows options to be passed through to CUPS (eg. co="protocol
4443
=TBCP" or co="raw").
4445
cupsautoadd[:type][@zone]
4447
If used as the first entry in papd.conf this will share all CUPS printers
4448
via papd. type/zone settings as well as other parameters assigned to this
4449
special printer share will apply to all CUPS printers. Unless the pd option
4450
is set, the CUPS PPDs will be used. To overwrite these global settings for
4451
individual printers simply add them subsequently to papd.conf and assign
4456
If present, this flag enables a hack to translate line endings originating
4457
from pre Mac OS X LaserWriter drivers to let foomatic-rip recognize
4458
foomatic PPD options set in the printer dialog. Attention: Use with caution
4459
since this might corrupt binary print jobs!
4463
This specifies the operator name, for lpd spooling.
4465
pa=(appletalk address)
4467
Allows specification of Appletalk addresses. Usually not needed.
4469
pd=(path to ppd file)
4471
Specifies a particular PPD (printer description file) to associate with the
4474
pr=(lpd/CUPS printer name or pipe command)
4476
Sets the lpd or CUPS printer that this is spooled to.
4480
Unless CUPS support has been compiled in (which is default from Netatalk 2.0
4481
on) one simply defines the lpd queue in question by setting the pr parameter to
4482
the queue name, in the following example "ps". If no pr parameter is set, the
4483
default printer will be used.
4485
Example 5.10. papd.conf System V printing system examples
4487
The first spooler is known by the AppleTalk name Mac Printer Spooler, and uses
4488
a PPD file located in /usr/share/lib/ppd. In addition, the user mcs will be the
4489
owner of all jobs that are spooled. The second spooler is known as HP Printer
4490
and all options are the default.
4492
Mac Printer Spooler:\
4494
:pd=/usr/share/lib/ppd/HPLJ_4M.PPD:\
4500
An alternative to the technique outlined above is to direct papd's output via a
4501
pipe into another program. Using this mechanism almost all printing systems can
4502
be driven. Netatalk supplies three "wildcards" that get substituted with values
4503
of the already printed job: %F, %U and %J. Using these wildcards, one can pass
4504
those parameters directly to programs or implement small wrapper scripts to
4505
call the printing system in question.
4507
Example 5.11. papd.conf examples using pipes
4509
The first spooler is known as HP 8100. It pipes the print job to /usr/bin/lpr
4510
for printing using the value of the %%Title: comment as job name. PSSP
4511
authenticated printing is enabled, as is CAP-style authenticated printing. Both
4512
methods support guest and cleartext authentication as specified by the 'am'
4513
option. The PPD used is /etc/atalk/ppds/hp8100.ppd. The second spooler is
4514
called "Dump PostScript" and uses a pipe to cat to send the raw PostScript code
4515
into the user's home directory into a file called like the printjob.
4518
:pr=|/usr/bin/lpr -Plp -J"%J":\
4521
:am=uams_guest.so,uams_pam.so:\
4522
:pd=/etc/atalk/ppds/hp8100.ppd:
4524
Dump PostScript:LaserWriter@Server:\
4525
:pr=|cat >/home/%U/%J-prn.out:\
4526
:pd=/usr/share/lib/ppd/mooralana.ppd:\
4530
Starting with Netatalk 2.0 direct CUPS integration is available. In this case,
4531
defining only a queue name as pr parameter won't invoke the SysV lpd daemon but
4532
uses CUPS instead. Unless a specific PPD has been assigned using the pd switch,
4533
the PPD configured in CUPS will be used by papd, too.
4535
There exists one special share named "cupsautoadd". If this is present as the
4536
first entry then all available CUPS queues will be served automagically using
4537
the parameters assigned to this global share. But subsequent printer
4538
definitions can be used to override these global settings for individual
4541
Example 5.12. papd.conf CUPS examples
4543
The first entry sets up automatic sharing of all CUPS printers. All those
4544
shares appear in the zone "1st floor" and since no additional settings have
4545
been made, they use the CUPS printer name as NBP name and use the PPD
4546
configured in CUPS. The second entry defines different settings for one single
4547
CUPS printer. It's NBP name is differing from the printer's name and the
4548
registration happens in another zone.
