« back to all changes in this revision
Viewing changes to doc/Netatalk-Manual.txt
- browse files at revision 4
- compare with another revision
- download diff
- download tarball
- view history from revision 4
- Committer: Bazaar Package Importer
- Author(s): Ante Karamatic
- Date: 2005-10-07 13:46:11 UTC
- mfrom: (1.1.2 upstream) (2.1.1 sarge)
- Revision ID: james.westby@ubuntu.com-20051007134611-r07qa2g67xwkp2if
Tags: 2.0.3-1ubuntu1
* debian/netatalk.init
- run cnid_metad if CNID_METAD_RUN=yes
- run cnid_metad if CNID_METAD_RUN=yes
- files added:
- bin/cnid/cnid2_create.in
- bin/uniconv
- contrib/a2boot
- contrib/patches
- distrib/debian
- distrib/debian/logcheck
- distrib/debian/patches
- distrib/rpm
- doc/htmldocs
- etc/cnid_dbd
- libatalk/cnid/cdb
- libatalk/cnid/db3
- libatalk/cnid/dbd
- libatalk/cnid/hash
- libatalk/cnid/last
- libatalk/cnid/mtab
- libatalk/cnid/qdbm
- libatalk/cnid/tdb
- libatalk/pap
- libatalk/tdb
- libatalk/unicode
- libatalk/unicode/charsets
- libatalk/util/test
- files removed:
- ChangeLog
- etc/afpd/nls
- files modified:
- CONTRIBUTORS
added
removed
doc/Netatalk-Manual.txt
1
Netatalk 2.0 Manual
2
3
2.0.3
4
5
-------------------------------------------------------------------------------
6
7
Table of Contents
8
9
Legal Notice
10
1. Introduction to Netatalk
11
2. Installation
12
13
How to obtain Netatalk
14
15
Binary packages
16
Source packages
17
18
Compiling Netatalk
19
20
Prerequisites
21
Compiling Netatalk
22
Compiling a new Berkeley DB for Netatalk
23
24
3. Setting up Netatalk
25
26
Appletalk
27
28
To use AppleTalk or not
29
No AppleTalk routing
30
atalkd acting as an AppleTalk router
31
32
File Services
33
34
Setting up the AFP file server
35
CNID backends
36
Charsets/Unicode
37
Authentication
38
39
Printing
40
41
Setting up the PAP print server
42
Using AppleTalk printers
43
44
Time Services
45
46
Using Netatalk as a time server for Macintoshes
47
48
Starting and stopping Netatalk
49
50
4. Upgrading from a previous version of Netatalk
51
52
Overview
53
Volumes and filenames
54
55
How to upgrade a volume to 2.0
56
How to use a 1.x CAP encoded volume with 2.0
57
How to use a 1.x NLS volume with 2.0
58
59
Choosing a CNID storage scheme
60
61
How to upgrade if no persistent CNID storage was used
62
How to upgrade if a persistent CNID storage scheme was used
63
How to upgrade if a persistent CNID storage scheme was used, the brute
64
force approach
65
66
Setting up a test server on the same machine
67
68
Setting up an empty test share
69
Duplicating an already existing share
70
Configuring and running the test afpd
71
72
5. Manual Pages
73
Index
74
75
List of Tables
76
77
3.1. Netatalk UAM overview
78
79
List of Examples
80
81
3.1. atalkd.conf containing one entry
82
3.2. atalkd.conf containing one entry after atalkd started
83
3.3. atalkd.conf containing several entries with the -dontroute option
84
3.4. atalkd.conf containing several entries with the -dontroute option after
85
atalkd started
86
3.5. atalkd.conf making netatalk a seed router on two interfaces
87
3.6. atalkd.conf configured for "zone mapping"
88
3.7. atalkd.conf for a soft-seed router configuration
89
3.8. atalkd.conf for a soft-seed router configuration after atalkd started
90
3.9. atalkd.conf ready for mixed seed/soft-seed mode
91
3.10. pap printing to a PostScript LaserWriter
92
3.11. pap printing to a non-PostScript printer
93
5.1. Three server definitions using 2 different server signatures
94
5.2. Some ways to change afpd's logging behaviour via -[un]setuplog
95
5.3. afpd.conf default configuration
96
5.4. afpd.conf MacCyrillic setup / UTF8 unix locale
97
5.5. afpd.conf setup for Kerberos V auth
98
5.6. afpd.conf letting afpd appear as three servers on the net
99
5.7. Using variable substitution when defining volumes
100
5.8. use a 1.x style volume
101
5.9. use a 1.x style volume, created with maccode.iso8859-1
102
5.10. papd.conf System V printing system examples
103
5.11. papd.conf examples using pipes
104
5.12. papd.conf CUPS examples
105
106
Legal Notice
107
108
This documentation is distributed under the GNU General Public License (GPL)
109
version 2. A copy of the license is included in this documentation, as well as
110
within the Netatalk source distribution. An on-line copy can be found at http:/
111
/www.fsf.org/licenses/gpl.txt
112
113
Chapter 1. Introduction to Netatalk
114
115
Netatalk is an OpenSource software package, that can be used to turn an
116
inexpensive *NIX machine into an extremely performant and reliable file and
117
print server for Macintosh computers.
118
119
Using Netatalk's AFP 3.1 compliant file-server leads to significantly higher
120
transmission speeds compared with Macs accessing a server via SaMBa/NFS while
121
providing clients with the best possible user experience (full support for
122
Macintosh metadata, flawlessly supporting mixed environments of classic MacOS
123
and MacOS X clients)
124
125
Due to Netatalk speaking AppleTalk, the print-server task can provide printing
126
clients with full AppleTalk support as well as the server itself with printing
127
capabilities for AppleTalk-only printers. Starting with version 2.0, Netatalk
128
seamlessly interacts with CUPS on the server.
129
130
After all, Netatalk can be used to act as an AppleTalk router, providing both
131
segmentation and zone names in Macintosh networks.
132
133
Chapter 2. Installation
134
135
Table of Contents
136
137
How to obtain Netatalk
138
139
Binary packages
140
Source packages
141
142
Compiling Netatalk
143
144
Prerequisites
145
Compiling Netatalk
146
Compiling a new Berkeley DB for Netatalk
147
148
Warning
149
150
If you have previously used an older version of Netatalk, please read the
151
chapter about upgrading first !!!
152
153
How to obtain Netatalk
154
155
Please have a look at the netatalk page on sourceforge for the most recent
156
informations on this issue.
157
158
http://sourceforge.net/projects/netatalk/
159
160
Binary packages
161
162
Binary packages of Netatalk are included in some Linux and UNIX distributions.
163
You might want to have a look at the usual locations, too (http://rpmfind.net/,
164
http://packages.debian.org/, http://www.blastwave.org/ http://www.freebsd.org/
165
ports/index.html, etc.)
166
167
Source packages
168
169
Tarballs
170
171
Prepacked tarballs in .tar.gz and tar.bz2 format are available on the netatalk
172
page on sourceforge
173
174
Anonymous CVS
175
176
Downloading of the CVS source can be done quickly and easily.
177
178
1. Make sure you have cvs installed. which cvs should produce a path to cvs.
179
180
$> which cvs
181
/usr/bin/cvs
182
2. If you don't have one make a source directory. cd to this directory.
183
184
$> mkdir /path/to/new/source/dir
185
$> cd /path/to/new/source/dir
186
3. Authenticate yourself with cvs. Just hit enter for the password for the
187
anonymous user.
188
189
$> cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/netatalk login
190
Logging in to :pserver:anonymous@cvs.sourceforge.net:2401/cvsroot/netatalk
191
CVS password: [Enter]
192
4. Now get the source:
193
194
$> cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/netatalk
195
-r branch-netatalk-2-0 co netatalk
196
cvs server: Updating netatalk
197
U netatalk/.cvsignore
198
U netatalk/CONTRIBUTORS
199
U netatalk/COPYING
200
...
201
202
This will create a local directory called "netatalk" and downloads a
203
complete and fresh copy of the netatalk source from the CVS repository.
204
205
5. Now cd to the netatalk directory and run ./autogen.sh. This will create the
206
configure script required in the next step.
207
208
$> ./autogen.sh
209
210
Compiling Netatalk
211
212
Prerequisites
213
214
System requirements
215
216
Your system needs to meet the following requirements:
217
218
* A C compiler, Netatalk compiles fine with gcc > 2.7.95
219
220
To be able to compile with AFP3 support, your system has to support large files
221
(>2GB).
222
223
Note
224
225
On linux systems glibc > 2.2 is required.
226
227
Required third party software
228
229
Netatalk makes use of sleepycats' Berkeley DB. At the time of writing, the
230
following versions are supported:
231
232
* 4.1.25
233
234
* 4.2.52 (recommended)
235
236
In case Berkeley DB is not installed on your system, please download it from:
237
238
http://www.sleepycat.com/download/db/index.shtml
239
240
and follow the installation instructions.
241
242
Optional third party software
243
244
Netatalk can use the following third party software to enhance it's
245
functionality.
246
247
* OpenSSL (recommended)
248
249
OpenSSL is required for encrypted passwords. Without it, the password will
250
be sent over the network in clear text.
251
252
* TCP wrappers
253
254
Wietse Venema's network logger, also known as TCPD or LOG_TCP.
255
256
Security options are: access control per host, domain and/or service;
257
detection of host name spoofing or host address spoofing; booby traps to
258
implement an early-warning system.
259
260
TCP Wrappers can be downloaded from: ftp://ftp.porcupine.org/pub/security/
261
262
* PAM
263
264
PAM provides a flexible mechanism for authenticating users. PAM was
265
invented by SUN Microsystems. Linux-PAM is a suite of shared libraries that
266
enable the local system administrator to choose how applications
267
authenticate users.
268
269
You can get the Linux PAM documentation and sources from http://
270
www.kernel.org/pub/linux/libs/pam/.
271
272
* OpenSLP
273
274
SLP (Service Location Protocol) is an IETF standards track protocol that
275
provides a framework to allow networking applications to discover the
276
existence, location, and configuration of networked services in enterprise
277
networks.
278
279
Mac OS X uses it to locate AFP servers, even though newer version prefer
280
Rendezvous.
281
282
You can download OpenSLP from: http://www.openslp.org/.
283
284
* iconv
285
286
iconv provides conversion routines for many character encodings. Netatalk
287
uses it to provide charsets it does not have built in conversions for, like
288
ISO-8859-1. On glibc systems, Netatalk can use the glibc provided iconv
289
implementation. Otherwise you can use the GNU libiconv implementation.
290
291
You can download GNU libiconv from: http://www.gnu.org/software/libiconv/.
292
293
Compiling Netatalk
294
295
Configuring the build
296
297
To build the binaries, first run the program ./configure in the source
298
directory. This should automatically configure Netatalk for your operating
299
system. If you have unusual needs, then you may wish to run
300
301
$> ./configure --help
302
303
to see what special options you can enable.
304
305
The most used configure options are:
306
307
* --enable-[redhat/suse/cobalt/netbsd/fhs]
308
309
This option helps netatalk to determine where to install the start scripts.
310
311
* --with-bdb=/path/to/bdb/installation/
312
313
In case you installed Berkeley DB in a non-standard location, you will have
314
to give the install location to netatalk, using this switch.
315
316
Now run configure with any options you need
317
318
$> ./configure [arguments] [--with-bdb=/bdb/install/path]
319
320
Configure will end up in an overview showing the settings the Netatalk
321
Makefiles have been created with.
322
323
If this step fails please visit the troubleshooting guide.
324
325
Note
326
327
With recent RedHat releases, Berkeley DB links to libpthread. Netatalk does not
328
link to libpthread, so detection of Berkeley DB fails when running configure.
329
It's recommended to (re)compile Berkeley DB with --with-mutex="x86/
330
gcc-assembly" (on x86 platforms) to disable the use of libpthread.
331
Alternatively you could use
332
333
$> LIBS="-lpthread" ./configure [arguments]
334
335
to trick Netatalk into linking to libpthread. However, this is not recommended,
336
as there have been some trouble reports indicating that linking to libpthread
337
badly damages performance.
338
339
Next, running
340
341
$> make
342
343
should produce the Netatalk binaries (this step can take several minutes to
344
complete).
345
346
When the process finished you can use
347
348
$> make install
349
350
to install the binaries and documentation (must be done as "root" when using
351
default locations).
352
353
Compiling a new Berkeley DB for Netatalk
354
355
Netatalk 2.0 requires Berkeley DB version 4.1.25 or newer. Even if you already
356
have a supported version of Berkeley DB installed on your system, there are
357
several reasons, why you might still want to consider building a new version
358
for Netatalk.
359
360
Many linux distributions provide a precompiled Berkeley DB version. This is
361
usually nice, but also has one major drawback: If you update your system to a
362
newer release, the installed version of Berkeley DB may change. This can lead
363
to a number of problems, starting with strange behaviour of Netatalk,
364
unreadable CNID Databases. Most likely Netatalk(afpd) won't start anymore, so
365
you'll have to recompile Netatalk.
366
367
For instructions compiling Berkeley DB, you should generally refer to the
368
documentation provided by Sleepycat. The following information is meant to help
369
you avoid problems, users experienced in the past.
370
371
In case you are building on a recent RedHat release, please use --with-mutex=
372
"x86/gcc-assembly" on x86 platforms to prevent Berkeley DB from linking against
373
libpthread.
374
375
Using a statically linked Berkeley DB
376
377
To link Netatalk statically to Berkeley DB, you have to disable shared
378
libraries when building Berkeley DB. If shared libraries exist, Netatalk will
379
always link to them, even if a static version exists in the same location.
380
381
root# cd build_unix
382
root# ../dist/configure --prefix=/install/path --disable-shared
383
root# make
384
root# make install
385
386
You should now continue with building Netatalk.
387
388
Using a dynamically linked Berkeley DB
389
390
Building a shared version of Berkeley DB is rather straightforward. However,
391
especially under Linux, some care needs to be taken. Underlying system
392
libraries, i.e. libnss_db, might be using Berkeley DB as well. As these
393
libraries have likely been build with another, i.e. older, version of Berkeley
394
DB, linking afpd to a newer version can lead to unexpected results.
395
396
You need to configure Berkeley DB with the --with-uniquename configure switch
397
to avoid these kind of problems. This insures your new version will not
398
interfere with another installation of Berkeley DB on your system.
399
400
root# cd build_unix
401
root# ../dist/configure --prefix=/install/path --with-uniquename
402
root# make
403
root# make install
404
405
If you select an install path other than /usr/local, you will have to configure
406
your linker to look for libraries in this directory.
407
408
On many operating systems, this is done by adding a new entry to /etc/
409
ld.so.conf.
410
411
root# echo /install/path/lib >/etc/ld.so.conf
412
root# ldconfig
413
414
You should now continue with building Netatalk.
415
416
Chapter 3. Setting up Netatalk
417
418
Table of Contents
419
420
Appletalk
421
422
To use AppleTalk or not
423
No AppleTalk routing
424
atalkd acting as an AppleTalk router
425
426
File Services
427
428
Setting up the AFP file server
429
CNID backends
430
Charsets/Unicode
431
Authentication
432
433
Printing
434
435
Setting up the PAP print server
436
Using AppleTalk printers
437
438
Time Services
439
440
Using Netatalk as a time server for Macintoshes
441
442
Starting and stopping Netatalk
443
444
Appletalk
445
446
AppleTalk, the network protocol family founded by Apple, contains different
447
protocols for different uses (address resolution, address/name mapping, service
448
location, establishing connections, and the like)
449
450
A complete overview can be found inside the developer documentation.
451
452
To use AppleTalk or not
453
454
You'll need the AppleTalk support built into netatalk in case you want to
455
provide printing services via PAP by papd(8) or file services via AppleTalk via
456
afpd(8) for older AFP clients not capable of using AFP over TCP. You'll need it
457
also, if you want to use the deprecated AppleTalk-based timeserver timelord(8)
458
for older Mac clients.
459
460
But even if you don't need PAP or AFP over AppleTalk, you might consider using
461
AppleTalk for service propagation/location, having the ease of use for your
462
network clients in mind. The Apple engineers implemented a way to easily locate
463
an AFP server via AppleTalk but establishing the AFP connection itself via AFP
464
over TCP (see the developer documentation for details on this cool feature,
465
too).
466
467
To use the different base AppleTalk protocols with netatalk, one has to use
468
atalkd(8). It can also be used as an AppleTalk router to connect different
469
independent network segments to each other.
470
471
To use AppleTalk/atalkd, your system has to have kernel support for AppleTalk.
472
On some systems supported by netatalk, this isn't currently true (notably
473
True64 Unix) so you can use only netatalk services that do not rely on
474
AppleTalk (which means "AFP over TCP" and requires the -noddp switch in
475
afpd.conf).
476
477
No AppleTalk routing
478
479
This is the most simple form, you can use AppleTalk with netatalk. In case, you
480
have only one network interface up and running, you haven't to deal with
481
atalkd's config at all: atalkd will use AppleTalk's self-configuration features
482
to get an AppleTalk address and to register itself in the network
483
automagically.
484
485
In case, you have more than one active network interface, you have to make a
486
decision:
487
488
* Using only one interface: Just add the interface name (en1, le0, eth2, ...
489
for example) to atalkd.conf on a single line. Do only list one interface
490
here.
491
492
Example 3.1. atalkd.conf containing one entry
493
494
eth0
495
496
Appletalk networking should be enabled on eth0 interface. All the necessary
497
configuration will be fetched from the network
498
499
At startup time, atalkd will add the real settings (address and network and
500
eventually a zone) to atalkd.conf on its own
501
502
Example 3.2. atalkd.conf containing one entry after atalkd started
503
504
eth0 -phase 2 -net 0-65534 -addr 65280.166
505
506
atalkd filled in the AppleTalk settings that apply to this network segment.
507
A netrange of 0-65534 indicates that there is no AppleTalk router present,
508
so atalkd will fetch an address that matches the following criteria:
509
netrange from inside the so called "startup range" 65280-65533 and a node
510
address between 142 and 255.
511
512
* When using several interfaces you have to add them line by line following
513
the "-dontroute" switch in atalkd.conf.
514
515
Example 3.3. atalkd.conf containing several entries with the -dontroute
516
option
517
518
eth0 -dontroute
519
eth1 -dontroute
520
eth2 -dontroute
521
522
Appletalk networking should be enabled on all three interfaces, but no
523
routing should be done between the different segments. Again, all the
524
necessary configuration will be fetched from the connected networks.
525
526
Example 3.4. atalkd.conf containing several entries with the -dontroute
527
option after atalkd started
528
529
eth0 -dontroute -phase 2 -net 0-65534 -addr 65280.152
530
eth1 -dontroute -phase 2 -net 0-65534 -addr 65280.208
531
eth2 -dontroute -phase 2 -net 1-1000 -addr 10.142 -zone "Printers"
532
533
On eth0 and eth1, there are no other routers present, so atalkd chooses an
534
address from within the startup range. But on eth2 there lives an already
535
connected AppleTalk router, publishing one zone called "Printers" and
536
forcing clients to assign themselves an address in a netrange between 1 and
537
1000.
538
539
In this case, atalkd will handle each interface as it would be the only
540
active one. This can have some side effects when it comes to the point
541
where AFP clients want to do the magic switch from AppleTalk to TCP, so use
542
this with caution.
543
544
In case, you have more than one active network interface and do not take
545
special precautions as outlined above, then autoconfiguration of the interfaces
546
might fail in a situation where one of your network interfaces is connected to
547
a network where no other active AppleTalk router is present and supplies
548
appropriate routing settings.
549
550
For further information see atalkd.conf(5) and the developer documentation.
551
552
atalkd acting as an AppleTalk router
553
554
There exist several types of AppleTalk routers: seed, non-seed and so called
555
soft-seed routers.
556
557
* A seed router has its own configuration and publishes this into the network
558
segments it is configured for.
559
560
* A non-seed router needs a seed router on the interface to which it is
561
connected to learn the network configuration. So this type of AppleTalk
562
router can work completely without manual configuration.
563
564
* A so called soft-seed router is exactly the same as a non-seed router
565
except the fact, that it can also remember the configuration of a seed
566
router and act as a replacement in case, the real seed router disappears
567
from the net.
568
569
Netatalk's atalkd can act as both a seed and a soft-seed router, even in a
570
mixed mode, where it acts on one interface in this way and on the other in
571
another.
572
573
If you leave your atalkd.conf completely empty or simply add all active
574
interfaces line by line without using seed settings (atalkd will act
575
identically in both cases), then atalkd is forced to act as a soft-seed router
576
on each interface, so it will fail on the first interface, where no seed router
577
is accessible to fetch routing information from.
578
579
In this case, other services, that depend on atalkd, might also fail.
580
581
So you should have atalkd act as a seed router on one or all active interfaces.
582
A seed router has to supply informations about:
583
584
* The specific netrange on this segment
585
586
* Its own AppleTalk address
587
588
* The zones (one to many) available in this segment
589
590
* The so called "default zone" for this segment
591
592
Warning
593
594
Unless you are the network admin yourself, consider asking her/him before
595
changing anything related to AppleTalk routing, as changing these settings
596
might have side effects for all of your AppleTalk network clients!
597
598
In an AppleTalk network netranges have to be unique and must not overlap each
599
other. Fortunately netatalk's atalkd is polite enough to check whether your
600
settings are in conflict with already existing ones on the net. In such a case
601
it simply discards your settings and tries to adapt the already established
602
ones on the net (if in doubt, always check syslog for details).
603
604
Netranges, you can use, include pretty small ones, eg. 42-42, to very large
605
ones, eg. 1-65279 - the latter one representing the maximum. In routed
606
environments you can use any numbers in the range between 1 and 65279 unless
607
they do not overlap with settings of other connected subnets.
608
609
The own AppleTalk address consists of a net part and a node part (the former 16
610
bit, the latter 8 bit, for example 12057.143). Apple recommends using node
611
addresses of 128 or above for servers, letting client Macs assign themselves an
612
address faster (as they will primarily search for a node address within 1-127
613
in the supplied netrange). As we don't want to get in conflict with Apple
614
servers, we prefer using node addresses of 142 or above.
615
616
AppleTalk zones have nothing to do with physical networks. They're just a hint
617
for your client's convenience, letting them locate network resources in a more
618
comfortable/faster way. You can either use one zone name across multiple
619
physical segments as well as more than one zone name on a single segment (and
620
various combinations of this).
621
622
So all you have to do is to draw a network chart containing the physical
623
segments, the netranges you want to assign to each one, the zone names you want
624
to publish in which segments and the default zone per segment (this is always
625
the first zone name, you supply with the "-zone" switch in atalkd.conf).
626
627
Given, you finished the steps outlined above, you might want to edit
628
atalkd.conf to fit your needs.
629
630
You'll have to set the following options in atalkd.conf:
631
632
* -net (use reasonable values between 1-65279 for each interface)
633
634
In case, this value is suppressed but -addr is present, the netrange from
635
this specific address will be used
636
637
* -addr (the net part must match the -net settings if present, the node
638
address should be between 142 and 255)
639
640
* -zone (can be used multiple times in one single line, the first entry is
641
the default zone)
642
643
Note that you are able to set up "zone mapping", that means publishing exactly
644
the same zone name on all AppleTalk segments, as well as providing more than
645
one single zone name per interface. Dumb AppleTalk devices, like LaserWriters,
646
will always register themselves in the default zone (the first zone entry you
647
use in atalkd.conf per interface), more intelligent ones will have the ability
648
to choose one specific zone via a user interface.
649
650
Example 3.5. atalkd.conf making netatalk a seed router on two interfaces
651
652
eth0 -seed -phase 2 -net 1-1000 -addr 1000.142 -zone "Printers" -zone "Spoolers"
653
eth1 -seed -phase 2 -net 1001-2000 -addr 2000.142 -zone "Macs" -zone "Servers"
654
655
The settings for eth0 force AppleTalk devices within the connected network to
656
assign themselves an address in the netrange 1-1000. Two zone names are
657
published into this segment, "Printers" being the so called "standard zone",
658
forcing dumb AppleTalk devices like Laser printers to show up automatically
659
into this zone. AppleTalk printer queues supplied by netatalk's papd can be
660
registered into the zone "Spoolers" simply by adjusting the settings in
661
papd.conf(5). On eth1 we use the different and non-overlapping netrange
662
1001-2000, set the default zone to "Macs" and publish a fourth zone name
663
"Servers".
664
665
Example 3.6. atalkd.conf configured for "zone mapping"
666
667
eth0 -seed -phase 2 -net 1-1000 -addr 1000.142 -zone "foo"
668
lo0 -phase 1 -net 1 -addr 1.142 -zone "foo"
669
670
We use the same network settings as in the example above but let atalkd publish
671
the same zone name on both segments. As the same zone name will be used on all
672
segments of the AppleTalk network no zone names will show up at all... but
673
AppleTalk routing will still be active. In this case, we connect a so called
674
"non-extended" LocalTalk network (phase 1) to an EtherTalk "extended" network
675
(phase 2) transparently.
676
677
Example 3.7. atalkd.conf for a soft-seed router configuration
678
679
eth0
680
eth1
681
eth2
682
683
As we have more than one interface, atalkd will try to act as an AppleTalk
684
router between both segments. As we don't supply any network configuration on
685
our own we depend on the availability of seed routers in every connected
686
segment. If only one segment is without such an available seed router the whole
687
thing will fail.
688
689
Example 3.8. atalkd.conf for a soft-seed router configuration after atalkd
690
started
691
692
eth0 -phase 2 -net 10-10 -addr 10.166 -zone "Parking"
693
eth1 -phase 2 -net 10000-11000 -addr 10324.151 -zone "No Parking" -zone "Parking"
694
eth2 -phase 2 -net 65279-65279 -addr 65279.142 -zone "Parking" -zone "No Parking"
695
696
In this case, active seed routers are present in all three connected networks,
697
so atalkd was able to fetch the network configuration from them and, since the
698
settings do not conflict, act as a soft-seed router from now on between the
699
segments. So even in case, all of the three seed routers would disappear from
700
the net, atalkd would still supply the connected network with the network
701
configuration once learned from them. Only in case, atalkd would be restarted
702
afterwards, the routing information will be lost (as we're not acting as seed
703
router).
704
705
Example 3.9. atalkd.conf ready for mixed seed/soft-seed mode
706
707
eth0
708
eth1 -seed -phase 2 -net 99-100 -addr 99.200 -zone "Testing"
709
710
In case in the network connected to eth0 lives no active seed router or one
711
with a mismatching configuration (eg. an overlapping netrange of 1-200) atalkd
712
will fail. Otherwise it will fetch the configuration from this machine and will
713
route between eth0 and eth1, on the latter acting as a seed router itself.
714
715
By the way: It is perfectly legal to have more than one seed router connected
716
to a network segment. But in this case, you should take care that the
717
configuration of all connected routers is exactly the same regarding netranges,
718
published zone names and also the "standard zone" per segment
719
720
File Services
721
722
Netatalk supplies two different transport protocols for AFP services and both
723
can run at the same time. Classic AFP over AppleTalk requires the afpd and
724
atalkd daemons. AFP over IP only requires afpd.
725
726
Setting up the AFP file server
727
728
AFP (the Apple Filing Protocol) is the protocol Apple Macintoshes use for file
729
services. The protocol has evolved over the years, at the time of this writing
730
7 different "versions" exist. The latest changes to the protocol, called "AFP
731
3.1", were added with the release of Panther (Mac OS X 10.3).
732
733
AFP3 brought some big changes. For the first time, AppleShare Clients can use
734
filenames up to 255 characters (actually 255 bytes leading to 85-255 chars
735
depending on the glyphs used), UTF-8 is used on the wire and large files (>4GB)
736
are supported.
737
738
The afpd daemon offers the fileservices to Apple Clients. It's configured using
739
the afpd.conf and the AppleVolumes.* files.
740
741
afpd.conf
742
743
afpd.conf is the configuration file used by afpd to determine the behaviour and
744
configuration of the different virtual file servers that it provides. Any line
745
not prefixed with '#' is interpreted.
746
747
If afpd switches set on the command line are in conflict with afpd.conf
748
settings, the latter will have higher priority.
749
750
Format: - [options] to specify options for the default server and/or "Server
751
name" [options] to specify an additional server.
752
753
Leaving the afpd.conf file empty equals to the following configuration:
754
755
- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so -nosavepassword
756
757
For a more detailed explanation of the available options, please refer to the
758
afpd.conf(5) man page.
759
760
AppleVolumes.default
761
762
The AppleVolumes.default file is used to define volumes that will by default be
763
shown to all users, including users logged in as guest. A volume will not be
764
presented in the chooser, if the user has no read access to the specified
765
volume path.
766
767
You can limit access to a specific volume by using the allow and deny options.
768
769
For a more detailed explanation of the available options, please refer to the
770
AppleVolumes.default(5) man page.
771
772
CNID backends
773
774
Unlike other protocols like smb or nfs, the AFP protocol mostly refers to files
775
and directories by ID and not by a path (the IDs are also called CNID, that
776
means Catalog Node ID). A typical AFP request uses a directory ID and a
777
filename, something like "server, please open the file named 'Test' in the
778
directory with id 167". For example "Aliases" on the Mac basically work by ID
779
(with a fallback to the absolute path in more recent AFP clients. But this
780
applies only to Finder, not to applications).
781
782
Every file in an AFP volume has to have a unique file ID, IDs must, according
783
to the specs, never be reused, and IDs are 32 bit numbers (Directory IDs use
784
the same ID pool). So, after ~4 billion files/folders have been written to an
785
AFP volume, the ID pool is depleted and no new file can be written to the
786
volume. No whining please :-)
787
788
Netatalk needs to map IDs to files and folders in the host filesystem. To
789
achieve this, several different CNID backends are available and can be choosed
790
by the cnidscheme option in the AppleVolumes.default(5) configuration file. A
791
CNID backend is basically a database storing ID <-> name mappings.
792
793
In the past, many users used the so called "last" CNID scheme. However, this
794
scheme has some serious drawbacks, as it is based on the device and inode of a
795
file. Therefore, IDs will be eventually be reused and you can get duplicate IDs
796
as well.
797
798
The CNID Databases are by default located in the .AppleDB folder in every afpd
799
volume root. With the new ADv2 format, afpd stores the files/directories ID in
800
the corresponding .AppleDouble file as well.
801
802
Note
803
804
There are some CNID related things you should keep in mind when working with
805
netatalk:
806
807
* Don't use unix symlinks. Just don't. With a symlink a file/directory
808
"exists" twice, something AFP doesn't allow. There's currently no way this
809
can be resolved, as we either end up with two file/dirs having the same id,
810
or a file having two parents. If you still insist on using them, be aware
811
you're heavily violating the specs. You have been warned...
812
813
* Don't nest volumes.
814
815
* CNID backends are databases, so they turn afpd into a file server/database
816
mix. Keep this in mind, killing an afpd process with kill -9 will likely
817
leave the database unusable.
818
819
* If there's no more space on the filesystem left, the database will get
820
corrupted. You can work around this by either using the -dbpath option and
821
put the database files into another location or, if you use quotas, make
822
sure the .AppleDB folder is owned by a user/group without a quota.
823
824
* Be careful with CNID databases for volumes that are mounted via NFS. That
825
is a pretty audacious decision to make anyway, but putting a database there
826
as well is really asking for trouble, i.e. database corruption. Use the
827
dbpath: directive in the AppleVolumes.* configuration files to put the
828
databases onto a local disk if you must use NFS mounted volumes.
829
830
cdb
831
832
The "concurrent database" backend is based on sleepycat's Berkeley DB. With
833
this backend, several afpd daemons access the CNID database directly. Berkeley
834
DB locking is used to synchronize access, if more than one afpd process is
835
active for a volume. The drawback is, that the crash of a single afpd process
836
might corrupt the database.
837
838
dbd
839
840
Access to the CNID database is restricted to the cnid_dbd daemon process. afpd
841
processes communicate with the daemon for database reads and updates. If built
842
with Berkeley DB transactions, the probability for database corruption is
843
practically zero, but performance can be slower than with cdb. As a database
844
process gets spawned for each volume, you're probably better off using cdb for
845
sharing home directories for a larger number of users.
846
847
last
848
849
The last backend is a semi-persistent backend. IDs will be reused and, what is
850
much worse, you can get duplicate IDs. You should use it for sharing cdroms
851
only, don't use it for sharing normal volumes.
852
853
Charsets/Unicode
854
855
Why Unicode?
856
857
Internally, computers don't know anything about characters and texts, they only
858
know numbers. Therefore, each letter is assigned a number. A character set,
859
often referred to as charset or codepage, defines the mappings between numbers
860
and letters.
861
862
If two or more computer systems need to communicate with each other, the have
863
to use the same character set. In the 1960s the ASCII (American Standard Code
864
for Information Interchange) character set was defined by the American
865
Standards Association. The original form of ASCII represented 128 characters,
866
more than enough to cover the English alphabet and numerals. Up to date, ASCII
867
has been the normative character scheme used by computers.
868
869
Later versions defined 256 characters to produce a more international fluency
870
and to include some slightly esoteric graphical characters. Using this mode of
871
encoding each character takes exactly one byte. Obviously, 256 characters still
872
wasn't enough to map all the characters used in the various languages into one
873
character set.
874
875
As a result localized character sets were defined later, e.g the ISO-8859
876
character sets. Most operating system vendors introduced their own characters
877
sets to satisfy their needs, e.g. IBM defined the codepage 437 (DOSLatinUS),
878
Apple introduced the MacRoman codepage and so on. The characters that were
879
assigned number larger than 127 were referred to as extended characters. These
880
character sets conflict with another, as they use the same number for different
881
characters, or vice versa.
882
883
Almost all of those characters sets defined 256 characters, where the first 128
884
(0-127) character mappings are identical to ASCII. As a result, communication
885
between systems using different codepages was effectively limited to the ASCII
886
charset.
887
888
To solve this problem new, larger character sets were defined. To make room for
889
more character mappings, these character sets use at least 2 bytes to store a
890
character. They are therefore referred to as multibyte character sets.
891
892
One standardized multibyte charset encoding scheme is known as unicode. A big
893
advantage of using a multibyte charset is that you only need one. There is no
894
need to make sure two computers use the same charset when they are
895
communicating.
896
897
character sets used by Apple
898
899
In the past, Apple clients used single-byte charsets to communicate over the
900
network. Over the years Apple defined a number of codepages, western users will
901
most likely be using the MacRoman codepage.
902
903
Codepages defined by Apple include:
904
905
* MacArabic, MacFarsi
906
907
* MacCentralEurope
908
909
* MacChineseSimple
910
911
* MacChineseTraditional
912
913
* MacCroation
914
915
* MacCyrillic
916
917
* MacDevanagari
918
919
* MacGreek
920
921
* MacHebrew
922
923
* MacIcelandic
924
925
* MacKorean
926
927
* MacJapanese
928
929
* MacRoman
930
931
* MacRomanian
932
933
* MacThai
934
935
* MacTurkish
936
937
Starting with Mac OS X and AFP3, UTF-8 is used. UTF-8 encodes Unicode
938
characters in an ASCII compatible way, each Unicode character is encoded into
939
1-6 ASCII characters. UTF-8 is therefore not really a charset itself, it's an
940
encoding of the Unicode charset.
941
942
To complicate things, Unicode defines several normalization forms. While samba
943
uses precomposed Unicode, which most Unix tools prefer as well, Apple decided
944
to use the decomposed normalization.
945
946
For example lets take the German character '�'. Using the precomposed
947
normalization, Unicode maps this character to 0xE4. In decomposed
948
normalization, '�' is actually mapped to two characters, 0x61 and 0x308. 0x61
949
is the mapping for an 'a', 0x308 is the mapping for a COMBINING DIAERESIS.
950
951
Netatalk refers to precomposed UTF-8 as UTF8 and to decomposed UTF-8 as
952
UTF8-MAC.
953
954
afpd and character sets
955
956
To support new AFP 3.x and older AFP 2.x clients at the same time, afpd needs
957
to be able to convert between the various charsets used. AFP 3.x clients always
958
use UTF-8, AFP 2.2 clients use one of the Apple codepages.
959
960
At the time of this writing, netatalk supports the following Apple codepages:
961
962
* MAC_CENTRALEUROPE
963
964
* MAC_CYRILLIC
965
966
* MAC_HEBREW
967
968
* MAC_ROMAN
969
970
* MAC_TURKISH
971
972
afpd handles three different character set options:
973
974
unixcodepage
975
976
This is the codepage used internally by your operating system. If not
977
specified and your system support Unix locales, afpd tries to detect the
978
codepage, otherwise it defaults to ASCII. afpd uses this codepage to read
979
its configuration files, so you can use extended characters for volume
980
names, login messages, etc. see afpd.conf(5).
981
982
maccodepage
983
984
As already mentioned, older MacOS clients (up to AFP 2.2) use codepages to
985
communicate with afpd. However, there is no support for negotiating the
986
codepage used by the client in the AFP protocol. If not specified
987
otherwise, afpd assumes the MacRoman codepage is used. In case you're
988
clients use another codepage, e.g. MacCyrillic, you'll have to explicitly
989
configure this. see afpd.conf(5).
990
991
volcharset
992
993
This defines the charset afpd should use for filenames on disk. The default
994
is UTF8. If you have iconv installed, you can use any iconv provided
995
charset as well.
996
997
afpd needs a way to preserve extended macintosh characters, or characters
998
illegal in unix filenames, when saving files on a unix filesystem. Earlier
999
versions used the the so called CAP encoding. An extended character (>0x7F)
1000
would be converted to a :xx hex sequence, e.g. the Apple Logo (MacRoman:
1001
0XF0) was saved as :f0. Some special characters will be converted as to :xx
1002
notation as well. '/' will be encoded to :2f, if -usedots is not specified,
1003
a leading dot '.' will be encoded as :2e. Even though this version now uses
1004
UTF-8 as the default encoding for filenames, special characters, like '/'
1005
and a leading '.' will still be CAP style encoded. For western users
1006
another useful setting could be -volcharset ISO-8859-15.
1007
1008
If a character cannot be converted from the mac codepage to the selected
1009
volcharset, afpd will save it as a CAP encoded character. For AFP3 clients,
1010
afpd will convert the UTF-8 character to maccodepage first. If this
1011
conversion fails, you'll receive a -50 error on the mac. Note: Whenever you
1012
can, please stick with the default UTF-8 volume format. see
1013
AppleVolumes.default(5).
1014
1015
Authentication
1016
1017
AFP authentication basics
1018
1019
Apple chose a flexible model called "User Authentication Modules" (UAMs) for
1020
authentication purposes between AFP client and server. An AFP client initially
1021
connecting to an AFP server will ask for the list of UAMs which the server
1022
provides, and will choose the one with strongest encryption that the client
1023
supports.
1024
1025
Several UAMs have been developed by Apple over the time, some by 3rd-party
1026
developers.
1027
1028
UAMs supported by Netatalk
1029
1030
Netatalk supports the following ones by default:
1031
1032
* "No User Authent" UAM (guest access without authentication)
1033
1034
* "Cleartxt Passwrd" UAM (no password encryption)
1035
1036
* "Randnum exchange"/"2-Way Randnum exchange" UAMs (weak password encryption,
1037
separate password storage)
1038
1039
* "DHCAST128" UAM (stronger password encryption, should be used these days)
1040
1041
There exist other optional UAMs as well:
1042
1043
* "PGPuam 1.0" UAM (PGP-based authentication for pre-Mac OS X clients. You'll
1044
also need the PGPuam client to let this work)
1045
1046
You'll have to add "--enable-pgp-uam" to your configure switches to have
1047
this UAM available.
1048
1049
* "Kerberos IV"/"AFS Kerberos" UAMs (suitable to use Kerberos v4 based
1050
authentication and AFS file servers)
1051
1052
Use "--enable-krb4-uam" at compile time to activate the build of this UAM.
1053
1054
* "Client Krb v2" UAM (Kerberos V, suitable for "Single Sign On" Scenarios
1055
with Mac OS X clients -- see below)
1056
1057
"--enable-krbV-uam" will provide you with the ability to use this UAM.
1058
1059
You can configure which UAMs should be activated by defining $AFPD_UAM_LIST in
1060
netatalk.conf(5). afpd will log which UAMs it's using and if problems occur
1061
while activating them in either netatalk.log or syslog at startup time.
1062
asip-status.pl(1) can be used to query the available UAMs of AFP servers as
1063
well.
1064
1065
Having a specific UAM available at the server does not automatically mean that
1066
a client can use it. Client-side support is also necessary. Fortunately this
1067
isn't such a problem these days since Mac OS X' AFP-client supports DHCAST128
1068
from the beginning on. For older Macintoshes running Mac OS < X DHCAST128
1069
support exists since AppleShare client 3.8.x.
1070
1071
On Mac OS X, there exist some client-side techniques to make the AFP-client
1072
more verbose, so one can have a look what's happening while negotiating the
1073
UAMs to use. Compare with this hint.
1074
1075
Which UAMs to activate?
1076
1077
It depends primarily on your needs and on the kind of Mac OS versions you have
1078
to support. Basically one should try to use DHCAST128 where possible because of
1079
its strength of password encryption.
1080
1081
* Unless you really have to supply guest access to your server's volumes
1082
ensure that you disable "No User Authent" since it might lead accidentally
1083
to unauthorized access. In case you must enable guest access take care that
1084
you enforce this on a per volume base using the access controls the
1085
AppleVolumes.default(5) config file supplies or think about setting up an
1086
own server definition serving these public shares in afpd.conf(5).
1087
1088
* The "ClearTxt Passwrd" UAM is as bad as it sounds since passwords go
1089
unencrypted over the wire. Try to avoid it at both the server's side as
1090
well as on the client's. Note: If you want to provide Mac OS 8/9 clients
1091
with NetBoot-services then you need uams_cleartext.so since the AFP-client
1092
integrated into the Mac's firmware can only deal with this basic form of
1093
authentication.
1094
1095
* Since "Randnum exchange"/"2-Way Randnum exchange" uses only 56 bit DES for
1096
encryption it should be avoided as well. Another disadvantage is the fact
1097
that the passwords have to be stored in cleartext on the server and that it
1098
doesn't integrate into both PAM scenarios or classic /etc/shadow (you have
1099
to administrate passwords separately by using the afppasswd(1) utility, if
1100
clients should use these UAMs)
1101
1102
* "DHCAST128" should be a good compromise for most people since it combines
1103
stronger encryption with PAM integration. Hopefully Netatalk will support
1104
its successor "DHX2" (Diffie Hellman Exchange 2) in the future, which
1105
provides even stronger encryption.
1106
1107
* Using the Kerberos V ("Client Krb v2") UAM, it's possible to implement real
1108
single sign on scenarios using Kerberos tickets. The password is not sent
1109
over the network. Instead, the user password is used to decrypt a service
1110
ticket for the appleshare server. The service ticket contains an encryption
1111
key for the client and some encrypted data (which only the appleshare
1112
server can decrypt). The encrypted portion of the service ticket is sent to
1113
the server and used to authenticate the user. Because of the way that the
1114
afpd service principal detection is implemented, this authentication method
1115
is vulnerable to man-in-the-middle attacks.
1116
1117
For a more detailed overview over the technical implications of the different
1118
UAMs, please have a look at Apple's File Server Security pages.
1119
1120
Using different authentication sources with specific UAMs
1121
1122
Some UAMs provide the ability to use different authentication "backends",
1123
namely uams_cleartext.so and uams_dhx.so. They can both use either classic Unix
1124
passwords from /etc/passwd (/etc/shadow) or PAM if the system supports that.