4550
cupsautoadd@1st floor:op=root:
4552
Boss' LaserWriter@2nd floor:\
4553
:pr=laserwriter-chief:
4557
papd(8), atalkd.conf(5), lpd(8), lpoptions(8)
4559
-------------------------------------------------------------------------------
4563
papstatus - get the status of an AppleTalk-connected printer
4567
/usr/sbin/papstatus [-d] [ -p printer ] [retrytime]
4571
papstatus is used to obtain the current status message from an AppleTalk
4572
connected printer. It uses the Printer Access Protocol (PAP) to obtain the
4575
If no printer is specified on the command line, papstatus looks for a file
4576
called .paprc in the current directory and reads it to obtain the name of a
4577
printer. The .paprc file should contain a single line of the form object:type@
4578
zone where each of object, :type, and @zone are optional. type and zone must be
4579
proceeded by `:' and `@' respectively. Blank lines and lines the begin with a `
4580
#' are ignored. type and zone default to LaserWriter and the zone of the local
4587
Turns on a debugging mode that prints some extra information to standard
4592
Get status from printer (do not consult any .paprc files to find a printer
4593
name). The syntax for printer is the same as discussed above for the .paprc
4598
Normally, papstatus only gets the status from the printer once. If
4599
retrytime is specified, the status is obtained repeatedly, with a sleep of
4600
retrytime seconds between inquiring the printer.
4606
file that contains printer name
4612
-------------------------------------------------------------------------------
4616
psf - PostScript filter
4620
psf [ -n name ] [ -h host ] [ -w width ] [ -l length ] [ -i indent ] [-c]
4624
psf is an lpd filter for PostScript printing. psf interprets the name it was
4625
called with to determine what filters to invoke. First, if the string ``pap''
4626
appears anywhere in the name, psf invokes pap to talk to a printer via
4627
AppleTalk. Next, if the string ``rev'' appears, psf invokes psorder to reverse
4628
the pages of the job. Finally, if psf was called with a filter's name as the
4629
leading string, it invokes that filter. If there is no filter to run, psf
4630
examines the magic number of the input, and if the input is not PostScript,
4631
converts it to PostScript.
4635
In the default configuration, psf supports two kludges. The first causes psf to
4636
check its name for the letter `m'. If this letter is found and accounting is
4637
turned on, psf calls pap twice, once to get an initial page count and to print
4638
the job, and another time to get a final page count. This is a work-around for
4639
bugs in a variety of PAP implementions that cause printers to never properly
4640
close the PAP output file. A notable example is any printer by Hewlett-Packard.
4642
The second kludge causes psf to examine its name for the letter `w'. If this
4643
letter is found and accounting is turned on, psf calls pap with the -w flag.
4644
This flag causes pap to wait until the printer's status contains the string
4645
`idle'. Once this string is found, the job is printed as normal. This kludge is
4646
a work-around for printers, notably Hewlett-Packard's LaserJet IV, which will
4647
report a page count while a previous jobs is still printing.
4651
The sample printcap entry below invokes psf to print text files, PostScript
4652
files, troff's C/A/T output, and TeX's DVI output, to an AppleTalk connected
4653
LaserWriter Plus. Since the LaserWriter Plus stacks pages in descending order,
4654
we reverse the pages and print the burst page last.
4657
laser|lp|LaserWriter Plus on AppleTalk:\
4658
:sd=/usr/spool/lpd/laser:\
4659
:lp=/usr/spool/lpd/laser/null:\
4660
:lf=/var/adm/lpd-errs:pw#80:hl:\
4661
:of=/usr/libexec/ofpap:\
4662
:if=/usr/libexec/ifpaprev:\
4663
:tf=/usr/libexec/tfpaprev:\
4664
:df=/usr/libexec/dfpaprev:
4666
Note that if the host in question spools to more than one AppleTalk printer, /
4667
dev/null should not be used for the lp capability. Instead, a null device
4668
should be created with mknod for each printer, as has been done above.
4670
Finally, there is a file in the spool directory, /var/spool/lpd/laser, called
4671
.paprc, which pap reads for the AppleTalk name of the printer.
4675
psorder(1), printcap(5), lpd(1), mknod(1), pap(1).
4677
-------------------------------------------------------------------------------
4681
psorder - PostScript pageorder filter
4685
psorder [-duf] sourcefile
4689
psorder is a filter that re-orders the pages of a PostScript document. The
4690
result is written to the standard output. By default, documents are processed
4691
into ascending order (the lowest numbered page is printed first). Some
4692
PostScript documents specify that the order of their pages should never be
4693
changed; the default action of psorder is to follow this specification.