1125
uams_cleartext.so can be symlinked to either uams_passwd.so or uams_pam.so,
1126
uams_dhx.so to uams_dhx_passwd.so or uams_dhx_pam.so. So, if it looks like this
1127
in Netatalk's UAMs folder (per default /etc/netatalk/uams/):
1128
1129
uams_clrtxt.so -> uams_pam.so
1130
uams_dhx.so -> uams_dhx_pam.so
1131
1132
then you're using PAM, otherwise classic Unix passwords. The main advantage of
1133
using PAM is that one can integrate Netatalk in centralized authentication
1134
scenarios, eg. via LDAP, NIS and the like. Please always keep in mind that the
1135
protection of your user's login credentials in such scenarios also depends on
1136
the strength of encryption that the UAM in question supplies. So think about
1137
eliminating weak UAMs like "ClearTxt Passwrd" and "Randnum exchange" completely
1138
from your network.
1139
1140
Netatalk UAM overview table
1141
1142
A small overview of the most common used UAMs.
1143
1144
Table 3.1. Netatalk UAM overview
1145
1146
+----------------------------------------------------------------------------------------------+
1147
| UAM | No User |Cleartxt Passwrd|(2-Way) Randnum| DHCAST128 | Client Krb v2 |
1148
| | Authent | | exchange | | |
1149
|----------+--------------+----------------+---------------+-----------------+-----------------|
1150
| pssword | guest access | max. 8 | max. 8 | max. 64 |Kerberos tickets |
1151
| length | | characters | characters | characters | |
1152
|----------+--------------+----------------+---------------+-----------------+-----------------|
1153
| | |built-in in all | | built-in since | |
1154
| | |Mac OS versions | |AppleShare client| |
1155
| Client |built-in into |except 10.0. Has| built-in into |3.8.4, available | built-in since |
1156
| support | all Mac OS |to be activated |almost all Mac |as a plug-in for | MacOS X 10.2 |
1157
| | versions | explicitly in | OS versions |3.8.3, integrated| |
1158
| | |recent Mac OS X | |in Mac OS X' AFP | |
1159
| | | versions | | client | |
1160
|----------+--------------+----------------+---------------+-----------------+-----------------|
1161
| | |Password will be| 8-byte random | | |
1162
| | | sent in | numbers are |Password will be | Password is not |
1163
| | | cleartext over | sent over the | encrypted with | sent over the |
1164
| | | the wire. Just | wire, |128 bit SSL, user| network. Due to |
1165
| |Enables guest | as bad as it |comparable with| will be | the service |
1166
| |access without| sounds, | DES, 56 bits. | authenticated | principal |
1167
|Encryption|authentication|therefore avoid | Vulnerable to | against the |detection method,|
1168
| |between client| at all if | offline | server but not | this |
1169
| | and server. |possible (note: | dictionary | vice versa. | authentication |
1170
| | | providing | attack. | Therefor weak | method is |
1171
| | |NetBoot services| Requires | against | vulnerable to |
1172
| | | requires the | passwords in |man-in-the-middle|man-in-the-middle|
1173
| | | ClearTxt UAM) | clear on the | attacks. | attacks. |
1174
| | | | server. | | |
1175
|----------+--------------+----------------+---------------+-----------------+-----------------|
1176
| Server |uams_guest.so |uams_cleartxt.so|uams_randnum.so| uams_dhx.so | uams_gss.so |
1177
| support | | | | | |
1178
|----------+--------------+----------------+---------------+-----------------+-----------------|
1179
| | | | Passwords | | |
1180
| Password | | Either /etc/ |stored in clear| Either /etc/ | At the Kerberos |
1181
| storage | None | passwd (/etc/ | text in a | passwd (/etc/ |Key Distribution |
1182
| method | | shadow) or PAM | separate text | shadow) or PAM | Center* |
1183
| | | | file | | |
1184
+----------------------------------------------------------------------------------------------+
1185
1186
* Have a look at this Kerberos overview
1187
1188
SSH tunneling
1189
1190
Tunneling and all sort of VPN stuff has nothing to do with AFP authentication
1191
and UAMs in general. But since Apple introduced an option called "Allow Secure
1192
Connections Using SSH" and many people tend to confuse both things, we'll speak
1193
about that here too.
1194
1195
Manually tunneling an AFP session
1196
1197
This works since the first AFP servers that spoke "AFP over TCP" appeared in
1198
networks. One simply tunnels the remote server's AFP port to a local port
1199
different than 548 and connects locally to this port afterwards. On MacOS X
1200
this can be done by
1201
1202
ssh -l $USER $SERVER -L 10548:127.0.0.1:548 sleep 3000
1203
1204
After establishing the tunnel one will use "afp://127.0.0.1:10548" in the
1205
"Connect to server" dialog. All AFP traffic including the initial connection
1206
attempts will be sent encrypted over the wire since the local AFP client will
1207
connect to the Mac's local port 10548 which will be forwarded to the remote
1208
server's AFP port (we used the default 548) over SSH.
1209
1210
These sorts of tunnels are an ideal solution if you've to access an AFP server
1211
providing weak authentications mechanisms through the Internet without having
1212
the ability to use a "real" VPN. Note that you can let ssh compress the data by
1213
using its "-C" switch and that the tunnel endpoints can be different from both
1214
AFP client and server (compare with the SSH documentation for details).
1215
1216
Automatically establishing a tunneled AFP connection
1217
1218
Starting with Mac OS X 10.2 Apple added an "Allow Secure Connections Using SSH"
1219
checkbox to the "Connect to Server" dialog. The idea behind: When the server
1220
signals that it can be contacted by SSH then Mac OS X' AFP client tries to
1221
establish the tunnel and automagically sends all AFP traffic through it.
1222
1223
But it took until the release of Mac OS X 10.3 that this feature worked the
1224
first time... partly. In case, the SSH tunnel can't be established the AFP
1225
client silently fell back to an unencrypted AFP connection attempt.
1226
1227
Netatalk's afpd will report that it is capable of handling SSH tunneled AFP
1228
requests, when both -advertise_ssh and -fqdn options are set in afpd.conf(5)
1229
(double check with asip-status.pl(1) after you restarted afpd when you made
1230
changes to the settings). But there are a couple of reasons why you don't want
1231
to use this option at all:
1232
1233
* Tunneling TCP over TCP (as SSH does) is not the best idea. There exist
1234
better solutions like VPNs based on the IP layer.
1235
1236
* Since this SSH kludge isn't a normal UAM that integrates directly into the
1237
AFP authentication mechanisms but instead uses a single flag signalling
1238
clients whether they can try to establish a tunnel or not, it makes life
1239
harder to see what's happening when things go wrong.
1240
1241
* You cannot control which machines are logged on by Netatalk tools like nu
1242
or macusers since all connection attempts seem to be made from localhost.
1243
1244
* On the other side you've to limit access to afpd to localhost only (TCP
1245
wrappers) and disable AFP over DDP when you want to ensure that all AFP
1246
sessions are SSH encrypted or...
1247
1248
* ...when you're using 10.2 - 10.3.3 then you get the opposite of what you'd
1249
expect: potentially unencrypted AFP communication (including logon
1250
credentials) on the network without a single notification that establishing
1251
the tunnel failed. Apple fixed that not until Mac OS X 10.3.4.
1252
1253
* Encrypting all AFP sessions via SSH can lead to a significantly higher load
1254
on the Netatalk server
1255
1256
Printing
1257
1258
Netatalk can act as both a PAP client to access AppleTalk-capable printers and
1259
a PAP server. The former by using the pap(1) utility and the latter by starting
1260
the papd(8) service.
1261
1262
The "Printer Access Protocol" as part of the AppleTalk protocol suite is a
1263
fully 8 bit aware and bidirectional printing protocol, developed by Apple in
1264
1985. 8 bit aware means that the whole set of bytes can be used for printing
1265
(binary encoding). This has been a great advantage compared with other
1266
protocols like Adobe's Standard Protocol to drive serial and parallel
1267
PostScript printers (compare with Adobe TechNote 5009) or LPR which made only
1268
use of the lower 128 bytes for printing because the 8th bit has been reserved
1269
for control codes.
1270
1271
Bidirectional means that printing source (usually a Macintosh computer) and
1272
destination (a printer or spooler implementation) communicate about both
1273
destination's capabilities via feature queries (compare with Adobe TechNote
1274
5133) and device status. This allows the LaserWriter driver on the Macintosh to
1275
generate appropriate device specific PostScript code (color or b/w, only
1276
embedding needed fonts, and so on) on the one hand and notifications about the
1277
printing process or problems (paper jam for example) on the other.
1278
1279
Setting up the PAP print server
1280
1281
Netatalk's papd is able to provide AppleTalk printing services for Macintoshes
1282
or, to be more precise, PAP clients in general. Netatalk does not contain a
1283
full-blown spooler implementation itself, papd only handles the bidirectional
1284
communication and submittance of printjobs from PAP clients. So normally one
1285
needs to integrate papd with a Unix printing system like eg. classic SysV lpd,
1286
BSD lpr, LPRng, CUPS or the like.
1287
1288
Since it is so important to answer the client's feature queries correctly, how
1289
does papd achieve this? By parsing the relevant keywords of the assigned PPD
1290
file. That said, it's always necessary to carefully choose the right PPD at the
1291
server's side.
1292
1293
Netatalk formerly had built-in support for System V lpd printing in a way that
1294
papd saved the printed job directly into the spooldir and calls lpd afterwards,
1295
to pick up the file and do the rest. Due to incompatibilities with many lpd
1296
implementations the normal behaviour was to print directly into a pipe instead
1297
of specifying a printer by name and using lpd interaction. With Netatalk 2.0
1298
another alternative has been implemented: direct interaction with CUPS (Note:
1299
when CUPS support is compiled in, then the SysV lpd support doesn't work at
1300
all). Detailed examples can be found in the papd.conf(5) manual page.
1301
1302
Integrating papd with SysV lpd
1303
1304
Unless CUPS support has been compiled in (which is default from Netatalk 2.0
1305
on) one simply defines the lpd queue in question by setting the pr parameter to
1306
the queue name. If no pr parameter is set, the default printer will be used.
1307
1308
Using pipes with papd
1309
1310
An alternative to the technique outlined above is to direct papd's output via a
1311
pipe into another program. Using this mechanism almost all printing systems can
1312
be driven. Netatalk supplies three "wildcards" that get substituted with values
1313
of the already printed job:
1314
1315
%F
1316
1317
will be substituted with the contents of the %%For: comment in the
1318
PostScript stream.
1319
1320
%U
1321
1322
If authenticated printing has been enabled then this will be substituted
1323
with the user name of the printjob's originator.
1324
1325
%J
1326
1327
will be substituted with the contents of the %%Title: comment of the
1328
PostScript stream.
1329
1330
Using these wildcards, one can pass those parameters directly to programs or
1331
implement small wrapper scripts to call the printing system in question.
1332
1333
Using direct CUPS support
1334
1335
Starting with Netatalk 2.0, direct CUPS integration is available. In this case,
1336
defining only a queue name as pr parameter won't invoke the SysV lpd daemon but
1337
uses CUPS instead. Unless a specific PPD has been assigned using the pd switch,
1338
the PPD configured in CUPS will be used by papd, too.
1339
1340
There exists one special share named "cupsautoadd". If this is present in
1341
papd.conf, then all available CUPS queues will be served automagically using
1342
the parameters assigned to this global share. But subsequent printer
1343
definitions can be used to override these global settings for individual
1344
spoolers.
1345
1346
Using AppleTalk printers
1347
1348
Netatalk's papstatus(8) can be used to query AppleTalk printers, pap(1) to
1349
print to them. With psf(8) there exists a lpd filter program suitable for
1350
converting other formats (like text) to PostScript output, do page accounting
1351
and eventually change the page order using psorder(1). But these days, modern
1352
printing systems like CUPS can do the latter tasks for themselves in a more
1353
reliable way.
1354
1355
pap can be used stand-alone or as part of an output filter or a CUPS backend
1356
(which is the preferred method since one does not have to deal with all the
1357
options).
1358
1359
Example 3.10. pap printing to a PostScript LaserWriter
1360
1361
pap -p"ColorLaserWriter 16/600@*" /usr/share/doc/gs/examples/tiger.ps
1362
1363
The file /usr/share/doc/gs/examples/tiger.ps is sent to a printer called
1364
"ColorLaserWriter 16/600" in the standard zone "*". The device type is
1365
"LaserWriter" (can be suppressed since it is the default).
1366
1367
Example 3.11. pap printing to a non-PostScript printer
1368
1369
gs -q -dNOPAUSE -sDEVICE=cdjcolor -sOutputFile=- test.ps | pap -E
1370
1371
GhostScript is used to convert a PostScript job to PCL3 output suitable for a
1372
Color DeskWriter. Since no file has been supplied on the command line, pap
1373
reads the data from stdin. The printer's address will be read from the .paprc
1374
file in the same directory, pap will be called (in our example simply
1375
containing "Color DeskWriter:DeskWriter@Printers"). The -E switch forces pap to
1376
not wait for an EOF from the printer.
1377
1378
Time Services
1379
1380
Using Netatalk as a time server for Macintoshes
1381
1382
timelord, an AppleTalk based time server, is deprecated these days. Use NTP
1383
instead.
1384
1385
For further information please have a look at the timelord(8) manual page.
1386
1387
Starting and stopping Netatalk
1388
1389
The Netatalk distribution comes with several operating system specific startup
1390
script templates that are tailored according to the options given to the
1391
"configure" script before compiling. Currently, templates are provided for
1392
NetBSD, BSD, RedHat, SuSE and True64. You can select to install the generated
1393
startup script(s) by specifying a system type to "configure". To automatically
1394
install startup scripts for e.g. the SuSE Linux distribution try to give the
1395
--enable-suse option to "configure". Some of the scripts can be further
1396
parametrized by the configuration file netatalk.conf (described in the
1397
netatalk.conf(5) manual page), some obtain that information in another,
1398
operating system specific way (like Netbsd).
1399
1400
Since new releases of Linux distributions appear all the time and the startup
1401
procedure for the other systems mentioned above might change as well, it is
1402
probably a good idea to not blindly install a startup script but to look at it
1403
first to see if it will work on your system. If you use Netatalk as part of a
1404
fixed setup, like a Linux distribution, an RPM or a BSD package, things will
1405
probably have been arranged properly for you. The following therefore applies
1406
mostly for people who have compiled Netatalk themselves.
1407
1408
The following daemons need to be started by whatever startup script mechanism
1409
is used:
1410
1411
* atalkd (if you use the AppleTalk protocol)
1412
1413
* afpd
1414
1415
* cnid_metad (if the dbd CNID backend is used)
1416
1417
* papd (if you want to provide print services via AppleTalk)
1418
1419
* timelord (for old style time synchronisation via AppleTalk)
1420
1421
Additionally, make sure that the various configuration files (afpd.conf,
1422
AppleVolumes.default, papd.conf etc.) are in the right place and that
1423
netatalk.conf (if used) contains the right entries. If you want e.g. papd to be
1424
started using this mechanism, set the environment variable "PAPD_RUN" to "yes"
1425
in netatalk.conf. See the manual pages for details.
1426
1427
Chapter 4. Upgrading from a previous version of Netatalk
1428
1429
J�rg Lenneis
1430
1431
initial version
1432
1433
26 June, 2004
1434
1435
Table of Contents
1436
1437
Overview
1438
Volumes and filenames
1439
1440
How to upgrade a volume to 2.0
1441
How to use a 1.x CAP encoded volume with 2.0
1442
How to use a 1.x NLS volume with 2.0
1443
1444
Choosing a CNID storage scheme
1445
1446
How to upgrade if no persistent CNID storage was used
1447
How to upgrade if a persistent CNID storage scheme was used
1448
How to upgrade if a persistent CNID storage scheme was used, the brute
1449
force approach
1450
1451
Setting up a test server on the same machine
1452
1453
Setting up an empty test share
1454
Duplicating an already existing share
1455
Configuring and running the test afpd
1456
1457
Overview
1458
1459
Version 2.0 of the Netatalk suite includes significant changes and enhancements
1460
in functionality compared to previous versions. AFP 3.x is now supported which
1461
allows UTF-8 encoded filenames of up to 255 bytes (85-255 chars) in length
1462
amongst other things. The Catalogue Node ID (CNID) subsystem has been reworked
1463
as well and should now be much more robust. For an overview of what CNIDs are
1464
and why you need them please see the CNID section in the manual.
1465
1466
The downside of these enhancements is that upgrading to Netatalk 2.0 is not a
1467
process that can be easily automated. Too many factors depend on site specific
1468
configuration and administrators have to make choices that suit their
1469
requirements. This document attempts to clarify the issues and outline the
1470
steps that need to be taken for a successful upgrade. As usual, the first of
1471
these steps should be to make a complete backup of all volumes and home
1472
directories that were in use with Netatalk before. Afterwards, you'll have to
1473
decide
1474
1475
1. what encoding to use for filenames in the future and how to convert
1476
existing filenames
1477
1478
2. what storage scheme to use for CNIDs and maybe convert an existing database
1479
to that scheme
1480
1481
The following two sections deal with each of these areas in turn.
1482
1483
Volumes and filenames
1484
1485
Previous Netatalk versions saved filenames in the so called CAP encoding by
1486
default. Alternatively, there was the NLS system, that allowed you to convert
1487
filenames to other codepages, like ISO-8859-1.
1488
1489
For Netatalk 2.0 the charset conversion routines had to be completely rewritten
1490
to support AFP 3.x. For more indepth information on character sets please read
1491
the Unicode/charsets section in the manual.
1492
1493
As a consequence, Netatalk 2.0 now stores filenames in UTF-8 by default.
1494
Additionally you have to specify a maccodepage in afpd.conf, if your Mac
1495
clients are not using MacRoman.
1496
1497
The format of the metadata files stored in the .AppleDouble folders has changed
1498
from AppleDouble v1 to AppleDouble v2. Netatalk 2.0 is still able to use AD1
1499
files, if configured. Otherwise ADv1 files will silently be updated to the new
1500
ADv2 format, which will prevent you from using this volume with 1.x again.
1501
1502
Warning
1503
1504
Do not share a 1.x volume with Netatalk 2.0 without setting the proper options!
1505
1506
Note
1507
1508
You should consider 'upgrading' your volumes using the new defaults UTF-8 and
1509
AppleDouble v2, even if this is a time consuming process. AFP 3.x uses UTF-8
1510
and it is impossible to fully map UTF-8 to any of the old volume formats.
1511
1512
How to upgrade a volume to 2.0
1513
1514
To convert the 1.x CAP or NLS encoded volumes on the server, we provide the
1515
uniconv(1) utility. Please see the man page for details.
1516
1517
Another option to perform an upgrade, is to copy all files using a Mac client.
1518
Either copy the volume to a Mac while you are still running 1.6, then install
1519
2.0 and copy the data back to a fresh share, or try to set up the volume with
1520
the compatibility options described below and do a share to share copy.
1521
1522
How to use a 1.x CAP encoded volume with 2.0
1523
1524
Using a 1.x CAP encoded volume is still possible with Netatalk 2.0. To work
1525
properly, the following options need to be set, matching your 1.x setup:
1526
1527
afpd.conf:
1528
1529
* maccodepage
1530
1531
AppleVolumes.default:
1532
1533
* volcharset
1534
1535
* adouble
1536
1537
You have to make sure maccodepage matches your Apple clients codepage. For
1538
western users the default Mac_Roman should be fine.
1539
1540
Set volcharset to ASCII.
1541
1542
Set adouble:v1, this will make sure the metadata files will not be changed to
1543
AppleDouble v2. If you do not set this option, it will not be possible to use
1544
the volume with Netatalk 1.x anymore.
1545
1546
Example:
1547
1548
afpd.conf:
1549
1550
- -transall -maccodepage:MAC_CENTRALEUROPE
1551
1552
AppleVolumes.default:
1553
1554
/path/to/share "1.x Volume" adouble:v1 volcharset:ASCII
1555
1556
How to use a 1.x NLS volume with 2.0
1557
1558
Whether you can still use an 1.x NLS encoded volume with Netatalk 2.0 mainly
1559
depends on which NLS setting you used with 1.x.
1560
1561
Make sure you set the correct maccodepage in afpd.conf !
1562
1563
maccode.iso8859-1
1564
1565
Use the following settings in AppleVolumes.default:
1566
1567
/path/to/share "1.x Volume" adouble:v1 volcharset:ISO-8859-1
1568
maccode.iso8859-1.adapted
1569
1570
Sorry, you're out of luck. This NLS contains a non standard mapping and is
1571
not supported by afpd anymore. You'll have to convert the volume to a
1572
supported encoding.
1573
1574
maccode.437
1575
1576
Using the following settings in AppleVolumes.default might work, but is
1577
untested:
1578
1579
/path/to/share "1.x Volume" adouble:v1 volcharset:CP437
1580
maccode.850
1581
1582
Using the following settings in AppleVolumes.default might work, but is
1583
untested:
1584
1585
/path/to/share "1.x Volume" adouble:v1 volcharset:CP850
1586
maccode.koi8-r
1587
1588
Using the following settings in AppleVolumes.default might work, but is
1589
untested:
1590
1591
/path/to/share "1.x Volume" adouble:v1 volcharset:KOI8-R
1592
1593
Note
1594
1595
All of the above require iconv to be installed and to supply the volcharset
1596
codepage!
1597
1598
Choosing a CNID storage scheme
1599
1600
Previous versions of Netatalk allocated CNIDs either on the fly or CNIDs were
1601
recorded in a persistent database. "On the fly methods" work by either
1602
generating a CNID from the device and inode number or simply by using a counter
1603
that is increased by one on each access to a file or directory from the client.
1604
The counter only lasts for the lifetime of an afpd daemon process and inode
1605
numbers are reused for a different file once the original file has been
1606
deleted. These methods therefore violate a fundamental assumption: A CNID once
1607
assigned must never be reused for the lifetime of a volume. Netatalk 2.0
1608
supports one "On the fly scheme" called last. It computes CNIDs for files from
1609
device and inode of the file and uses a counter for directories. You should
1610
think twice about using it in production. Depending on your needs and the
1611
semantics of the underlying file system it might be OK on read only volumes,
1612
but even there we are not certain if OS X clients will work properly.