4695
If no source file is given, or if sourcefile is `-', psorder reads from the
4696
standard input file.
4702
Re-order the pages of the document in downward or descending order. This is
4703
typically used to change the order of a document to be printed by a printer
4704
that stacks pages face-up, such as an Apple LaserWriter or LaserWriter
4709
Specifies forward order, and is the default. It is used to try and ensure
4710
the correct ordering when a document will be printed by a printer that
4711
stacks the pages face-down.
4715
Force psorder to re-order the pages, even if the document claims that its
4716
page order is not to be trifled with. This option should only be used
4717
experimentally, as it may cause documents to print incorrectly.
4723
-------------------------------------------------------------------------------
4727
timelord - Macintosh time server daemon
4733
timelord [-d] [-n filename]
4737
timelord is a simple time server for Macintosh computers that use the tardis
4744
Debug mode, i.e. don't disassociate from controlling TTY.
4748
Register this server as nbpname. This defaults to the hostname.
4750
-------------------------------------------------------------------------------
4754
timeout - Send a signal to a program after a certain time
4758
timeout [-s signal] seconds program [args]
4762
timeout executes a program (with arguments args) and sends a signal to it after
4763
a certain amount of seconds.
4769
Signal to send to the spawned process. This can be a numerical or symbolic
4770
ID. This defaults to TERM.
4774
timeout 10 pap foo.ps
4776
Execute "pap foo.ps" and send a SIGTERM if pap doesn't return after 10
4779
timeout -s HUP 60 sh
4781
Spawn a shell and send a hangup signal after one minute.
4783
timeout -s 9 10 evilprog
4785
Execute a program and KILL it if it doesn't quit after 10 seconds.
4787
-------------------------------------------------------------------------------
4791
uniconv - convert Netatalk volume encoding
4795
uniconv [-ndv] -c cnidbackend -f fromcode -t tocode [-m maccode] volumepath
4799
uniconv converts the volume encoding of volumepath from the fromcode to the
4806
CNID backend used on this volume, usually cdb or dbd. Should match the
4807
backend selected with afpd for this volume. If not specified, the default
4808
CNID backend `cdb' is used
4812
don't CAP encode leading dots (:2e), equivalent to usedots in
4813
AppleVolumes.default(5)
4817
encoding to convert from, use ASCII for CAP encoded volumes
4825
Macintosh client codepage, required for CAP encoded volumes. Defaults to
4830
`dry run', don't do any real changes
4834
volume encoding to convert to, e.g. UTF8
4838
verbose output, use twice for maximum logging.
4842
print version and exit
4846
Setting the wrong options might render your data unusable!!! Make sure you know
4847
what you are doing. Always backup your data first.
4849
It is *strongly* recommended to do a `dry run' first and to check the output
4850
for conversion errors.
4852
afpd(8) should not be running while you change the volume encoding. Remember to
4853
change volcodepage in AppleVolumes.default(5) to the new codepage, before
4856
USE AT YOUR OWN RISK!!!
4860
Netatalk provides internal support for UTF-8 (pre- and decomposed) and CAP. If
4861
you want to use other charsets, they must be provided by iconv(1)
4863
uniconv also knows iso-8859.adapted, an old style 1.x NLS widely used. This is
4864
only intended for upgrading old volumes, afpd(8) cannot handle iso-8859.adapted
4869
The CNID backends maintains name to ID mappings. If you change a filename
4870
outside afpd(8) (shell, samba), the CNID db, i.e. the DIDNAME index, gets
4871
inconsistent. Netatalk tries to recover from such inconsistencies as gracefully
4872
as possible. The mechanisms to resolve such inconsistencies may fail sometimes,
4873
though, as this is not an easy task to accomplish. I.e. if several names in the
4874
path to the file or directory have changed, things may go wrong.
4876
If you change a lot of filenames at once, chances are higher that the afpds
4877
fallback mechanisms fail, i.e. files will be assigned new IDs, even though the
4878
file hasn't changed. uniconv therefore updates the CNID entry for each file/
4879
directory directly after it changes the name to avoid inconsistencies. The two
4880
supported backends for volumes, dbd and cdb, use the same CNID db format.
4881
Therefore, you could use uniconv with cdb and afpd with dbd later.
4883
Warning: There must not be two processes opening the CNID database using
4884
different backends at once! If a volume is still opened with dbd (cnid_metad/
4885
cnid_dbd) and you start uniconv with cdb, the result will be a corrupted CNID
4886
database, as the two backends use different locking schemes. You might run into
4887
additional problems, e.g. if dbd is compiled with transactions, cdb will not
4888
update the transaction logs.
4890
In general, it is recommended to use the same backend for uniconv you are using
4895
convert 1.x CAP encoded volume to UTF-8, clients used MacRoman codepage,
4898
example% uniconv -c dbd -f ASCII -t UTF8 -m MAC_ROMAN /path/to/share
4900
convert iso8859-1 volume to UTF-8, cnidscheme is cdb:
4902
example% uniconv -c cdb -f ISO-8859-1 -t UTF8 -m MAC_ROMAN /path/to/share
4904
convert 1.x volume using iso8859-1 adapted NLS to CAP encoding:
4906
example% uniconv -f ISO-8859-ADAPTED -t ASCII -m MAC_ROMAN/path/to/share
4908
convert UTF-8 volume to CAP, for MacCyrillic clients:
4910
example% uniconv -f UTF8 -t ASCII -m MAC_CYRILLIC /path/to/share
4914
AppleVolumes.default(5),afpd(8),iconv(1),cnid_metad(8),cnid_dbd(8)
4920
2-Way Randnum exchange
4922
"2-Way Randnum exchange" UAM, UAMs supported by Netatalk
4927
acleandir, acleandir
4930
AppleDouble v1, Volumes and filenames
4934
AppleDouble v2, CNID backends, Volumes and filenames
4939
Apple Echo Protocol, aecho, atalkd
4944
Apple Filing Protocol, File Services
4946
afpd, Starting and stopping Netatalk, afpd
4947
afpd.conf, afpd.conf
4948
AFPD_GUEST, netatalk.conf
4949
AFPD_MAX_CLIENTS, netatalk.conf
4950
AFPD_RUN, netatalk.conf
4951
AFPD_UAM_LIST, netatalk.conf
4952
afppasswd, afppasswd
4955
"AFS Kerberos" UAM (Kerberos IV), UAMs supported by Netatalk
4959
NIC multicast settings, atalkd.conf
4963
.AppleDB CNID database store, How to upgrade if no persistent CNID storage
4965
CNID database folder, CNID backends
4969
Synonym for an AFP server, Setting up the AFP file server
4973
The AppleTalk protocol suite, Appletalk
4975
AppleVolumes.default, AppleVolumes.default
4981
afpd's unixcodepage setting, afpd and character sets
4982
afpd's volcharset setting, Compatibility with earlier versions
4983
American Standard Code for Information Interchange, Why Unicode?
4985
asip-status.pl, asip-status.pl
4987
atalkd, Starting and stopping Netatalk, atalkd
4988
atalkd.conf, atalkd.conf
4989
ATALKD_RUN, netatalk.conf
4990
atalk_aton, atalk_aton
4991
ATALK_BGROUND, netatalk.conf
4992
ATALK_MAC_CHARSET, netatalk.conf
4993
ATALK_NAME, netatalk.conf
4994
ATALK_UNIX_CHARSET, netatalk.conf
4995
ATALK_ZONE, netatalk.conf
4996
authenticated printing, Using pipes with papd, Notes
4999
between AFP client and server, Authentication
5005
CNID backend, CNID backends
5006
CUPS backend, Using AppleTalk printers
5010
Berkeley DB, Required third party software
5016
Columbia AppleTalk Package, Volumes and filenames
5020
CAP style character encoding, afpd and character sets
5022
CAP-style authentication
5024
old-style printing authentication, Notes
5028
"cdb" CNID backend, cdb, Choosing a CNID storage scheme
5032
character set, Charsets/Unicode
5036
"Cleartxt Passwrd" UAM, UAMs supported by Netatalk
5040
"Client Krb v2" UAM (Kerberos V), UAMs supported by Netatalk
5044
Catalog Node ID, CNID backends, Choosing a CNID storage scheme
5046
CNID backend, CNID backends, cnid_dbd, cnid_index
5049
specifying a CNID backend, CNID backends, Choosing a CNID storage scheme,
5050
AppleVolumes.default
5053
cnid_index, cnid_index
5054
cnid_metad, Starting and stopping Netatalk, cnid_metad
5056
dbd CNID database daemon, Choosing a CNID storage scheme
5058
CNID_METAD_RUN, netatalk.conf
5059
Codepage, Why Unicode?