1613
1614
That leaves the CNID schemes that use persistent storage for CNIDs. Netatalk
1615
2.0 supports two: cdb and dbd. Both are based on the Berkeley DB database
1616
library as before. One difference is, though, that you are not restricted to
1617
using a single scheme for all of your volumes that has to be determined at
1618
compile time. The CNID scheme (also called a "CNID backend") is now a runtime
1619
option for a volume. That means that you can make the choice per volume based
1620
on your requirements. Here are the properties as well as the advantages and
1621
disadvantages of the three supported schemes:
1622
1623
1. last: See above. Avoid, if at all possible.
1624
1625
2. cdb: Roughly analogous to the Netatalk 1.6.x versions with what was called
1626
then the "DID scheme" option set to "cnid" and the "CNID with Concurrent
1627
Data Store" option set to "yes". Access to the CNID database for a volume
1628
happens directly from the Netatalk afpd daemons. A Berkeley DB locking
1629
scheme (the "Concurrent Data Store" bit) is used to avoid database
1630
inconsistencies. Robustness is much improved compared to previous releases.
1631
The CNID database can only become corrupted if an afpd daemon crashes
1632
unexpectedly, is killed by the administrator or the whole machine crashes.
1633
1634
3. dbd: There is only a single daemon that accesses the CNID database for a
1635
given volume. Any afpd process that wishes to retrieve or update CNIDs for
1636
that volume needs to do it via the daemon. The CNID can database be (this
1637
is a compile time option) updated under Berkeley DB transactional
1638
protection. This design combined with the transactional updates makes the
1639
CNID database crashproof: Any of the participating afpd daemons, the
1640
database daemon itself or the whole machine can crash and the CNID database
1641
should still be in a consistent state. The downside to this is that the
1642
speed of updates and retrieval is slower than with the cdb scheme. If this
1643
is a problem, you might want to disable transactions at Netatalk compile
1644
time (currently, the default is to compile without transactions anyway).
1645
That will give you safety against afpd crashing, but not if the machine
1646
goes down unexpectedly. Also, have a look at the nosync option documented
1647
in the cnid_dbd manual page.
1648
1649
It is also possible to switch between cdb and dbd for a given volume, since
1650
they use the same database format. You just have to shut down all processes
1651
accessing the database cleanly, make the necessary configuration changes and
1652
restart. Please note, that you can easily specify a default CNID backend for
1653
all shares by applying the cnidscheme option to the ":DEFAULT:" share (compare
1654
with the AppleVolumes.default(5) manual page for details).
1655
1656
Note that the dbd backend needs an auxiliary daemon, called cnid_metad, to
1657
work. It should be started together with afpd. If the dbd backend is compiled
1658
into afpd (the default), this should happen automatically. If you cannot find
1659
it in the process list even though the dbd backend is used please check for
1660
errors in the startup scripts.
1661
1662
If you compile Netatalk 2.0 yourself and invoke configure --help, you'll notice
1663
that there are in fact more CNID backends to chose from. Don't use any of them.
1664
They are either broken or incomplete. Some of them might turn into something
1665
useful in the future.
1666
1667
How to upgrade if no persistent CNID storage was used
1668
1669
That is easy. Just pick a CNID backend from above, configure it properly in
1670
afpd.conf and the AppleVolumes file and start up the necessary Netatalk
1671
processes. The databases will be automatically created in a subdirectory
1672
.AppleDB of the volume in question.
1673
1674
How to upgrade if a persistent CNID storage scheme was used
1675
1676
In that case the CNID databases need to be upgraded. A script called
1677
cnid2_create that comes with Netatalk 2.0 does most of the work. The steps you
1678
have to take depend on what version of Berkeley DB is installed on your system.
1679
If you already use one of the supported versions of Berkeley DB (4.1.25 or
1680
4.2.52) for your old Netatalk installation and plan to use it for Netatalk 2.0
1681
as well just use the db_dump and db_load utilities that came with it as
1682
indicated below. Otherwise it is probably best to have the old and the new (to
1683
be used with Netatalk 2.0) version of Berkeley DB installed side by side until
1684
you have finished the upgrade. The reason for this is that we will dump out the
1685
old databases with the currently installed version of Berkeley DB in ASCII
1686
format and reload them with the new version. This avoids any incompatibility
1687
problems between Berkeley DB releases with respect to the on-disk format.
1688
1689
For each volume to be upgraded, follow these steps
1690
1691
* Stop all afpd daemons accessing the volume.
1692
1693
* Change to the database directory for that volume, most likely the .AppleDB
1694
subdirectory of the volume toplevel directory in question.
1695
1696
* Dump the contents of cnid.db and didname.db using the old (installed)
1697
version of Berkeley DB like this:
1698
1699
db_dump -f cnid.dump cnid.db
1700
db_dump -f didname.dump didname.db
1701
1702
Make sure the db_dump utility you are using is the correct (currently used)
1703
one. Use the full path to the db_dump executable if in doubt. So if this
1704
database was created with Berkeley DB 3.xx installed in /usr/local/db3 use
1705
/usr/local/db3/bin/db_dump instead. This will create two files, cnid.dump
1706
and didname.dump in the current directory.
1707
1708
* Run the cnid2_create script:
1709
1710
/path/to/netatalk/bin/cnid2_create
1711
1712
The script assumes that .AppleDB is a subdirectory of the volume directory
1713
to be upgraded. If that is not the case give the full path name of the
1714
volume as the first argument to cnid2_create. The script will create a file
1715
cnid2.dump in ASCII format.
1716
1717
* Remove the old Berkeley DB environment and logfiles (if present):
1718
1719
rm __db.* log.*
1720
* Load cnid2.dump into the new database. You should use the db_load utility
1721
of Berkeley DB that will be used with version 2.0 of Netatalk. So if
1722
Berkeley DB 4.xx lives in /usr/local/db4 use
1723
1724
/usr/local/db4/bin/db_load -f cnid2.dump cnid2.db
1725
1726
This will create the new database file, cnid2.db. Remove the old database
1727
files cnid.db, didname.db and devino.db. The intermediate files cnid.dump,
1728
didname.dump and cnid2.dump can be removed now or at some later time.
1729
1730
If you do not want to have two versions of Berkeley DB installed side by side
1731
during the upgrade, you should first dump out the old databases as indicated
1732
above for all volumes, upgrade Berkeley DB and then load them with db_load. The
1733
cnid2_create script can be run before or after the upgrade. Berkeley DB
1734
environment and logfiles should still be removed before running db_load.
1735
1736
How to upgrade if a persistent CNID storage scheme was used, the brute force
1737
approach
1738
1739
If you are absolutely sure what you are doing, you can also just clear out all
1740
database files from the .AppleDB directories. They will be recreated, but will
1741
not contain the same CNIDs as before!! That might lead to all sorts of
1742
problems, like aliases not working any more on clients. As I said, make sure
1743
you know the consequences and don't mind them.
1744
1745
Setting up a test server on the same machine
1746
1747
Providing a test environment in parallel with the existing production
1748
installation is not difficult and, if done properly, it should not in any way
1749
disrupt the normal operation. However, as always, it is recommended to make a
1750
backup of the existing installation before proceeding. When compiling a newer
1751
netatalk version you should also take care that you do not overwrite the
1752
binaries of an older version (make use of the --prefix= configure option).
1753
1754
There could be more than two afpd servers running on one UNIX box. You just
1755
have to be careful to keep them from running into each other:
1756
1757
* the shares/volumes (AppleVolumes.default)
1758
1759
* the PID file (afpd -P command line option)
1760
1761
* the port number (-port option in afpd.conf)
1762
1763
* no use of AppleTalk (-noddp option in afpd.conf)
1764
1765
You should test the new Netatalk version with both a freshly created new share
1766
and another one that has been duplicated/converted from an already existing
1767
volume. This helps finding mistakes you probably made in the upgrade process
1768
when the first share behaves well and the latter not.
1769
1770
Setting up an empty test share
1771
1772
First, you have to provide some space for the test share. Just create a
1773
directory on one of your data filesystems. However, this directory must not be
1774
accessible from the production afpd server. Don't forget to set appropriate
1775
permissions for the share. For example:
1776
1777
mkdir /macdata/testshare
1778
chown root.macusers /macdata/testshare
1779
chmod g+wrx,g+s /macdata/testshare
1780
1781
Duplicating an already existing share
1782
1783
Ensure that users cannot access the share in question and copy the whole
1784
contents (including all the metadata directories like .AppleDB) to another
1785
location.
1786
1787
cp -pr /production/testshare /macdata/
1788
1789
Then do the somewhat extensive upgrade of CNID databases and filename encodings
1790
outlined earlier in this chapter.
1791
1792
Configuring and running the test afpd
1793
1794
Normally the test afpd cannot listen on the standard afpovertcp port, because
1795
that one is already bound by the production afpd. So the afpd.conf should look
1796
like
1797
1798
- -noddp -nouservol -port 5480 -loginmsg "WARNING: test server"
1799
1800
You also have to present the share to the Mac users by editing the
1801
AppleVolumes.default file. Remove the line containing a single "~" at the end
1802
of the file and append something like:
1803
1804
/macdata/testshare "Test Volume (not production)"
1805
1806
That should be the only uncommented line in the file. Do not forget to adjust
1807
encoding and AppleDouble setting when you're not using the recommended defaults
1808
UTF8 and ADv2.
1809
1810
In case you have many users and want to restrict access to the test server,
1811
there is a provision for that in the AppleVolumes.default file. First, create a
1812
group named, say, afpdtest, and put in it all users you would want to enable
1813
access to the test volumes. Then, instead of the line above, append a line like
1814
this one:
1815
1816
/macdata/testshare "Test Volume (not production)" allow:@afpdtest
1817
1818
The test afpd server can be started now:
1819
1820
$TESTDIR/sbin/afpd -P /var/run/afpd-test.pid
1821
1822
You can also put this line in the production netatalk start script, in the
1823
"start" case. In the "stop" case, you should insert
1824
1825
[ -f /var/run/afpd-test.pid ] && kill `cat /var/run/afpd-test.pid`
1826
1827
The production server has to know about the test server. Otherwise the Mac
1828
users would not be able to see the test server in their choosers. Append the
1829
following line to the production afpd.conf (usually in /etc/netatalk/
1830
afpd.conf):
1831
1832
"Test server (not production)" -proxy -uamlist "" -port 5480
1833
1834
and restart the production netatalk. Note that the port directive here should
1835
match the one which appears above in the test afpd.conf.
1836
1837
Important
1838
1839
Note that there is a limit of 31 characters for the server's name. Should the
1840
name be longer, then afpd will just refuse to register the server.
1841
1842
The test server should appear in the chooser on Macs. You can also test that
1843
from the UNIX command line:
1844
1845
nbplkup =:AFPServer
1846
1847
or
1848
1849
netstat -an | grep 5480
1850
1851
If everything went fine spread the word about the test server among your more
1852
experienced Mac users and see whether things work as expected.
1853
1854
Chapter 5. Manual Pages
1855
1856
Table of Contents
1857
1858
achfile - change type and/or creator of Apple Macintosh files (netatalk format)
1859
acleandir - clean up a directory containing netatalk Apple Macintosh files
1860
aecho - send AppleTalk Echo Protocol packets to network hosts
1861
afile - display type and creator of Apple Macintosh files (netatalk format)
1862
afpd - AppleTalk Filing Protocol daemon
1863
afpd.conf - Configuration file used by afpd(8) to determine the setup of its
1864
file sharing services
1865
afppasswd - netatalk password maintenance utility
1866
AppleVolumes.default - Configuration file used by afpd(8) to determine the
1867
shares made available through Appletalk
1868
apple_cp - Do an apple copy, copying file metadata and the resource fork as
1869
well
1870
apple_mv - Do an apple move, moving metadata and the resource fork as well
1871
apple_rm - Do an apple remove, remove metadata and resource fork as well
1872
asip-status.pl - Queries AFP servers for their capabilities
1873
atalk - AppleTalk protocol family
1874
atalkd - AppleTalk RTMP, NBP, ZIP, and AEP manager
1875
atalkd.conf - Configuration file used by atalkd(8) to determine the interfaces
1876
used by the master Netatalk daemon
1877
atalk_aton - AppleTalk address parsing
1878
cnid_dbd - implement access to CNID databases through a dedicated daemon
1879
process
1880
cnid_index - check and repair Netatalk CNID database indexes
1881
cnid_metad - start cnid_dbd daemons on request
1882
getzones - list AppleTalk zone names
1883
megatron - Macintosh file format transformer
1884
nbp - access NBP database
1885
nbp_name - NBP name parsing
1886
netatalk.conf - Configuration file used by netatalk(8) to determine its general
1887
configuration
1888
netatalk-config - script to get information about the installed version of
1889
netatalk
1890
pap - client interface to remote printers using Printer Access Protocol
1891
papd - AppleTalk print server daemon
1892
papd.conf - Configuration file used by papd(8) to determine the configuration
1893
of printers used by the Netatalk printing daemon
1894
papstatus - get the status of an AppleTalk-connected printer
1895
psf - PostScript filter
1896
psorder - PostScript pageorder filter
1897
timelord - Macintosh time server daemon
1898
timeout - Send a signal to a program after a certain time
1899
uniconv - convert Netatalk volume encoding
1900
1901
This is a collection of the man pages delivered with Netatalk.
1902
1903
Name
1904
1905
achfile - change type and/or creator of Apple Macintosh files (netatalk format)
1906
1907
Synopsis
1908
1909
achfile [ -t type ] [ -c creator ] file...
1910
1911
DESCRIPTION
1912
1913
achfile changes the Macintosh type and/or creator of the file arguments which
1914
have a corresponding .AppleDouble file.
1915
1916
OPTIONS
1917
1918
-t type change the type.
1919
1920
-c creator change the creator.
1921
1922
DIAGNOSTICS
1923
1924
returns exit status 0 if all files changed successfully
1925
1926
SEE ALSO
1927
1928
afile(1), afpd(8)
1929
1930
-------------------------------------------------------------------------------
1931
1932
Name
1933
1934
acleandir - clean up a directory containing netatalk Apple Macintosh files
1935
1936
Synopsis
1937
1938
acleandir [-rnvi] dirname
1939
1940
DESCRIPTION
1941
1942
acleandir cleans up the directory dirname. By default it simply removes
1943
"orphan" AppleDouble files, i.e. those which do not have a corresponding data
1944
file.
1945
1946
OPTIONS
1947
1948
-d
1949
1950
Also remove the .AppleDouble directory if it contains no AppleDouble files
1951
after "orphan" removal. This will result in the finder location of dirname
1952
within its parent being lost.
1953
1954
-r, -R
1955
1956
Recursive. Clean up directories recursively.
1957
1958
-n
1959
1960
Display the filenames of "orphans" but don't remove any. Display size if
1961
"orphan" appears to contain a resource fork.
1962
1963
-i
1964
1965
Interactive. Prompt for confirmation before a removal. A y in answer
1966
confirms that the removal should proceed.
1967
1968
-v
1969
1970
Verbose. Display the names of all "orphans" and .AppleDouble directories
1971
removed. Reports the size if the "orphan" appears to contain a resource
1972
fork.
1973
1974
-a
1975
1976
Aggressive. Remove all AppleDouble files, not just "orphans". Also remove
1977
the .AppleDesktop directory if present. Impies -d option. Use with caution
1978
as the Macintosh type/creator and finder location of all files will be lost
1979
and the content of some documents, such as Symantec Projects, will be
1980
destroyed.
1981
1982
DIAGNOSTICS
1983
1984
returns exit status 0 unless bad options are provided or a directory is not
1985
given on the command line.
1986
1987
SEE ALSO
1988
1989
afile(1), afpd(8)
1990
1991
-------------------------------------------------------------------------------
1992
1993
Name
1994
1995
aecho - send AppleTalk Echo Protocol packets to network hosts
1996
1997
Synopsis
1998
1999
aecho [ -c count ] ( address | nbpname )
2000
2001
DESCRIPTION
2002
2003
aecho repeatedly sends an Apple Echo Protocol (AEP) packet to the host
2004
specified by the given AppleTalk address or nbpname and reports whether a reply
2005
was received. Requests are sent at the rate of one per second.
2006
2007
address is parsed by atalk_aton(3). nbpname is parsed by nbp_name(3). The nbp
2008
type defaults to `Workstation'.
2009
2010
When aecho is terminated, it reports the number of packets sent, the number of
2011
responses received, and the percentage of packets lost. If any responses were
2012
received, the minimum, average, and maximum round trip times are reported.
2013
2014
EXAMPLE
2015
2016
Check to see if a particular host is up and responding to AEP packets:
2017
2018
example% aecho bloodsport
2019
11 bytes from 8195.13: aep_seq=0. time=10. ms
2020
11 bytes from 8195.13: aep_seq=1. time=10. ms
2021
11 bytes from 8195.13: aep_seq=2. time=10. ms
2022
11 bytes from 8195.13: aep_seq=3. time=10. ms
2023
11 bytes from 8195.13: aep_seq=4. time=10. ms
2024
11 bytes from 8195.13: aep_seq=5. time=9. ms
2025
^C
2026
----8195.13 AEP Statistics----
2027
6 packets sent, 6 packets received, 0% packet loss
2028
round-trip (ms) min/avg/max = 9/9/10
2029
2030
OPTIONS
2031
2032
-c count
2033
2034
Stop after count packets.
2035
2036
SEE ALSO
2037
2038
ping(1), atalk_aton(3), nbp_name(3), aep(4), atalkd(8).
2039
2040
-------------------------------------------------------------------------------
2041
2042
Name
2043
2044
afile - display type and creator of Apple Macintosh files (netatalk format)
2045
2046
Synopsis
2047
2048
afile [-a] file...
2049
2050
DESCRIPTION
2051
2052
afile displays the name and Macintosh type and creator of the file arguments.
2053
Tests whether the file is an AppleDouble header, in which case it checks the
2054
corresponding data fork exists, or assumes it is a data fork in which case it
2055
looks for the corresponding AppleDouble to find the type/creator information.
2056
2057
afile does not look at any of the extension mapping files such as
2058
AppleVolumes.system.
2059
2060
OPTIONS
2061
2062
-a
2063
2064
Include directories and data files of unknown type (i.e. without
2065
corresponding AppleDouble) in output.
2066
2067
DIAGNOSTICS
2068
2069
returns exit status 0 if all files have a corresponding valid .AppleDouble
2070
header or data fork, or 99 for bad command line options. Otherwise it returns
2071
the following error code relating to the last invalid file.
2072
2073
1 file doesn't exist
2074
2075
2 file is unreadable
2076
2077
3 file is directory
2078
2079
4 file is AppleDouble without data fork
2080
2081
5 file is AppleDouble with unreadable data fork
2082
2083
6 file is data fork without AppleDouble
2084
2085
7 file is data fork with unreadable AppleDouble
2086
2087
8 file is data fork with short AppleDouble
2088
2089
9 bad magic in AppleDouble
2090
2091
SEE ALSO
2092
2093
achfile(1), afpd(8)
2094
2095
-------------------------------------------------------------------------------
2096
2097
Name
2098
2099
afpd - AppleTalk Filing Protocol daemon
2100
2101
Synopsis
2102
2103
afpd [-duptDTvI] [-f defaultvolumes] [-s systemvolumes] [-n nbpname] [-c
2104
maxconnections] [-g guest] [-P pidfile] [-S port] [-L message] [-F config] [-U
2105
uamsv] [-m umask]
2106
2107
Description
2108
2109
afpd provides an AppleTalk Filing Protocol (AFP) interface to the Unix file
2110
system. It is normally started at boot time from /etc/rc.
2111
2112
The list of volumes offered to the user is generated from /etc/netatalk/
2113
AppleVolumes.system and one of /etc/netatalk/AppleVolumes.default, ~/
2114
AppleVolumes, or ~/.AppleVolumes. The AppleVolumes files is used to specify
2115
volumes to mount and file name extension mappings. It is formatted as follows,
2116
one specification per line: pathname [ volumename ] .extension [ type [ creator
2117
] ] If volumename is unspecified, the last component of pathname is used. No
2118
two volumes may have the same name. If type is unspecified '????' is used. If
2119
creator is unspecified 'UNIX' is used. The extension '.' sets the default
2120
creator and type for otherwise untyped Unix files. Blank lines and lines
2121
beginning with `#' are ignored.
2122
2123
Options
2124
2125
-d
2126
2127
Specifies that the daemon should not fork. If netatalk has been configured
2128
with --enable-debug1, a trace of all AFP commands will be written to
2129
stdout.
2130
2131
-p
2132
2133
Prevents clients from saving their passwords. (Equivalent to -nosavepasswd
2134
in afpd.conf.)
2135
2136
-t
2137
2138
Allows clients to change their passwords. (Equivalent to -setpasswd in
2139
afpd.conf.)
2140
2141
-D
2142
2143
Use DDP (AppleTalk) as transport protocol. (Equivalent to -ddp in
2144
afpd.cond.)
2145
2146
-T
2147
2148
Use TCP/IP as transport protocol. (Equivalent to -tcp in afpd.conf.)
2149
2150
-v
2151
2152
Print version information and exit.
2153
2154
-I
2155
2156
Use a platform specific icon. (Equivalent to -icon in afpd.conf.)
2157
2158
-f defaultvolumes
2159
2160
Specifies that defaultvolumes should be read for a list of default volumes
2161
to offer, instead of /etc/netatalk/AppleVolumes.default.
2162
2163
-s systemvolumes
2164
2165
Specifies that systemvolumes should be read for a list of volume that all
2166
users will be offered, instead of /etc/netatalk/AppleVolumes.system.