5062
Compiling Netatalk from Source, Compiling Netatalk
5066
Common Unix Printing System, Setting up the PAP print server
5070
Concurrent Versioning System, Anonymous CVS
5076
"dbd" CNID backend, dbd, Choosing a CNID storage scheme
5080
Datagram Delivery Protocol, Transport Options
5084
Debian package, Binary packages
5088
Decomposed Unicode normalization, character sets used by Apple
5092
"DHCAST128" UAM, UAMs supported by Netatalk
5096
Directory ID, CNID backends
5102
File ID, CNID backends
5106
Netatalk's File Services, File Services
5120
iconv encoding conversion engine, afpd and character sets
5124
Internet Engineering Task Force, Optional third party software
5128
afpd's volcharset setting, Charset options
5132
afpd's volcharset setting, Charset options
5138
"Kerberos IV" UAM, UAMs supported by Netatalk
5142
"Client Krb v2" UAM, Which UAMs to activate?
5148
"last" CNID backend, last, Choosing a CNID storage scheme
5152
System V line printer daemon, Setting up the PAP print server
5156
Remote Line Printer Protocol, Printing
5160
BSD lpd/lpr daemon, Setting up the PAP print server
5164
LPR Next Generation, Setting up the PAP print server
5171
afpd's maccodepage setting, afpd and character sets
5175
MacRoman charset, Why Unicode?
5183
Name Binding Protocol, Transport Options, atalkd
5190
Nested volumes, CNID backends
5193
AppleTalk net-range, Routing
5195
netatalk-config, netatalk-config
5196
netatalk.conf, Starting and stopping Netatalk, netatalk.conf
5199
Network File System, CNID backends, cnid_dbd
5203
Native Language Support, Volumes and filenames
5207
"No User Authent" UAM (guest access), UAMs supported by Netatalk
5211
Network Time Protocol, Using Netatalk as a time server for Macintoshes
5215
page accounting, Using AppleTalk printers
5218
Pluggable Authentication Modules, Optional third party software
5222
Mac OS X 10.3, Setting up the AFP file server
5226
Printer Access Protocol, Printing
5229
papd, Starting and stopping Netatalk, papd
5230
papd.conf, papd.conf
5231
PAPD_RUN, Starting and stopping Netatalk, netatalk.conf
5232
papstatus, papstatus
5235
"PGPuam 1.0" UAM, UAMs supported by Netatalk
5239
AppleTalk phase 1 or 2, atalkd, atalkd.conf
5243
FreeBSD port, Binary packages
5247
PostScript Printer Description file, Setting up the PAP print server
5251
Precomposed Unicode normalization, character sets used by Apple
5258
Print Server Security Protocol, Notes
5264
Disk usage quotas, CNID backends
5270
"Randnum exchange" UAM, UAMs supported by Netatalk
5274
AppleTalk router, atalkd acting as an AppleTalk router
5278
Red Hat Package Manager package, Binary packages
5282
Routing Table Maintainance Protocol, atalkd
5286
Samba, character sets used by Apple
5287
single2bin, megatron
5290
Service Location Protocol, Optional third party software, Transport Options
5294
startup script, Starting and stopping Netatalk, netatalk.conf
5298
Sun Microsystems, Optional third party software
5302
Unix softlink, CNID backends
5306
Time Services, Time Services
5309
AppleTalk time server, Time Services
5311
timelord, Using Netatalk as a time server for Macintoshes, Starting and
5312
stopping Netatalk, timelord
5319
User Authentication Module, AFP authentication basics, afppasswd, papd
5323
"Cleartxt Passwrd" UAM, Netatalk UAM overview table
5327
"DHCAST128" UAM, Netatalk UAM overview table
5331
"Client Krb v2" UAM (Kerberos V), Netatalk UAM overview table
5335
"No User Authent" UAM (guest access), Netatalk UAM overview table
5339
"Kerberos IV" UAM, UAMs supported by Netatalk
5343
"PGPuam 1.0" UAM, UAMs supported by Netatalk
5347
"(2-Way) Randnum exchange" UAM, Netatalk UAM overview table
5351
Unicode, Charsets/Unicode
5355
afpd's unixcodepage setting, afpd and character sets
5360
afpd's volcharset setting, Charset options
5361
Netatalk's precomposed UTF-8 encoding, character sets used by Apple
5365
afpd's volcharset setting, Charset options
5366
Netatalk's decomposed UTF-8 encoding, character sets used by Apple
5372
afpd's volcharset setting, afpd and character sets
5378
Zone Information Protocol, atalkd