2167
2168
-u
2169
2170
Read the user's AppleVolumes file first. This option causes volume names in
2171
the user's AppleVolumes file to override volume names in the system's
2172
AppleVolumes file. The default is to read the system AppleVolumes file
2173
first. Note that this option doesn't effect the precendence of filename
2174
extension mappings: the user's AppleVolumes file always has precedence.
2175
2176
-n nbpname
2177
2178
Specifies that nbpname should be used for NBP registration, instead of the
2179
first component of the hostname in the local zone.
2180
2181
-c maxconnections
2182
2183
Specifies the maximum number of connections to allow for this afpd. The
2184
default is 20.
2185
2186
-g guest
2187
2188
Specifies the name of the guest account. The default is 'nobody'.
2189
2190
-P pidfile
2191
2192
Specifies the file in which afpd stores its process id.
2193
2194
-S port
2195
2196
Specifies the port to register with when doing AFPoverTCP. Defaults to 548.
2197
(Equivalent to -port in afpd.conf.)
2198
2199
-L message
2200
2201
Specifies the login message that will be sent to clients. (Equivalent to
2202
-loginmsg in afpd.conf.)
2203
2204
-F configfile
2205
2206
Specifies the configuration file to use. (Defaults to /etc/netatalk/
2207
netatalk/afpd.conf.)
2208
2209
-U uams
2210
2211
Comma-separated list of UAMs to use for the authentication process.
2212
(Equivalent to -uamlist in afpd.conf.)
2213
2214
-m umask
2215
2216
Use this umask for the creation of folders in Netatalk.
2217
2218
SIGNALS
2219
2220
Signals that are sent to the main afpd process are propagated to the children,
2221
so all will be affected.
2222
2223
SIGHUP
2224
2225
Sending a SIGHUP to afpd will cause it to reload its configuration files.
2226
2227
SIGUSR1
2228
2229
The afpd process will send the message "The server is going down for
2230
maintenance." to the client and shut itself down in 5 minutes. New
2231
connections are not allowed. If this is sent to a child afpd, the other
2232
children are not affected. However, the main process will still exit,
2233
disabling all new connections.
2234
2235
SIGUSR2
2236
2237
The afpd process will look in the message directory configured at build
2238
time for a file named message.pid. For each one found, a the contents will
2239
be sent as a message to the associated AFP client. The file is removed
2240
after the message is sent. This should only be sent to a child afpd.
2241
Warning: If the --with-message-dir option was not used, this will kill the
2242
afpd process
2243
2244
To shut down a user's afpd process it is recommended that SIGKILL (-9) NOT
2245
be used, except as a last resort, as this may leave the CNID database in an
2246
inconsistent state. The safe way to terminate an afpd is to send it a
2247
SIGTERM (-15) signal and wait for it to die on its own.
2248
2249
FILES
2250
2251
/etc/netatalk/AppleVolumes.default
2252
2253
list of default volumes to mount
2254
2255
/etc/netatalk/AppleVolumes.system
2256
2257
list of volumes to offer all users
2258
2259
~/AppleVolumes
2260
2261
user's list of volumes to mount
2262
2263
/etc/netatalk/netatalk/msg/message.pid
2264
2265
contains messages to be sent to users.
2266
2267
BUGS
2268
2269
SEE ALSO
2270
2271
hosts_access(5), afpd.conf(5), AppleVolumes.default(5), AppleVolumes.system(5).
2272
2273
-------------------------------------------------------------------------------
2274
2275
Name
2276
2277
afpd.conf - Configuration file used by afpd(8) to determine the setup of its
2278
file sharing services
2279
2280
Description
2281
2282
/etc/netatalk/afpd.conf is the configuration file used by afpd to determine the
2283
behavior and configuration of the different virtual file servers that it
2284
provides.
2285
2286
Any line not prefixed with # is interpreted. The configuration lines are
2287
composed like: server name [ options ] If a - is used instead of a server name,
2288
the default server is specified. Server names must be quoted if they contain
2289
spaces. They must not contain ":" or "@". The path name must be a fully
2290
qualified path name, or a path name using either the ~ shell shorthand or any
2291
of the substitution variables, which are listed below.
2292
2293
Note
2294
2295
Each server has to be configured on a single line.
2296
2297
The possible options and their meanings are:
2298
2299
AppleVolumes Files
2300
2301
-defaultvol [path]
2302
2303
Specifies path to AppleVolumes.default file (default is /etc/netatalk/
2304
AppleVolumes.default).
2305
2306
-systemvol [path]
2307
2308
Specifies path to AppleVolumes.system file (default is /etc/netatalk/
2309
AppleVolumes.system).
2310
2311
-[no]uservol
2312
2313
Enables or disables reading of the users' individual volumes file entirely.
2314
2315
-[no]uservolfirst
2316
2317
Enables or disables reading of the users' individual volumes file before
2318
processing the global AppleVolumes.default file.
2319
2320
Authentication Methods
2321
2322
-uamlist [uams list]
2323
2324
Comma separated list of UAMs. (The default is uams_clrtxt.so,uams_dhx.so).
2325
2326
The most commonly used UAMs are:
2327
2328
uams_guest.so
2329
2330
allows guest logins
2331
2332
uams_clrtxt.so
2333
2334
(uams_pam.so or uams_passwd.so) Allow logins with passwords transmitted
2335
in the clear.
2336
2337
uams_randum.so
2338
2339
allows Random Number and Two-Way Random Number Exchange for
2340
authentication (requires a separate file containing the passwords,
2341
either /etc/netatalk/afppasswd file or the one specified via
2342
-passwdfile. See afppasswd(1) for details
2343
2344
uams_dhx.so
2345
2346
(uams_dhx_pam.so or uams_dhx_passwd.so) Allow Diffie-Hellman eXchange
2347
(DHX) for authentication.
2348
2349
uam_gss.so
2350
2351
Allow Kerberos V for authentication (optional)
2352
2353
-uampath [path]
2354
2355
Sets the default path for UAMs for this server (default is /etc/netatalk/
2356
uams).
2357
2358
-k5keytab [path], -k5service [service], -k5realm [realm]
2359
2360
These are required if the server supports the Kerberos 5 authentication
2361
UAM.
2362
2363
Codepage Options
2364
2365
With OS X Apple introduced the AFP3 protocol. One of the big changes was, that
2366
AFP3 uses Unicode names encoded as UTF-8 decomposed. Previous AFP/OS versions
2367
used codepages like MacRoman, MacCentralEurope, etc.
2368
2369
To be able to serve AFP3 and older clients at the same time, afpd needs to be
2370
able to convert between UTF-8 and Mac codepages. Even OS X clients partly still
2371
rely on codepages. As there's no way, afpd can detect the codepage a pre AFP3
2372
client uses, you have to specify it using the -maccodepage option. The default
2373
is MacRoman, which should be fine for most western users.
2374
2375
As afpd needs to interact with unix operating system as well, it need's to be
2376
able to convert from UTF-8/MacCodepage to the unix codepage. By default afpd
2377
uses the systems LOCALE, or ASCII if your system doesn't support locales. You
2378
can set the unix codepage using the -unixcodepage option. If you're using
2379
extended characters in the configuration files for afpd, make sure your
2380
terminal matches the -unixcodepage.
2381
2382
-unixcodepage [CODEPAGE]
2383
2384
Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8". This is
2385
used to convert strings to/from the systems locale, e.g. for
2386
authenthication, server messages and volume names. Defaults to LOCALE if
2387
your system supports it, otherwise ASCII will be used.
2388
2389
-maccodepage [CODEPAGE]
2390
2391
Specifies the mac clients codepage, e.g. "MAC_ROMAN". This is used to
2392
convert strings and filenames to the clients codepage for OS9 and Classic,
2393
i.e. for authentication and AFP messages (SIGUSR2 messaging). This will
2394
also be the default for the volumes maccharset. Defaults to MAC_ROMAN.
2395
2396
Password Options
2397
2398
-loginmaxfail [number]
2399
2400
Sets the maximum number of failed logins, if supported by the UAM
2401
(currently none)
2402
2403
-passwdfile [path]
2404
2405
Sets the path to the Randnum UAM passwd file for this server (default is /
2406
etc/netatalk/afppasswd).
2407
2408
-passwdminlen [number]
2409
2410
Sets the minimum password length, if supported by the UAM
2411
2412
-[no]savepassword
2413
2414
Enables or disables the ability of clients to save passwords locally
2415
2416
-[no]setpassword
2417
2418
Enables or disables the ability of clients to change their passwords via
2419
chooser or the "connect to server" dialog
2420
2421
Transport Protocols
2422
2423
-[no]ddp
2424
2425
Enables or disables AFP-over-Appletalk. If -proxy is specified, you must
2426
instead use -uamlist "" to prevent DDP connections from working.
2427
2428
-[no]tcp
2429
2430
Enables or disables AFP-over-TCP
2431
2432
-transall
2433
2434
Make both available (default)
2435
2436
Transport Options
2437
2438
-advertise_ssh
2439
2440
Allows Mac OS X clients (10.3.3 or above) to automagically establish a
2441
tunneled AFP connection through SSH. If this option is set, the server's
2442
answers to client's FPGetSrvrInfo requests contain an additional entry. It
2443
depends on both client's settings and a correctly configured and running
2444
sshd(8) on the server to let things work.
2445
2446
Note
2447
2448
Setting this option is not recommended since globally encrypting AFP
2449
connections via SSH will increase the server's load significantly. On the
2450
other hand, Apple's client side implementation of this feature in MacOS X
2451
versions prior to 10.3.4 contained a security flaw.
2452
2453
-ddpaddr [ddp address]
2454
2455
Specifies the DDP address of the server. The default is to auto-assign an
2456
address (0.0). This is only useful if you are running AppleTalk on more
2457
than one interface.
2458
2459
-fqdn [name:port]
2460
2461
Specifies a fully-qualified domain name, with an optional port. This is
2462
discarded if the server cannot resolve it. This option is not honored by
2463
AppleShare clients <= 3.8.3. This option is disabled by default. Use with
2464
caution as this will involve a second name resolution step on the client
2465
side. Also note that afpd will advertise this name:port combination but not
2466
automatically listen to it.
2467
2468
-ipaddr [ip address]
2469
2470
Specifies the IP address that the server should advertise and listens to
2471
(the default is the first IP address of the system). This option also
2472
allows to use one machine to advertise the AFP-over-TCP/IP settings of
2473
another machine via NBP when used together with the -proxy option.
2474
2475
-port [port number]
2476
2477
Allows a different TCP port to be used for AFP-over-TCP. The default is
2478
548.
2479
2480
-proxy
2481
2482
Runs an AppleTalk proxy server for the specified AFP-over-TCP server. If
2483
the address and port aren't given, then the first IP address of the system
2484
and port 548 will be used. If you don't want the proxy server to act as a
2485
DDP server as well, set -uamlist "".
2486
2487
-server_quantum [number]
2488
2489
This specifies the DSI server quantum. The minimum value is 303840
2490
(0x4A2E0). The maximum value is 0xFFFFFFFFF. If you specify a value that is
2491
out of range, the default value will be set (which is the minimum). Do not
2492
change this value unless you're absolutely sure, what you're doing
2493
2494
-noslp
2495
2496
Do not register this server using the Service Location Protocol (if SLP
2497
support was compiled in). This is useful if you are running multiple
2498
servers and want one to be hidden, perhaps because it is advertised
2499
elsewhere, ie. by a SLP Directory Agent.
2500
2501
Miscellaneous Options
2502
2503
-admingroup [group]
2504
2505
Allows users of a certain group to be seen as the superuser when they log
2506
in. This option is disabled by default.
2507
2508
-authprintdir [path]
2509
2510
Specifies the path to be used (per server) to store the files required to
2511
do CAP-style print authentication which papd will examine to determine if a
2512
print job should be allowed. These files are created at login and if they
2513
are to be properly removed, this directory probably needs to be umode 1777.
2514
2515
Note
2516
2517
-authprintdir will only work for clients connecting via DDP. Almost all
2518
modern Clients will use TCP.
2519
2520
-client_polling
2521
2522
With this switch enabled, afpd won't advertise that it is capable of server
2523
notifications, so that connected clients poll the server every 10 seconds
2524
to detect changes in opened server windows. Note: Depending on the number
2525
of simultaneously connected clients and the network's speed, this can lead
2526
to a significant higher load on your network!
2527
2528
Note
2529
2530
Do not use this option any longer as Netatalk 2.0 correctly supports server
2531
notifications, allowing connected clients to update folder listings in case
2532
another client changed the contents.
2533
2534
-cnidserver [ipaddress:port]
2535
2536
Specifies the IP address and port of a cnid_metad server, required for CNID
2537
dbd backend. Defaults to localhost:4700.
2538
2539
-guestname [name]
2540
2541
Specifies the user that guests should use (default is "nobody"). The name
2542
should be quoted.
2543
2544
-icon
2545
2546
Use the platform-specific icon
2547
2548
-loginmesg [message]
2549
2550
Sets a message to be displayed when clients logon to the server. The
2551
message should be in unixcodepage and should be quoted. Extended characters
2552
are allowed.
2553
2554
-nodebug
2555
2556
Disables debugging.
2557
2558
-sleep [number]
2559
2560
AFP 3.x waits number hours before disconnecting clients in sleep mode.
2561
Default is 10 hours.
2562
2563
-signature { user:<text> | host }
2564
2565
Specify a server signature. This option is useful while running multiple
2566
independent instances of afpd on one machine (eg. in clustered
2567
environments, to provide fault isolation etc.). "host" signature type
2568
allows afpd generating signature automatically (based on machine primary IP
2569
address). "user" signature type allows administrator to set up a signature
2570
string manually. The maximum length is 16 characters
2571
2572
Example 5.1. Three server definitions using 2 different server signatures
2573
2574
first -signature user:USERS
2575
second -signature user:USERS
2576
third -signature user:ADMINS
2577
2578
First two servers will appear as one logical AFP service to the clients -
2579
if user logs in to first one and then connects to second one, session will
2580
be automatically redirected to the first one. But if client connects to
2581
first and then to third, will be asked for password twice and will see
2582
resources of both servers. Traditional method of signature generation
2583
causes two independent afpd instances to have the same signature and thus
2584
cause clients to be redirected automatically to server (s)he logged in
2585
first.
2586
2587
Logging Options
2588
2589
Note
2590
2591
Extended logging capabilities are only available if Netatalk was built using
2592
--with-logfile. As of Netatalk 2.0, the default is --without-logfile since the
2593
logger code is partially broken and needs a complete rewrite (the -setuplog
2594
option might not work as expected). If Netatalk was built without logger
2595
support then the daemons log to syslog.
2596
2597
-[un]setuplog "<logtype> <loglevel> [<filename>]"
2598
2599
Specify that the given loglevel should be applied to log messages of the
2600
given logtype and that these messages should be logged to the given file.
2601
If the filename is ommited the loglevel applies to messages passed to
2602
syslog. Each logtype may have a loglevel applied to syslog and a loglevel
2603
applied to a single file. Latter -setuplog settings will override earlier
2604
ones of the same logtype (file or syslog).
2605
2606
logtypes: Default, Core, Logger, CNID, AFP
2607
2608
Daemon loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, LOG_NOTE, LOG_INFO,
2609
LOG_DEBUG, LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, LOG_DEBUG9, LOG_MAXDEBUG
2610
2611
Example 5.2. Some ways to change afpd's logging behaviour via -[un]setuplog
2612
2613
Example:
2614
2615
-setuplog "logger log_maxdebug /var/log/netatalk-logger.log"
2616
-setuplog "afpdaemon log_maxdebug /var/log/netatalk-afp.log"
2617
-unsetuplog "default level file"
2618
-setuplog "default log_maxdebug"
2619
2620
Debug Options
2621
2622
These options are useful for debugging only.
2623
2624
-tickleval [number]
2625
2626
Sets the tickle timeout interval (in seconds). Defaults to 30.
2627
2628
-timeout [number]
2629
2630
Specify the number of tickles to send before timing out a connection. The
2631
default is 4, therefore a connection will timeout after 2 minutes.
2632
2633
Examples
2634
2635
Example 5.3. afpd.conf default configuration
2636
2637
- -transall -uamlist uams_clrtxt.so,uams_dhx.so
2638
2639
Example 5.4. afpd.conf MacCyrillic setup / UTF8 unix locale
2640
2641
- -transall -maccodepage mac_cyrillic -unixcodepage utf8
2642
2643
Example 5.5. afpd.conf setup for Kerberos V auth
2644
2645
- -transall -uamlist uams_clrtxt.so,uams_dhx.so,uams_guest.so,uams_gss.so \
2646
-k5service afpserver -k5keytab /path/to/afpserver.keytab \
2647
-k5realm YOUR.REALM -fqdn your.fqdn.namel:548
2648
2649
Example 5.6. afpd.conf letting afpd appear as three servers on the net
2650
2651
"Guest Server" -uamlist uams_guest.so -loginmesg "Welcome guest!"
2652
"User Server" -uamlist uams_dhx.so -port 12000
2653
"special" -notcp -defaultvol <path> -systemvol <path>
2654
2655
See also
2656
2657
afpd(8), afppasswd(1), AppleVolumes.default(5)
2658
2659
-------------------------------------------------------------------------------
2660
2661
Name
2662
2663
afppasswd - netatalk password maintenance utility
2664
2665
Synopsis
2666
2667
afppasswd [-acfn] [ -p passwd file ] [ -u minimum uid ]
2668
2669
DESCRIPTION
2670
2671
afppasswd allows the maintenance of afppasswd files created by netatalk for use
2672
by the uams_randnum.so UAM (providing the "Randnum exchange" and "2-Way Randnum
2673
exchange" User Authentication Modules).
2674
2675
afppasswd can either be called by root with parameters, or can be called by
2676
local system users with no parameters to change their AFP passwords.
2677
2678
Note
2679
2680
With this utility you can only change the passwords used by two specific UAMs.
2681
As they provide only weak password encryption, the use of the "Randnum
2682
exchange" and "2-Way Randnum exchange" UAMs is deprecated unless one has to
2683
support very old AFP clients, that can not deal with the more secure
2684
"DHCAST128" UAM instead. Please compare with the Authentication chapter inside
2685
Netatalk's documentation.
2686
2687
EXAMPLE
2688
2689
Local user changing their own password:
2690
2691
example% afppasswd
2692
Enter NEW AFP password: (hidden)
2693
Enter NEW AFP password again: (hidden)
2694
afppasswd: updated password.
2695
2696
OPTIONS
2697
2698
-a
2699
2700
Add a new user to the afppasswd file.
2701
2702
-c
2703
2704
Create and/or initialize afppasswd file or specific user.
2705
2706
-f
2707
2708
Force the current action.
2709
2710
-p path
2711
2712
Path to afppasswd file.
2713
2714
-n
2715
2716
If cracklib support is built into netatalk this option will cause cracklib
2717
checking to be disabled, if the superuser does not want to have the
2718
password run against the cracklib dictionary.
2719
2720
-u minimum uid
2721
2722
This is the minimum user id (uid) that afppasswd will use when creating
2723
users.
2724
2725
SEE ALSO
2726
2727
afpd(8), atalkd(8).
2728
2729
-------------------------------------------------------------------------------
2730
2731
Name
2732
2733
AppleVolumes.default - Configuration file used by afpd(8) to determine the
2734
shares made available through Appletalk
2735
2736
Description
2737
2738
/etc/netatalk/AppleVolumes.default is the configuration file used by afpd to
2739
determine what portions of the file system will be shared via Apple Filing
2740
Protocol, as well as their behaviour. Any line not prefixed with # is
2741
interpreted. The configuration lines are composed like:
2742
2743
path [ volume name ] [ options ]
2744
2745
The path name must be a fully qualified path name, or a path name using either
2746
the ~ shell shorthand or any of the substitution variables, which are listed
2747
below.
2748
2749
The volume name is the name that appears in the Chooser ot the "connect to
2750
server" dialog on Macintoshes to represent the appropriate share. If there are
2751
spaces in the name, it should be in quotes (i.e. "File Share"). The volume name
2752
may not exceed 27 characters in length, and cannot contain the ':' character.
2753
2754
Note
2755
2756
Each volume has to be configured on a single line.
2757
2758
The possible options and their meanings are:
2759
2760
adouble:[v1|v2|osx]
2761
2762
specify the format of the metadata files, which are used for saving Mac
2763
resource fork as well. Earlier versions used AppleDouble V1, the new
2764
default format is V2. Starting with Netatalk 2.0, the scheme MacOS X uses
2765
currently (10.3.x), is also supported
2766
2767
Note
2768
2769
Using adouble:osx is not recommended for production use. Its only aim is to
2770
temporarely share eg. FAT32 formatted FireWire harddrives written on a
2771
Macintosh with afpd. Apple's metadata scheme lacks several essential
2772
features, so using it on the server's side will break both CNIDs and MacOS
2773
9 compatibility
2774
2775
allow:[users/groups]
2776
2777
The allow option allows the users and groups that access a share to be
2778
specified. Users and groups are specified, delimited by commas. Groups are
2779
designated by a @ prefix. Example: allow:user1,user2,@group
2780
2781
deny:[users/groups]
2782
2783
The deny option specifies users and groups who are not allowed access to
2784
the share. It follows the same format as the allow option.
2785
2786
cnidscheme:[backend]
2787
2788
set the CNID backend to be used for the volume, default is [cdb] available
2789
schemes: [cdb,dbd,last]
2790
2791
dbpath:[path]
2792
2793
Sets the database information to be stored in path. You have to specifiy a
2794
writable location, even if the volume is read only.
2795
2796
maccharset:[charset]
2797
2798
specifies the mac client codepage for this Volume, e.g. "MAC_ROMAN",
2799
"MAC_CYRILLIC". If not specified the setting from afpd.conf is inherited.
2800
This setting is only required if you need volumes, where the mac codepage
2801
differs from the one globally set in afpd.conf.
2802
2803
options:[option]
2804
2805
This allows multiple options to be specified in a comma delimited format.
2806
The available options are:
2807
2808
limitsize
2809
2810
Limit disk size reporting to 2GB. This can be used for older
2811
Macintoshes using newer Appleshare clients.
2812
2813
ro
2814
2815
Specifies the share as being read only for all users. The .AppleDB
2816
directory has to be writeable, you can use the -dbpath option to
2817
relocate it.
2818
2819
usedots
2820
2821
Don't do :hex translation for dot files. note: when this option gets
2822
set, certain file names become illegal. These are .Parent and anything
2823
that starts with .Apple. Also, dot files created on the unix side are
2824
marked invisible.
2825
2826
root_preexec_close
2827
2828
a non-zero return code from root_preexec closes the volume immediately,
2829
preventing clients to mount/see the volume in question.
2830
2831
preexec_close
2832
2833
a non-zero return code from preexec close the volume being immediately,
2834
preventing clients to mount/see the volume in question.
2835
2836
password:[password]
2837
2838
This option allows you to set a volume password, which can be a maximum of
2839
8 characters long (using ASCII strongly recommended at the time of this
2840
writing).
2841
2842
preexec:[command]
2843
2844
command to be run when the volume is mounted, ignored for user defined
2845
volumes
2846
2847
postexec:[command]
2848
2849
command to be run when the volume is closed, ignored for user defined
2850
volumes
2851
2852
root_preexec:[command]
2853
2854
command to be run as root when the volume is mounted, ignored for user
2855
defined volumes
2856
2857
root_postexec:[command]
2858
2859
command to be run as root when the volume is closed, ignored for user
2860
defined volumes
2861
2862
rolist:[users/groups]
2863
2864
Allows certain users and groups to have read-only access to a share. This
2865
follows the allow option format.
2866
2867
rwlist:[users/groups]
2868
2869
Allows certain users and groups to have read/write access to a share. This
2870
follows the allow option format.
2871
2872
veto:[vetoed name]
2873
2874
hide files and directories,where the path matches one of the '/' delimited
2875
vetoed names. Matches are partial, e.g. path is /abc/def/file and veto:/abc
2876
/ will hide the file.
2877
2878
volcharset:[charset]
2879
2880
specifies the volume codepage, e.g. "UTF8", "UTF8-MAC", "ISO-8859-15".
2881
Defaults to "UTF8".
2882
2883
Variable substitutions
2884
2885
You can use variables in both volume path and volume name.
2886
2887
1. if you specify an unknown variable, it will not get converted.
2888
2889
2. if you specify a known variable, but that variable doesn't have a value, it
2890
will get ignored.
2891
2892
The variables which can be used for substitutions are:
2893
2894
$b
2895
2896
basename
2897
2898
$c
2899
2900
client's ip or appletalk address
2901
2902
$d
2903
2904
volume pathname on server
2905
2906
$f
2907
2908
full name (contents of the gecos field in the passwd file)
2909
2910
$g
2911
2912
group name
2913
2914
$h
2915
2916
hostname
2917
2918
$i
2919
2920
client's ip, without port
2921
2922
$s
2923
2924
server name (this can be the hostname)
2925
2926
$u
2927
2928
user name (if guest, it is the user that guest is running as)
2929
2930
$v
2931
2932
volume name (either ADEID_NAME or basename of path)
2933
2934
$z
2935
2936
appletalk zone (may not exist)
2937
2938
$$
2939
2940
prints dollar sign ($)
2941
2942
When using variable substitution in the volume name, always keep in mind, not
2943
to exceed the 27 characters limit
2944
2945
Example 5.7. Using variable substitution when defining volumes
2946
2947
/home/groups/$g "Groupdir for $g"
2948
~ "$f is the best one"
2949
2950
We define "groupdirs" for each primary group and use a personalized server name
2951
for homedir shares.
2952
2953
CNID backends
2954
2955
The AFP protocol mostly refers to files and directories by ID and not by name.
2956
Netatalk needs a way to store these ID's in a persistent way, to achieve this
2957
several different CNID backends are available. The CNID Databases are by
2958
default located in the .AppleDB folder in the volume root.
2959
2960
cdb
2961
2962
"Concurrent database", backend is based on Sleepycat's Berkely DB. With
2963
this backend several afpd deamons access the CNID database directly.
2964
Berkeley DB locking is used to synchronize access, if more than one afpd
2965
process is active for a volume. The drawback is, that the crash of a single
2966
afpd process might corrupt the database.
2967
2968
dbd
2969
2970
Access to the CNID database is restricted to the cnid_metad daemon process.
2971
afpd processes communicate with the daemon for database reads and updates.
2972
If built with Berkeley DB transactions the probability for database
2973
corruption is practically zero, but performance can be slower than with cdb
2974
2975
last
2976
2977
This backend is an exception, in terms of ID persistency. ID's are only
2978
valid for the current session. This is basically what afpd did in the 1.5
2979
(and 1.6) versions. This backend is still available, as it is useful for
2980
e.g. sharing cdroms.
2981
2982
Warning: It is NOT recommended to use this backend for volumes anymore, as
2983
afpd now relies heavily on a persistent ID database. Aliases will likely
2984
not work and filename mangling is not supported.
2985
2986
Even though ./configure --help might show that there are other CNID backends
2987
available, be warned those are likely broken or mainly used for testing. Don't
2988
use them unless you know what you're doing, they may be removed without further
2989
notice from future versions.
2990
2991
Charset options
2992
2993
With OS X Apple introduced the AFP3 protocol. One of the most important changes
2994
was that AFP3 uses unicode names encoded as UTF-8 decomposed. Previous AFP/OS
2995
versions used codepages, like MacRoman, MacCentralEurope, etc.
2996
2997
afpd needs a way to preserve extended macintosh characters, or characters
2998
illegal in unix filenames, when saving files on a unix filesystem. Earlier
2999
versions used the the so called CAP encoding. An extended character (>0x7F)
3000
would be converted to a :xx sequence, e.g. the Apple Logo (MacRoman: 0XF0) was
3001
saved as :f0. Some special characters will be converted as to :xx notation as
3002
well. '/' will be encoded to :2f, if -usedots is not specified, a leading dot
3003
'.' will be encoded as :2e.
3004
3005
This version now uses UTF-8 as the default encoding for names. Special
3006
characters, like '/' and a leading '.' will still be CAP style encoded .
3007
3008
The -volcharset option will allow you to select another volume encoding. E.g.
3009
for western users another useful setting could be -volcharset ISO-8859-15. apfd
3010
will accept any iconv(1) provided charset. If a character cannot be converted
3011
from the mac codepage to the selected volcharset, afpd will save it as a CAP
3012
encoded character. For AFP3 clients, afpd will convert the UTF-8 character to
3013
-maccharset first. If this conversion fails, you'll receive a -50 error on the
3014
mac.
3015
3016
Note: Whenever you can, please stick with the default UTF-8 volume format.
3017
3018
Compatibility with earlier versions
3019
3020
To use a volume created with an earlier afpd version, you'll have to specify
3021
the following options:
3022
3023
Example 5.8. use a 1.x style volume
3024
3025
/path/to/volume "Volname" adouble:v1 volcharset:ASCII
3026
3027
In case you used an NLS you could try using a compatible iconv charset for
3028
-volcharset.
3029
3030
Example 5.9. use a 1.x style volume, created with maccode.iso8859-1
3031
3032
/path/to/volume "Volname" adouble:v1 volcharset:ISO-8859-1
3033
3034
You should consider converting old style volumes to the new UTF-8/AD2 format.
3035
The safest way to do this, is to create a new volume with the default options
3036
and copy the files between this volumes with a mac.
3037
3038
Note: Using above example options will allow you to downgrade to 1.x netatalk
3039
again.
3040
3041
Note: Some 1.x NLS files used non standard mappings, e.g.
3042
maccode.iso8859-1.adapted. This is not supported anymore. You'll have to copy
3043
the contents of those volumes files to a Mac and then back to the netatalk
3044
server, preferably to an UTF-8 volume.
3045
3046
Advanced Options
3047
3048
The following options should only be used after serious consideration. Be sure
3049
you fully understood the, sometimes complex, consequences, before using them.
3050
3051
casefold:[option]
3052
3053
The casefold option handles, if the case of filenames should be changed.
3054
The available options are:
3055
3056
tolower - Lowercases names in both directions.
3057
3058
toupper - Uppercases names in both directions.
3059
3060
xlatelower - Client sees lowercase, server sees uppercase.
3061
3062
xlateupper - Client sees uppercase, server sees lowercase.
3063
3064
options:[option]
3065
3066
This allows multiple options to be specified in a comma delimited format.
3067
The available options are:
3068
3069
cachecnid
3070
3071
If set afpd uses the ID information stored in AppleDouble V2 header
3072
files to reduce database load. Don't set this option if the volume is
3073
modified by non AFP clients (NFS/SMB/local). Defaults to off.
3074
3075
crlf
3076
3077
Enables crlf translation for TEXT files, automatically converting
3078
macintosh line breaks into Unix ones. Use of this option might be
3079
dangerous since some older programs store binary data files as type
3080
"TEXT" when saving and switch the filetype in a second step. Afpd will
3081
potentially destroy such files when "erroneously" changing bytes in
3082
order to do line break translation.
3083
3084
dropbox
3085
3086
Allows a volume to be declared as being a "dropbox." Note that netatalk
3087
must be compiled with dropkludge support for this to function. Warning:
3088
This option is deprecated and might not work as expected.
3089
3090
mswindows
3091
3092
Forces filename restrictions imposed by MS WinXX. Warning: This is NOT
3093
recommened for volumes mainly used by Macs. Please make sure you fully
3094
understand this option before using it.
3095
3096
Warning
3097
3098
This option breaks direct saving to netatalk volumes from some
3099
applications, i.e. OfficeX.
3100
3101
noadouble
3102
3103
Forces afpd to not create .AppleDouble directories unless macintosh
3104
metadata needs to be written. This option is only useful if you want to
3105
share files mostly used NOT by macs, causing afpd to not automatically
3106
create .AppleDouble subdirs containing AD header files in every
3107
directory it enters (which will it do by default).
3108
3109
In case, you save or change files from mac clients, AD metadata files
3110
have to be written even in case you set this option. So you can't avoid
3111
the creation of .AppleDouble directories and its contents when you give
3112
macs write access to a share and they make use of it.
3113
3114
Try to avoid noadouble whenever possible.
3115
3116
nodev
3117
3118
always use 0 for device number, helps when the device number is not
3119
constant across a reboot, cluster, ...
3120
3121
nofileid
3122
3123
don't advertise createfileid, resolveid, deleteid calls.
3124
3125
nohex
3126
3127
Disables :hex translations for anything except dot files. This option
3128
makes the '/' character illegal.
3129
3130
prodos
3131
3132
Provides compatibility with Apple II clients.
3133
3134
nostat
3135
3136
don't stat volume path when enumerating volumes list, useful for
3137
automounting or volumes created by a preexec script.
3138
3139
upriv
3140
3141
use AFP3 unix privileges. Become familiar with the new "unix
3142
privileges" AFP permissions concepts in MacOS X before using this
3143
option.
3144
3145
See Also
3146
3147
afpd.conf(5), afpd(8)
3148
3149
-------------------------------------------------------------------------------
3150
3151
Name
3152
3153
apple_cp - Do an apple copy, copying file metadata and the resource fork as
3154
well
3155
3156
Synopsis
3157
3158
/usr/bin/apple_cp SOURCE DEST /usr/bin/apple_cp SOURCE... DIRECTORY
3159
3160
DESCRIPTION
3161
3162
apple_cp is a perl script to copy SOURCE to DEST or multiple SOURCE(s) to
3163
DIRECTORY. It also copies the file specific metadata (including resource forks)
3164
to the .AppleDouble directory for DEST or DIRECTORY. If the .AppleDouble
3165
directory doesn't exist for DEST or DIRECTORY it will create it.
3166
3167
EXAMPLES
3168
3169
/usr/bin/apple_cp test.text /target/directory/
3170
3171
/usr/bin/apple_cp test.text /target/directory/test2.text
3172
3173
/usr/bin/apple_cp test.text testing.text /target/directory/
3174
3175
REPORTING BUGS
3176
3177
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3178
3179
SEE ALSO
3180
3181
apple_mv(1), apple_rm(1).
3182
3183
-------------------------------------------------------------------------------
3184
3185
Name
3186
3187
apple_mv - Do an apple move, moving metadata and the resource fork as well
3188
3189
Synopsis
3190
3191
/usr/bin/apple_mv SOURCE DEST /usr/bin/apple_mv SOURCE... DIRECTORY
3192
3193
DESCRIPTION
3194
3195
apple_mv is a perl script to move SOURCE to DEST or multiple SOURCE(s) to
3196
DIRECTORY. It also moves the file specific metadata (including resource forks)
3197
to the .AppleDouble directory for DEST or DIRECTORY. If the .AppleDouble
3198
directory doesn't exist for DEST or DIRECTORY it will create it.
3199
3200
EXAMPLES
3201
3202
/usr/bin/apple_mv test.text /target/directory/
3203
3204
/usr/bin/apple_mv test.text /target/directory/test2.text
3205
3206
/usr/bin/apple_mv test.text testing.text /target/directory/
3207
3208
REPORTING BUGS
3209
3210
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3211
3212
SEE ALSO
3213
3214
apple_cp(1), apple_rm(1).
3215
3216
-------------------------------------------------------------------------------
3217
3218
Name
3219
3220
apple_rm - Do an apple remove, remove metadata and resource fork as well
3221
3222
Synopsis
3223
3224
/usr/bin/apple_rm FILE...
3225
3226
DESCRIPTION
3227
3228
apple_rm is a perl script that removes FILE(s) as well as the .AppleDouble
3229
metadata file(s) that corresponds to FILE(s). These AppleDouble header files
3230
eventually also contain the resource fork if the files had one. apple_rm does
3231
not delete directories.
3232
3233
EXAMPLES
3234
3235
/usr/bin/apple_rm test.text
3236
3237
/usr/bin/apple_rm test.text testing.text
3238
3239
REPORTING BUGS
3240
3241
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3242
3243
SEE ALSO
3244
3245
apple_cp(1), apple_mv(1).
3246
3247
-------------------------------------------------------------------------------
3248
3249
Name
3250
3251
asip-status.pl - Queries AFP servers for their capabilities
3252
3253
Synopsis
3254
3255
/usr/bin/asip-status.pl ADDRESS:PORT...
3256
3257
DESCRIPTION
3258
3259
asip-status.pl is a perl script that sends a FPGetSrvrInfo request to an AFP
3260
server at ADDRESS:PORT and displays the results, namely "Machine type", the
3261
server's name, supported AFP versions, UAMs and AFP flags, the "server
3262
signature" and the network addresses, the server provides AFP services on.
3263
3264
When you don't supply :PORT, then the default AFP port, 548, will be used.
3265
3266
EXAMPLES
3267
3268
/usr/bin/asip-status.pl 192.168.21.2
3269
AFP reply from 192.168.21.2:548
3270
Flags: 1 Cmd: 3 ID: 57005
3271
Reply: DSIGetStatus
3272
Request ID: 57005
3273
Machine type: Macintosh
3274
AFP versions: AFPVersion 1.1,AFPVersion 2.0,AFPVersion 2.1,AFP2.2
3275
UAMs: Cleartxt passwrd,Randnum exchange,2-Way Randnum exchange
3276
Flags: SupportsCopyFile,SupportsChgPwd,SupportsServerMessages,
3277
SupportsServerSignature,SupportsTCP/IP,SupportsSuperClient
3278
Server name: PowerMac 9600/200
3279
Signature:
3280
04 c1 6e 59 04 c1 6e 59 04 c1 6e 59 04 c1 6e 59 ..nY..nY..nY..nY
3281
3282
Network address: 192.168.21.2:548 (tcp/ip address and port)
3283
Network address: 10.20 (ddp address)
3284
/usr/bin/asip-status.pl 192.168.21.1:10548
3285
AFP reply from 192.168.21.1:10548
3286
Flags: 1 Cmd: 3 ID: 57005
3287
Reply: DSIGetStatus
3288
Request ID: 57005
3289
Machine type: Netatalk
3290
AFP versions: AFPVersion 1.1,AFPVersion 2.0,AFPVersion 2.1,AFP2.2,AFPX03,
3291
AFP3.1
3292
UAMs: Cleartxt passwrd,Randnum exchange,2-Way Randnum exchange,DHCAST128
3293
Flags: SupportsCopyFile,SupportsServerMessages,SupportsServerSignature,
3294
SupportsTCP/IP,SupportsSrvrNotifications,SupportsOpenDirectory,
3295
SupportsUTF8Servername,SupportsSuperClient
3296
Server name: Fire V480
3297
Signature:
3298
83 29 cc 60 83 29 cc 60 83 29 cc 60 83 29 cc 60 .).`.).`.).`.).`
3299
3300
Network address: 192.168.21.1:10548 (TCP/IP address and port)
3301
Network address: 65282.142 (ddp address)
3302
UTF8 Servername: Fire V480
3303
3304
REPORTING BUGS
3305
3306
Report bugs to the Netatalk-devel list <netatalk-devel@lists.sourceforge.net>.
3307
3308
-------------------------------------------------------------------------------
3309
3310
Name
3311
3312
atalk - AppleTalk protocol family
3313
3314
Synopsis
3315
3316
#include <sys/types.h>
3317
#include <netatalk/at.h>
3318
3319
DESCRIPTION
3320
3321
The AppleTalk protocol family is a collection of protocols layered above the
3322
Datagram Delivery Protocol (DDP), and using AppleTalk address format. The
3323
AppleTalk family may provide SOCK_STREAM (ADSP), SOCK_DGRAM (DDP), SOCK_RDM
3324
(ATP), and SOCK_SEQPACKET (ASP). Currently, only DDP is implemented in the
3325
kernel; ATP and ASP are implemented in user level libraries; and ADSP is
3326
planned.
3327
3328
ADDRESSING
3329
3330
AppleTalk addresses are three byte quantities, stored in network byte order.
3331
The include file <netatalk/at.h> defines the AppleTalk address format.
3332
3333
Sockets in the AppleTalk protocol family use the following address structure:
3334
3335
struct sockaddr_at {
3336
short sat_family;
3337
u_char sat_port;
3338
struct at_addr sat_addr;
3339
char sat_zero[ 8 ];
3340
};
3341
3342
The port of a socket may be set with bind(2). The node for bind must always be
3343
ATADDR_ANYNODE: ``this node.'' The net may be ATADDR_ANYNET or ATADDR_LATENET.
3344
ATADDR_ANYNET coresponds to the machine's ``primary'' address (the first
3345
configured). ATADDR_LATENET causes the address in outgoing packets to be
3346
determined when a packet is sent, i.e. determined late. ATADDR_LATENET is
3347
equivalent to opening one socket for each network interface. The port of a
3348
socket and either the primary address or ATADDR_LATENET are returned with
3349
getsockname(2).
3350
3351
SEE ALSO
3352
3353
bind(2), getsockname(2), atalkd(8).
3354
3355
-------------------------------------------------------------------------------
3356
3357
Name
3358
3359
atalkd - AppleTalk RTMP, NBP, ZIP, and AEP manager
3360
3361
Synopsis
3362
3363
atalkd [-f configfile] [-1] [-2]
3364
3365
Description
3366
3367
atalkd is responsible for all user level AppleTalk network management. This
3368
includes routing, name registration and lookup, zone lookup, and the AppleTalk
3369
Echo Protocol (similar to ping(8)). atalkd is typically started at boot time,
3370
out of /etc/rc. It first reads from its configuration file, /etc/netatalk/
3371
atalkd.conf. If there is no configuration file, atalkd will attempt to
3372
configure all available interfaces and will create a configuration file. The
3373
file consists of a series of interfaces, one per line. Lines with `#' in the
3374
first column are ignored, as are blank lines. The syntax is
3375
3376
interface [ -seed ] [ -phase number ] [ -net net-range ] [ -addr address ] [
3377
-zone zonename ] ...
3378
3379
Note that all fields except the interface are optional. The loopback interface
3380
is configured automatically. If -seed is specified, all other fields must be
3381
present. Also, atalkd will exit during bootstrap�ping, if a router disagrees
3382
with its seed information. If -seed is not given, all other information may be
3383
overriden during auto-configuration. If no -phase option is given, the default
3384
phase as given on the command line is used (the default is 2). If -addr is
3385
given and -net is not, a net-range of one is assumed.
3386
3387
The first -zone directive for each interface is the ``default'' zone. Under
3388
Phase 1, there is only one zone. Under Phase 2, all routers on the network are
3389
configured with the default zone and must agree. atalkd maps ``*'' to the
3390
default zone of the first interface. Note: The default zone for a machine is
3391
determined by the configuration of the local routers; to appear in a
3392
non-default zone, each service, e.g. afpd, must individually specify the
3393
desired zone. See also nbp_name(3).
3394
3395
Routing
3396
3397
If you are connecting a netatalk router to an existing AppleTalk internet, you
3398
should first contact your local network administrators to obtain appropriate
3399
network addresses.
3400
3401
atalkd can provide routing between interfaces by configuring multiple
3402
interfaces. Each interface must be assigned a unique net-range between 1 and
3403
65279 (0 and 65535 are illegal, and addresses between 65280 and 65534 are
3404
reserved for startup). It is best to choose the smallest useful net-range, i.e.
3405
if you have three machines on an Ethernet, don't chose a net-range of
3406
1000-2000. Each net-range may have an arbitrary list of zones associated with
3407
it.
3408
3409
Examples
3410
3411
Below is an example configuration file for a sun4/40. The machine has two
3412
interfaces, ``le0'' and ``le1''. The ``le0'' interface is configured
3413
automatically from other routers on the network. The machine is the only router
3414
for the ``le1'' interface.
3415
3416
le0
3417
le1 -seed -net 9461-9471 -zone netatalk -zone Argus
3418
3419
atalkd automatically acts as a router if there is more than one interface.
3420
3421
Files
3422
3423
/etc/netatalk/atalkd.conf configuration file
3424
3425
Bugs
3426
3427
On some systems, atalkd can not be restarted.
3428
3429
SEE ALSO
3430
3431
atalkd.conf(5)
3432
3433
-------------------------------------------------------------------------------
3434
3435
Name
3436
3437
atalkd.conf - Configuration file used by atalkd(8) to determine the interfaces
3438
used by the master Netatalk daemon
3439
3440
DESCRIPTION
3441
3442
/etc/netatalk/atalkd.conf is the configuration file used by atalkd to configure
3443
the Appletalk interfaces and their behavior
3444
3445
Any line not prefixed with # is interpreted. The configuration lines are
3446
composed like:
3447
3448
Interface [ options ]
3449
3450
The simplest case is to have either no atalkd.conf, or to have one that has no
3451
active lines. In this case, atalkd should auto-discover the local interfaces on
3452
the machine. Please note that you cannot split lines.
3453
3454
The interface is the network interface that this to work over, such as eth0 for
3455
Linux, or le0 for Sun.
3456
3457
The possible options and their meanings are:
3458
3459
-addr net.node
3460
3461
Allows specification of the net and node numbers for this interface,
3462
specified in Appletalk numbering format (example: -addr 66.6).
3463
3464
-dontroute
3465
3466
Disables Appletalk routing. It is the opposite of -router.
3467
3468
-net first[-last]
3469
3470
Allows the available net to be set, optionally as a range.
3471
3472
-noallmulti (linux only)
3473
3474
On linux the interfaces, atalkd uses, are set to ALLMULTI by default caused
3475
by countless NICs having problems without being forced into this mode (some
3476
even don't work with allmulti set). In case, you've a NIC known to support
3477
multicasts properly, you might want to set this option causing less packets
3478
to be processed
3479
3480
-phase ( 1 | 2 )
3481
3482
Specifies the Appletalk phase that this interface is to use (either Phase 1
3483
or Phase 2).
3484
3485
-router
3486
3487
Like -seed, but allows single interface routing. It is the opposite of
3488
-dontroute.
3489
3490
-seed
3491
3492
The seed option only works if you have multiple interfaces. It also causes
3493
all missing arguments to be automagically configured from the network.
3494
3495
-zone zonename
3496
3497
Specifies a specific zone that this interface should appear on (example:
3498
-zone "Parking Lot"). Please note that zones with spaces and other special
3499
characters should be enclosed in parentheses.
3500
3501
SEE ALSO
3502
3503
atalkd(8)
3504
3505
-------------------------------------------------------------------------------
3506
3507
Name
3508
3509
atalk_aton - AppleTalk address parsing
3510
3511
Synopsis
3512
3513
#include <sys/types.h>
3514
#include <netatalk/at.h>
3515
3516
atalk_aton(cp, ata);
3517
char * cp;
3518
struct at_addr * ata;
3519
3520
DESCRIPTION
3521
3522
The atalk_aton() routine converts an ASCII representation of an AppleTalk
3523
address to a format appropriate for system calls. Acceptable ASCII
3524
representations include both hex and base 10, in triples or doubles. For
3525
instance, the address `0x1f6b.77' has a network part of `8043' and a node part
3526
of `119'. This same address could be written `8043.119', `31.107.119', or
3527
`0x1f.6b.77'. If the address is in hex and the first digit is one of `A-F', a
3528
leading `0x' is redundant.
3529
3530
SEE ALSO
3531
3532
atalk(4).
3533
3534
-------------------------------------------------------------------------------
3535
3536
Name
3537
3538
cnid_dbd - implement access to CNID databases through a dedicated daemon
3539
process
3540
3541
Synopsis
3542
3543
cnid_dbd dbdir ctrlfd clntfd
3544
3545
DESCRIPTION
3546
3547
cnid_dbd provides an interface for storage and retrieval of catalog node IDs
3548
(CNIDs) and related information to the afpd daemon. CNIDs are a component of
3549
Macintosh based file systems with semantics that map not easily onto Unix file
3550
systems. This makes separate storage in a database necessary. cnid_dbd is part
3551
of the CNID backend framework of afpd and implements the dbd backend.
3552
3553
cnid_dbd is never started via the command line or system startup scripts but
3554
only by the cnid_metad daemon. There is at most one instance of cnid_dbd per
3555
netatalk volume.
3556
3557
cnid_dbd uses the Berkleley DB database library and optionally supports
3558
transactionally protected updates if the netatalk package is compiled with the
3559
appropriate options. Using the dbd backend without transactions will protect
3560
the CNID database against unexpected crashes of the afpd daemon. Using the dbd
3561
backend with transactions will avoid corruption of the CNID database even if
3562
the system crashes unexpectedly.
3563
3564
cnid_dbd uses the same on-disk database format as the cdb backend. It is
3565
therefore possible to switch between the two backends as necessary.
3566
3567
cnid_dbd inherits the effective userid and groupid from cnid_metad on startup,
3568
which is normally caused by afpd serving a netatalk volume to a client. It
3569
changes to the Berkleley DB database home directory dbdir that is associated
3570
with the volume. If the userid inherited from cnid_metad is 0 (root), cnid_dbd
3571
will change userid and groupid to the owner and group of the database home
3572
directory. Otherwise, it will continue to use the inherited values. cnid_dbd
3573
will then attempt to open the database and start serving requests using
3574
filedescriptor clntfd. Subsequent instances of afpd that want to access the
3575
same volume are redirected to the running cnid_dbd process by cnid_metad via
3576
the filedescriptor ctrlfd.
3577
3578
cnid_dbd can be configured to run forever or to exit after a period of
3579
inactivity. If cnid_dbd receives a TERM or an INT signal it will exit cleanly
3580
after flushing dirty database buffers to disk and closing Berkleley DB database
3581
environments. It is safe to terminate cnid_dbd this way, it will be restarted
3582
when necessary. Other signals are not handled and will cause an immediate exit,
3583
possibly leaving the CNID database in an inconsistent state (no transactions)
3584
or losing recent updates during recovery (transactions).
3585
3586
If transactions are used the Berkleley DB database subsystem will create files
3587
named log.xxxxxxxxxx in the database home directory dbdir, where xxxxxxxxxx is
3588
a monotonically increasing integer. These files contain information to replay
3589
database changes and are not automatically removed, unless the
3590
logfile_autoremove option is specified in the db_param configuration file (see
3591
below). Please see the sections Database and log file archival, Log file
3592
removal and the documentation of the db_archive command line utility in the
3593
Berkeley DB Tutorial and Reference for information when and how it is safe to
3594
remove these files manually.
3595
3596
Do not use cnid_dbd for databases on NFS mounted file systems. It makes the
3597
whole point of securing database changes properly moot. Use the dbdir: Option
3598
in the appropriate AppleVolumes configuration file to put the database onto a
3599
local disk.
3600
3601
CONFIGURATION
3602
3603
cnid_dbd reads configuration information from the file db_param in the database
3604
directory dbdir on startup. If the file does not exist or a parameter is not
3605
listed, suitable default values are used. The format for a single parameter is
3606
the parameter name, followed by one or more spaces, followed by the parameter
3607
value, followed by a newline. The following parameters are currently
3608
recognized:
3609
3610
logfile_autoremove
3611
3612
This flag is ignored unless transactional support is enabled. If set to 1,
3613
unused Berkeley DB transactional logfiles (log.xxxxxxxxxx in the database
3614
home directory) are removed on startup of cnid_dbd. This is usually safe if
3615
the content of the database directory is backed up on a regular basis.
3616
Default: 0.
3617
3618
cachesize
3619
3620
Determines the size of the Berkeley DB cache in kilobytes. Default: 1024.
3621
Each cnid_dbd process grabs that much memory on top of its normal memory
3622
footprint. It can be used to tune database performance. The db_stat utility
3623
with the -m option that comes with Berkely DB can help you determine wether
3624
you need to change this value. The default is pretty conservative so that a
3625
large percentage of requests should be satisfied from the cache directly.
3626
If memory is not a bottleneck on your system you might want to leave it at
3627
that value. The Berkeley DB Tutorial and Reference Guide has a section
3628
Selecting a cache size that gives more detailed information.
3629
3630
nosync
3631
3632
This flag is ignored unless transactional support is enabled. If it is set
3633
to 1, transactional changes to the database are not synchronously written
3634
to disk when the transaction completes. This will increase performance
3635
considerably at the risk of recent changes getting lost in case of a crash.
3636
The database will still be consistent, though. See Transaction Throughput
3637
in the Berkeley DB Tutorial for more information. Default: 0.
3638
3639
flush_frequency, flush_interval
3640
3641
flush_frequency (Default: 100) and flush_interval (Default: 30) control how
3642
often changes to the database are written to the underlying database files
3643
if no transactions are used or how often the transaction system is
3644
checkpointed for transactions. Both of these operations are performed if
3645
either i) more than flush_frequency requests have been received or ii) more
3646
than flush_interval seconds have elapsed since the last save/checkpoint. If
3647
you use transactions with nosync set to zero these parameters only
3648
influence how long recovery takes after a crash, there should never be any
3649
lost data. If nosync is 1, changes might be lost, but only since the last
3650
checkpoint. Be careful to check your harddisk configuration for on disk
3651
cache settings. Many IDE disks just cache writes as the default behaviour,
3652
so even flushing database files to disk will not have the desired effect.
3653
3654
fd_table_size
3655
3656
is the maximum number of connections (filedescriptors) that can be open for
3657
afpd client processes in cnid_dbd. Default: 16. If this number is exceeded,
3658
one of the existing connections is closed and reused. The affected afpd
3659
process will transparently reconnect later, which causes slight overhead.
3660
On the other hand, setting this parameter too high could affect performance
3661
in cnid_dbd since all descriptors have to be checked in a select() system
3662
call, or worse, you might exceed the per process limit of open file
3663
descriptors on your system. It is safe to set the value to 1 on volumes
3664
where only one afpd client process is expected to run, e.g. home
3665
directories.
3666
3667
idle_timeout
3668
3669
is the number of seconds of inactivity before an idle cnid_dbd exits.
3670
Default: 600. Set this to 0 to disable the timeout.
3671
3672
check
3673
3674
is a flag value. If set cnid_dbd will automatically check the database
3675
indexes. Default: 0. Set this to 1 to enable checking.
3676
3677
SEE ALSO
3678
3679
cnid_metad(8), afpd(8)
3680
3681
-------------------------------------------------------------------------------
3682
3683
Name
3684
3685
cnid_index - check and repair Netatalk CNID database indexes
3686
3687
Synopsis
3688
3689
cnid_index dbdir
3690
3691
DESCRIPTION
3692
3693
cnid_index is a utility to check CNID databases for consistency. If needed, the
3694
indexes are repaired. It works for databases created by the cdb and dbd
3695
backends.
3696
3697
Volumes usind the dbd CNID scheme can also be checked automatically, for
3698
further information please see the cnid_dbd(8) man page.
3699
3700
Warning
3701
3702
When using cnid_index on cdb handled databases, cnid_index cannot check if
3703
another process (afpd) accesses the CNID databases. In this case, you have to
3704
manually ensure no other process accesses the database when running cnid_index.
3705
3706
SEE ALSO
3707
3708
cnid_dbd(8), afpd(8)
3709
3710
-------------------------------------------------------------------------------
3711
3712
Name
3713
3714
cnid_metad - start cnid_dbd daemons on request
3715
3716
Synopsis
3717
3718
cnid_metad [-d] [ -h hostname ] [ -p port ] [ -u user ] [ -g group ] [ -s
3719
cnid_dbdpathname ]
3720
3721
DESCRIPTION
3722
3723
cnid_metad waits for requests from afpd to start up instances of the cnid_dbd
3724
daemon. It keeps track of the status of a cnid_dbd instance once started and
3725
will restart it if necessary. cnid_metad is normally started at boot time from
3726
/etc/rc or equivalent and runs until shutdown. afpd needs to be configured with
3727
the -cnidserver option in afpd.conf in order to access cnid_metad. It is
3728
possible to run more than one instance of cnid_metad on the same machine if
3729
different values for the interface and/or port are specified with the -h and -p
3730
options.
3731
3732
OPTIONS
3733
3734
-d
3735
3736
cnid_metad will remain in the foreground and will also leave the standard
3737
input, standard output and standard error file descriptors open. Useful for
3738
debugging.
3739
3740
-h hostname
3741
3742
Use hostname as the network interface for requests as opposed to the
3743
default localhost .
3744
3745
-p port
3746
3747
Use port as the port number for reqests. Default is 4700.
3748
3749
-u user
3750
3751
Switch to the userid of user before serving requests. This userid will be
3752
inherited by all cnid_dbd daemon processes started.
3753
3754
-u group
3755
3756
Switch to the groupid of group before serving requests. This groupid will
3757
be inherited by all cnid_dbd daemon processes started. Both user and group
3758
must be specified as strings.
3759
3760
-s cnid_dbd pathname
3761
3762
Use cnid_dbd pathname as the pathname of the executeable of the cnid_dbd
3763
daemon. The default is /usr/sbin/cnid_dbd.
3764
3765
CAVEATS
3766
3767
The number of cnid_dbd subprocecesses is currently limited to 128. This
3768
restriction will be lifted in the future.
3769
3770
cnid_metad does not block or catch any signals apart from SIGPIPE. It will
3771
therefore exit on most signals received. This will also cause all instances of
3772
cnid_dbd's started by that cnid_metad to exit gracefully. Since state about and
3773
IPC access to the subprocesses is only maintained in memory by cnid_metad this
3774
is desired behaviour. As soon as cnid_metad is restarted afpd processes will
3775
transparently reconnect.
3776
3777
SEE ALSO
3778
3779
cnid_dbd(8), afpd(8)
3780
3781
-------------------------------------------------------------------------------
3782
3783
Name
3784
3785
getzones - list AppleTalk zone names
3786
3787
Synopsis
3788
3789
getzones [ -m | -l ] [address]
3790
3791
DESCRIPTION
3792
3793
Getzones is used to obtain a list of AppleTalk zone names using the Zone
3794
Information Protocol (ZIP). It sends a GetZoneList request to an AppleTalk
3795
router. By default, it sends the request to the locally running atalkd(8).
3796
3797
OPTIONS
3798
3799
-m
3800
3801
List the name of the local zone only; this is accomplished by sending a ZIP
3802
GetMyZone request.
3803
3804
-l
3805
3806
List the local zones; this is accomplished by sending a GetLocalZones
3807
request.
3808
3809
address
3810
3811
Contact the AppleTalk router at address. address is parsed by atalk_aton
3812
(3).
3813
3814
SEE ALSO
3815
3816
atalk_aton(3), atalkd(8).
3817
3818
-------------------------------------------------------------------------------
3819
3820
Name
3821
3822
megatron, unhex, unbin, unsingle, hqx2bin, single2bin, macbinary - Macintosh
3823
file format transformer
3824
3825
Synopsis
3826
3827
megatron [sourcefile...]
3828
3829
unbin [sourcefile...]
3830
3831
unhex [sourcefile...]
3832
3833
unsingle [sourcefile...]
3834
3835
hqx2bin [sourcefile...]
3836
3837
single2bin [sourcefile...]
3838
3839
macbinary [sourcefile...]
3840
3841
DESCRIPTION
3842
3843
megatron is used to transform files from BinHex, MacBinary, AppleSingle, or
3844
netatalk style AppleDouble formats into MacBinary or netatalk style AppleDouble
3845
formats. The netatalk style AppleDouble format is the file format used by afpd,
3846
the netatalk Apple Filing Protocol (AppleShare) server. BinHex, MacBinary, and
3847
AppleSingle are commonly used formats for transferring Macintosh files between
3848
machines via email or file transfer protocols. megatron uses its name to
3849
determine what type of tranformation is being asked of it.
3850
3851
If megatron is called as unhex , unbin or unsingle, it tries to convert file(s)
3852
from BinHex, MacBinary, or AppleSingle into AppleDouble format. BinHex is the
3853
format most often used to send Macintosh files by e-mail. Usually these files
3854
have an extension of ".hqx". MacBinary is the format most often used by
3855
terminal emulators "on the fly" when transferring Macintosh files in binary
3856
mode. MacBinary files often have an extension of ".bin". Some Macintosh
3857
LAN-based email packages use uuencoded AppleSingle format to "attach" or
3858
"enclose" files in email. AppleSingle files don't have a standard filename
3859
extension.
3860
3861
If megatron is called as hqx2bin, single2bin, or macbinary, it will try to
3862
convert the file(s) from BinHex, AppleSingle, or AppleDouble into MacBinary.
3863
This last translation may be useful in moving Macintosh files from your afpd
3864
server to some other machine when you can't copy them from the server using a
3865
Macintosh for some reason.
3866
3867
If megatron is called with any other name, it uses the default translation,
3868
namely unhex.
3869
3870
If no source file is given, or if sourcefile is `-', and if the conversion is
3871
from a BinHex or MacBinary file, megatron will read from standard input.
3872
3873
The filename used to store any output file is the filename that is encoded in
3874
the source file. MacBinary files are created with a ".bin" extension. In the
3875
case of conflicts, the old file is overwritten!
3876
3877
SEE ALSO
3878
3879
afpd(8)
3880
3881
-------------------------------------------------------------------------------
3882
3883
Name
3884
3885
nbplkup, nbprgstr, nbpunrgstr - access NBP database
3886
3887
Synopsis
3888
3889
nbplkup [-r maxresponses] [-A address] [-m maccodepage] nbpname
3890
3891
nbprgstr [-A address] [-p port] [-m maccodepage] nbpname
3892
3893
nbpunrgstr [-A address] [-m maccodepage] nbpname
3894
3895
Description
3896
3897
nbprgstr registers nbpname with atalkd(8), at the given port. nbpunrgstr
3898
informs atalkd that nbpname is no longer to be advertised.
3899
3900
nbplkup displays up to maxresponses (default 1000) entities registered on the
3901
AppleTalk internet. nbpname is parsed by nbp_name(3). An `=' for the object or
3902
type matches anything, and an `*' for zone means the local zone. The default
3903
values are taken from the NBPLKUP environment variable, parsed as an nbpname.
3904
3905
Environment Variables
3906
3907
NBPLKUP
3908
3909
default nbpname for nbplkup
3910
3911
ATALK_MAC_CHARSET
3912
3913
the codepage used by the clients on the Appletalk network
3914
3915
ATALK_UNIX_CHARSET
3916
3917
the codepage used to display extended characters on this shell.
3918
3919
Example
3920
3921
Find all devices of type LaserWriter in the local zone.
3922
3923
example% nbplkup :LaserWriter
3924
Petoskey:LaserWriter 7942.129:218
3925
Gloucester:LaserWriter 8200.188:186
3926
Rahway:LaserWriter 7942.2:138
3927
517 Center:LaserWriter 7942.2:132
3928
ionia:LaserWriter 7942.2:136
3929
Evil DEC from Hell:LaserWriter 7942.2:130
3930
Hamtramck:LaserWriter 7942.2:134
3931
Iron Mountain :LaserWriter 7942.128:250
3932
example%
3933
3934
See also
3935
3936
nbp_name(3), atalkd(8).
3937
3938
-------------------------------------------------------------------------------
3939
3940
Name
3941
3942
nbp_name - NBP name parsing
3943
3944
Synopsis
3945
3946
int nbp_name( name,
3947
obj,
3948
type,
3949
zone);
3950
char * name;
3951
char ** obj;
3952
char ** type;
3953
char ** zone;
3954
3955
DESCRIPTION
3956
3957
nbp_name() parses user supplied names into their component object, type, and
3958
zone. obj, type, and zone should be passed by reference, and should point to
3959
the caller's default values. nbp_name() will change the pointers to the
3960
parsed-out values. name is of the form object:type@zone, where each of object,
3961
:type, and @zone replace obj, type, and zone, respectively. type must be
3962
proceeded by `:', and zone must be preceded by `@'.
3963
3964
EXAMPLE
3965
3966
The argument of afpd(8)'s -n option is parsed with nbp_name(). The default
3967
value of obj is the first component of the machine's hostname (as returned by
3968
gethostbyname(3)). The default value of type is ``AFPServer'', and of zone is
3969
``*'', the default zone. To cause afpd to register itself in some zone other
3970
than the default, one would invoke it as
3971
3972
afpd -n @some-other-zone
3973
3974
obj and type would retain their default values.
3975
3976
BUGS
3977
3978
obj, type, and zone return pointers into static area which may be over-written
3979
on each call.
3980
3981
-------------------------------------------------------------------------------
3982
3983
Name
3984
3985
netatalk.conf - Configuration file used by netatalk(8) to determine its general
3986
configuration
3987
3988
DESCRIPTION
3989
3990
/etc/netatalk/netatalk.conf is the configuration file used by afpd to determine
3991
what portions of the file system will be shared via Appletalk, as well as their
3992
behaviors.
3993
3994
Any line not prefixed with # is interpreted. The configuration lines are
3995
composed like:
3996
3997
option = value
3998
3999
The possible options and their meanings are:
4000
4001
AFPD_GUEST
4002
4003
Sets the id of the guest user to a local user on the system.
4004
4005
AFPD_MAX_CLIENTS
4006
4007
Sets the maximum number of clients that can simultaneously connect to the
4008
server.
4009
4010
AFPD_RUN
4011
4012
Enables the afpd daemon if set to "yes". This should be enabled if you are
4013
planning on using netatalk as a file server.
4014
4015
AFPD_UAM_LIST
4016
4017
Sets the default UAMs for afpd (and papd, if printer authentication is
4018
compiled in) to use.
4019
4020
Example: AFPD_UAMLIST="-U uams_guest.so,uams_randnum.so"
4021
4022
CNID_METAD_RUN
4023
4024
Enables the cnid_metad daemon if set to "yes". This should be enabled if
4025
you are going to use the dbd CNID backend.
4026
4027
ATALK_BGROUND
4028
4029
"yes" will set netatalk to initialize in the background, and "no" will
4030
cause normal initialization.
4031
4032
ATALK_NAME
4033
4034
Sets the machines' Appletalk name.
4035
4036
ATALK_ZONE
4037
4038
Sets the machines' Appletalk zone.
4039
4040
ATALKD_RUN
4041
4042
Enables the atalkd daemon if set to "yes". This should be enabled if you
4043
are planning on providing Appletalk services.
4044
4045
PAPD_RUN
4046
4047
Enables the papd daemon if set to "yes". This should be enabled if you are
4048
planning on using netatalk as a print server.
4049
4050
ATALK_MAC_CHARSET
4051
4052
Set the Mac client codepage, used by atalkd and papd to convert extended
4053
characters from the Unix to the Mac codepage.
4054
4055
ATALK_UNIX_CHARSET
4056
4057
Set the Unix codepage, used by atalkd and papd to convert extended
4058
characters from the Unix to the Mac codepage. Has to match the codepage of
4059
the configuration files.
4060
4061
SEE ALSO
4062
4063
atalkd(8), atalkd.conf(5)
4064
4065
-------------------------------------------------------------------------------
4066
4067
Name
4068
4069
netatalk-config - script to get information about the installed version of
4070
netatalk
4071
4072
Synopsis
4073
4074
netatalk-config [ --prefix [=DIR]] [ --exec_prefix [=DIR]] [--help] [--version]
4075
[--libs] [--libs-dirs] [--libs-names] [--cflags] [--macros]
4076
4077
DESCRIPTION
4078
4079
netatalk-config is a tool that is used to determine the compiler and linker
4080
flags that should be used to compile and link programs that use the netatalk
4081
run-time libraries.
4082
4083
OPTIONS
4084
4085
netatalk-config accepts the following options:
4086
4087
--help
4088
4089
Print a short help for this command and exit.
4090
4091
--version
4092
4093
Print the currently installed version of netatalk on the standard output.
4094
4095
--libs
4096
4097
Print the linker flags that are necessary to link against the netatalk
4098
run-time libraries.
4099
4100
--libs-dirs
4101
4102
Print only the -l/-R part of --libs.
4103
4104
--libs-names
4105
4106
Print only the -l part of --libs.
4107
4108
--cflags
4109
4110
Print the compiler flags that are necessary to compile a program linked
4111
against the netatalk run-time libraries.
4112
4113
--macros
4114
4115
Print the netatalk m4 directory.
4116
4117
--prefix=PREFIX
4118
4119
If specified, use PREFIX instead of the installation prefix that netatalk
4120
was built with when computing the output for the --cflags and --libs
4121
options. This option is also used for the exec prefix if --exec-prefix was
4122
not specified. This option must be specified before any --libs or --cflags
4123
options.
4124
4125
--exec\_prefix=PREFIX
4126
4127
If specified, use PREFIX instead of the installation exec prefix that
4128
netatalk was built with when computing the output for the --cflags and
4129
--libs options. This option must be specified before any --libs or --cflags
4130
options.
4131
4132
COPYRIGHT
4133
4134
Copyright � 1998 Owen Taylor
4135
4136
Permission to use, copy, modify, and distribute this software and its
4137
documentation for any purpose and without fee is hereby granted, provided that
4138
the above copyright notice appear in all copies and that both that copyright
4139
notice and this permission notice appear in supporting documentation.
4140
4141
Man page adapted for netatalk-config by Sebastian Rittau in 2001.
4142
4143
-------------------------------------------------------------------------------
4144
4145
Name
4146
4147
pap - client interface to remote printers using Printer Access Protocol
4148
4149
Synopsis
4150
4151
pap [ -A address ] [-c] [-d] [-e] [-E] [ -p nbpname ] [ -s statusfile ] [-w]
4152
[-W] [FILES]
4153
4154
DESCRIPTION
4155
4156
pap is used to connect and send files to an AppleTalk connected printer using
4157
the Apple Printer Access Protocol (PAP). When pap starts execution, it tries to
4158
open a session with the printer using PAP, and then downloads the files to the
4159
printer.
4160
4161
If no files are given on the command line, pap begins reading from standard
4162
input.
4163
4164
If no printer is specified on the command line, pap looks for a file called
4165
.paprc in the current working directory and reads it to obtain the nbpname of a
4166
printer. Blank lines and lines that begin with a `#' are ignored. type and zone
4167
default to LaserWriter and the zone of the local host, respectively.
4168
4169
Note that pap is designed to be useful as a communication filter for sending
4170
lpd(8) spooled print jobs to AppleTalk connected printers. See psf(8) for hints
4171
on how to use it this way.
4172
4173
OPTIONS
4174
4175
-A address
4176
4177
Connect to the printer with Appletalk address address and do not consult
4178
the .paprc file to find a printer name. See atalk_aton(3) for the syntax of
4179
address.
4180
4181
-c
4182
4183
Take cuts. The PAP protocol specified a simple queuing procedure, such that
4184
the clients tell the printer how long they have been waiting to print. This
4185
option causes pap to lie about how long it has been waiting.
4186
4187
-d
4188
4189
Enable debug output.
4190
4191
-e
4192
4193
Send any message from the printer to stderr instead of stdout. psf(8)
4194
invokes pap with this option.
4195
4196
-E
4197
4198
Don't wait for EOF from the printer. This option is useful for printers
4199
which don't implement PAP correctly. In a correct implementation, the
4200
client side should wait for the printer to return EOF before closing the
4201
connection. Some clients don't wait, and hence some printers have related
4202
bugs in their implementation.
4203
4204
-p nbpname
4205
4206
Connect to the printer named nbpname and do not consult the .paprc file to
4207
find a printer name. See nbp_name(3) for the syntax of nbpname.
4208
4209
-s statusfile
4210
4211
Update the file called statusfile to contain the most recent status message
4212
from the printer. pap gets the status from the printer when it is waiting
4213
for the printer to process input. The statusfile will contain a single line
4214
terminated with a newline. This is useful when pap is invoked by psf(8)
4215
within lpd's spool directory.
4216
4217
-w
4218
4219
Wait for the printer status to contain the word "waiting" before sending
4220
the job. This is to defeat printer-side spool available on HP IV and V
4221
printers.
4222
4223
-W
4224
4225
Wait for the printer status to contain the word "idle" before sending the
4226
job. This is to defeat printer-side spool available on HP IV and V
4227
printers.
4228
4229
FILES
4230
4231
.paprc
4232
4233
file read to obtain printer name if not specified on command line
4234
4235
SEE ALSO
4236
4237
nbp_name(3), atalk_aton(3), lpd(8), psf(8).
4238
4239
-------------------------------------------------------------------------------
4240
4241
Name
4242
4243
papd - AppleTalk print server daemon
4244
4245
Synopsis
4246
4247
papd [-d] [-f configfile] [-p printcap]
4248
4249
Description
4250
4251
papd is the AppleTalk printer daemon. This daemon accepts print jobs from
4252
AppleTalk clients (typically Macintosh computers) using the Printer Access
4253
Protocol (PAP). When used with System V printing systems, papd spools jobs
4254
directly into an lpd(8) spool directory and wakes up lpd after accepting a job
4255
from the network to have it re-examine the appropriate spool directory. The
4256
actual printing and spooling is handled entirely by lpd.
4257
4258
papd can also pipe the print job to an external program for processing, and
4259
this is the preferred method on systems not using CUPS to avoid compatibility
4260
problems with all the flavours of lpd in use.
4261
4262
As of version 2.0, CUPS is also supported. Simply using cupsautoadd as first
4263
papd.conf entry will share all CUPS printers automagically using the PPD files
4264
configured in CUPS. It ist still possible to overwrite these defaults by
4265
individually define printer shares. See papd.conf(5) for details.
4266
4267
papd is typically started at boot time, out of system init scripts. It first
4268
reads from its configuration file, /etc/netatalk/papd.conf. The file is in the
4269
same format as /etc/printcap. See printcap(5) for details. The name of the
4270
entry is registered with NBP.
4271
4272
The following options are supported:
4273
4274
Name Type Default Description
4275
pd str '.ppd' Pathname to PPD file
4276
pr str 'lp' LPD or CUPS printer name (or pipe to a print command)
4277
op str 'operator' Operator name for LPD spooling
4278
au bool false Whether to do authenticated printing or not
4279
ca str NULL Pathname used for CAP-style authentification
4280
sp bool false PSSP-style authetication
4281
am str NULL UAMS to use for authentication
4282
pa str NULL Printer's AppleTalk address
4283
co str NULL CUPS options as supplied to the lp(1) command with "-o"
4284
fo bool false adjust lineending for foomatic-rip
4285
4286
If no configuration file is given, the hostname of the machine is used as the
4287
NBP name and all options take their default value.
4288
4289
Options
4290
4291
-d
4292
4293
Do not fork or disassociate from the terminal. Write some debugging
4294
information to stderr.
4295
4296
-f configfile
4297
4298
Consult configfile instead of /etc/netatalk/papd.conf for the configuration
4299
information.
4300
4301
-p printcap
4302
4303
Consult printcap instead of /etc/printcap for LPD configuration
4304
information.
4305
4306
Notes
4307
4308
PSSP (Print Server Security Protocol) is an authentication protocol carried out
4309
through postscript printer queries to the print server. Using PSSP requires
4310
LaserWriter 8.6.1 or greater on the client mac. The user will be prompted to
4311
enter their username and password before they print. It may be necessary to
4312
re-setup the printer on each client the first time PSSP is enabled, so that the
4313
client can figure out that authentication is required to print. You can enable
4314
PSSP on a per-printer basis. PSSP is the recommended method of authenticating
4315
printers as it is more robust than CAP-style authentication, described below.
4316
4317
CAP-style authentication gets its name from the method the CAP (Columbia
4318
APpletalk) package used to authenticate its mac clients' printing. This method
4319
requires that a user login to a file share before they print. afpd records the
4320
username in a temporary file named after the client's Appletalk address, and it
4321
deletes the temporary file when the user disconnects. Therefore CAP style
4322
authentification will not work for clients connected to afpd via TCP/IP. papd
4323
gets the username from the file with the same Appletalk address as the machine
4324
connecting to it. CAP-style authentication will work with any mac client. If
4325
both CAP and PSSP are enabled for a particular printer, CAP will be tried
4326
first, then papd will fall back to PSSP.
4327
4328
The list of UAMs to use for authentication (specified with the 'am' option)
4329
applies to all printers. It is not possible to define different authentication
4330
methods on each printer. You can specify the list of UAMS multiple times, but
4331
only the last setting will be used. Currently only uams_guest.so and
4332
uams_clrtxt.so are supported as printer authentication methods. The guest
4333
method requires a valid username, but not a password. The Cleartext UAM
4334
requires both a valid username and the correct password.
4335
4336
Note
4337
4338
As of this writing, Mac OS X makes no use of PSSP authentication any longer.
4339
CAP-style authentication normally won't be an option, too caused by the use of
4340
AFP over TCP these days.
4341
4342
Files
4343
4344
/etc/netatalk/papd.conf
4345
4346
Default configuration file.
4347
4348
/etc/printcap
4349
4350
Printer capabilities database.
4351
4352
.ppd
4353
4354
PostScript Printer Description file. papd answers configuration and font
4355
queries from printing clients by consulting the configured PPD file. Such
4356
files are available for download from Adobe, Inc. (http://www.adobe.com/
4357
support/downloads/main.htm), or from the printer's manufacturer. If no PPD
4358
file is configured, papd will return the default answer, possibly causing
4359
the client to send excessively large jobs.
4360
4361
Caveats
4362
4363
papd accepts characters with the high bit set (a full 8-bits) from the clients,
4364
but some PostScript printers (including Apple Computer's LaserWriter family)
4365
only accept 7-bit characters on their serial interface by default. The same
4366
applies for some printers when they're accessed via TCP/IP methods (remote LPR
4367
or socket). You will need to configure your printer to accept a full 8 bits or
4368
take special precautions and convert the printjob's encoding (eg. by using co=
4369
"protocol=BCP" when using CUPS 1.1.19 or above).
4370
4371
When printing clients run MacOS 10.2 or above, take care that PPDs do not make
4372
use of *cupsFilter: comments unless the appropriate filters are installed at
4373
the client's side, too (remember: Starting with 10.2 Apple chose to integrate
4374
CUPS into MacOS X). For in-depth information on how CUPS uses PPDs see chapter
4375
3.4 in http://tinyurl.com/zbxn).
4376
4377
See also
4378
4379
lpr(1),lprm(1),printcap(5),lpc(8),lpd(8), lp(1).
4380
4381
-------------------------------------------------------------------------------
4382
4383
Name
4384
4385
papd.conf - Configuration file used by papd(8) to determine the configuration
4386
of printers used by the Netatalk printing daemon
4387
4388
DESCRIPTION
4389
4390
/etc/netatalk/papd.conf is the configuration file used by papd to configure the
4391
printing services offered by netatalk. Please note that papd must be enabled in
4392
/etc/netatalk/netatalk.conf for this to take any effect. papd shares the same
4393
defaults as lpd on many systems, but not Solaris.
4394
4395
Any line not prefixed with # is interpreted. The configuration lines are
4396
composed like:
4397
4398
printername:[options]
4399
4400
On systems running a System V printing system the simplest case is to have
4401
either no papd.conf, or to have one that has no active lines. In this case,
4402
atalkd should auto-discover the local printers on the machine. Please note that
4403
you can split lines by using \\fR.
4404
4405
printername may be just a name (Printer 1), or it may be a full name in
4406
nbp_name format (Printer 1:LaserWriter@My Zone).
4407
4408
Systems using a BSD printing system should make use of a pipe to the printing
4409
command in question within the pr option (eg. pr=|/usr/bin/lpr -J%J -u%U).
4410
Note: When printing using a pipe, papd recognizes several wildcards: %F will be
4411
replaced by the name present in the "%%For:" comment in the PostScript stream,
4412
same with %J for the "%%Title:" comment. %U will be substituted with the login
4413
name (the latter applies only when authenticated printing is in effect).
4414
4415
When CUPS support is compiled in, then cupsautoadd as the first entry in
4416
papd.conf will automagically share all CUPS printers by papd utilizing the PPDs
4417
assigned in CUPS (customizable -- see below). This can be overwritten for
4418
individal printers by subsequently adding individual entries using the CUPS
4419
queue name as pr entry. Note: CUPS support is mutually exclusive with System V
4420
support described above.
4421
4422
The possible options are colon delimited (:), and lines must be terminated with
4423
colons. The possible options and flags are:
4424
4425
am=(uams list)
4426
4427
The am option allows specific UAMs to be specified for a particular
4428
printer. It has no effect if the au flag is not present or if papd
4429
authentication was not built into netatalk. Note: possible values are
4430
uams_guest.so and uams_clrtxt.so only. The first method requires a valid
4431
username, but no password. The second requires both a valid username and
4432
the correct password.
4433
4434
au
4435
4436
If present, this flag enables authentication for the printer. Please note
4437
that papd authentication must be built into netatalk for this to take
4438
effect.
4439
4440
co=(CUPS options)
4441
4442
The co option allows options to be passed through to CUPS (eg. co="protocol
4443
=TBCP" or co="raw").
4444
4445
cupsautoadd[:type][@zone]
4446
4447
If used as the first entry in papd.conf this will share all CUPS printers
4448
via papd. type/zone settings as well as other parameters assigned to this
4449
special printer share will apply to all CUPS printers. Unless the pd option
4450
is set, the CUPS PPDs will be used. To overwrite these global settings for
4451
individual printers simply add them subsequently to papd.conf and assign
4452
different settings.
4453
4454
fo
4455
4456
If present, this flag enables a hack to translate line endings originating
4457
from pre Mac OS X LaserWriter drivers to let foomatic-rip recognize
4458
foomatic PPD options set in the printer dialog. Attention: Use with caution
4459
since this might corrupt binary print jobs!
4460
4461
op=(operator)
4462
4463
This specifies the operator name, for lpd spooling.
4464
4465
pa=(appletalk address)
4466
4467
Allows specification of Appletalk addresses. Usually not needed.
4468
4469
pd=(path to ppd file)
4470
4471
Specifies a particular PPD (printer description file) to associate with the
4472
selected printer.
4473
4474
pr=(lpd/CUPS printer name or pipe command)
4475
4476
Sets the lpd or CUPS printer that this is spooled to.
4477
4478
Examples
4479
4480
Unless CUPS support has been compiled in (which is default from Netatalk 2.0
4481
on) one simply defines the lpd queue in question by setting the pr parameter to
4482
the queue name, in the following example "ps". If no pr parameter is set, the
4483
default printer will be used.
4484
4485
Example 5.10. papd.conf System V printing system examples
4486
4487
The first spooler is known by the AppleTalk name Mac Printer Spooler, and uses
4488
a PPD file located in /usr/share/lib/ppd. In addition, the user mcs will be the
4489
owner of all jobs that are spooled. The second spooler is known as HP Printer
4490
and all options are the default.
4491
4492
Mac Printer Spooler:\
4493
:pr=ps:\
4494
:pd=/usr/share/lib/ppd/HPLJ_4M.PPD:\
4495
:op=mcs:
4496
4497
HP Printer:\
4498
:
4499
4500
An alternative to the technique outlined above is to direct papd's output via a
4501
pipe into another program. Using this mechanism almost all printing systems can
4502
be driven. Netatalk supplies three "wildcards" that get substituted with values
4503
of the already printed job: %F, %U and %J. Using these wildcards, one can pass
4504
those parameters directly to programs or implement small wrapper scripts to
4505
call the printing system in question.
4506
4507
Example 5.11. papd.conf examples using pipes
4508
4509
The first spooler is known as HP 8100. It pipes the print job to /usr/bin/lpr
4510
for printing using the value of the %%Title: comment as job name. PSSP
4511
authenticated printing is enabled, as is CAP-style authenticated printing. Both
4512
methods support guest and cleartext authentication as specified by the 'am'
4513
option. The PPD used is /etc/atalk/ppds/hp8100.ppd. The second spooler is
4514
called "Dump PostScript" and uses a pipe to cat to send the raw PostScript code
4515
into the user's home directory into a file called like the printjob.
4516
4517
HP 8100:\
4518
:pr=|/usr/bin/lpr -Plp -J"%J":\
4519
:sp:\
4520
:ca=/tmp/print:\
4521
:am=uams_guest.so,uams_pam.so:\
4522
:pd=/etc/atalk/ppds/hp8100.ppd:
4523
4524
Dump PostScript:LaserWriter@Server:\
4525
:pr=|cat >/home/%U/%J-prn.out:\
4526
:pd=/usr/share/lib/ppd/mooralana.ppd:\
4527
:sp:au:op=lp:\
4528
:am=uams_clrtxt.so:
4529
4530
Starting with Netatalk 2.0 direct CUPS integration is available. In this case,
4531
defining only a queue name as pr parameter won't invoke the SysV lpd daemon but
4532
uses CUPS instead. Unless a specific PPD has been assigned using the pd switch,
4533
the PPD configured in CUPS will be used by papd, too.
4534
4535
There exists one special share named "cupsautoadd". If this is present as the
4536
first entry then all available CUPS queues will be served automagically using
4537
the parameters assigned to this global share. But subsequent printer
4538
definitions can be used to override these global settings for individual
4539
spoolers.
4540
4541
Example 5.12. papd.conf CUPS examples
4542
4543
The first entry sets up automatic sharing of all CUPS printers. All those
4544
shares appear in the zone "1st floor" and since no additional settings have
4545
been made, they use the CUPS printer name as NBP name and use the PPD
4546
configured in CUPS. The second entry defines different settings for one single
4547
CUPS printer. It's NBP name is differing from the printer's name and the
4548
registration happens in another zone.
4549
4550
cupsautoadd@1st floor:op=root:
4551
4552
Boss' LaserWriter@2nd floor:\
4553
:pr=laserwriter-chief:
4554
4555
SEE ALSO
4556
4557
papd(8), atalkd.conf(5), lpd(8), lpoptions(8)
4558
4559
-------------------------------------------------------------------------------
4560
4561
Name
4562
4563
papstatus - get the status of an AppleTalk-connected printer
4564
4565
Synopsis
4566
4567
/usr/sbin/papstatus [-d] [ -p printer ] [retrytime]
4568
4569
DESCRIPTION
4570
4571
papstatus is used to obtain the current status message from an AppleTalk
4572
connected printer. It uses the Printer Access Protocol (PAP) to obtain the
4573
status information.
4574
4575
If no printer is specified on the command line, papstatus looks for a file
4576
called .paprc in the current directory and reads it to obtain the name of a
4577
printer. The .paprc file should contain a single line of the form object:type@
4578
zone where each of object, :type, and @zone are optional. type and zone must be
4579
proceeded by `:' and `@' respectively. Blank lines and lines the begin with a `
4580
#' are ignored. type and zone default to LaserWriter and the zone of the local
4581
host, respectively.
4582
4583
OPTIONS
4584
4585
-d
4586
4587
Turns on a debugging mode that prints some extra information to standard
4588
error.
4589
4590
-p printer
4591
4592
Get status from printer (do not consult any .paprc files to find a printer
4593
name). The syntax for printer is the same as discussed above for the .paprc
4594
file.
4595
4596
retrytime
4597
4598
Normally, papstatus only gets the status from the printer once. If
4599
retrytime is specified, the status is obtained repeatedly, with a sleep of
4600
retrytime seconds between inquiring the printer.
4601
4602
FILES
4603
4604
.paprc
4605
4606
file that contains printer name
4607
4608
SEE ALSO
4609
4610
nbp(1), pap(1)
4611
4612
-------------------------------------------------------------------------------
4613
4614
Name
4615
4616
psf - PostScript filter
4617
4618
Synopsis
4619
4620
psf [ -n name ] [ -h host ] [ -w width ] [ -l length ] [ -i indent ] [-c]
4621
4622
DESCRIPTION
4623
4624
psf is an lpd filter for PostScript printing. psf interprets the name it was
4625
called with to determine what filters to invoke. First, if the string ``pap''
4626
appears anywhere in the name, psf invokes pap to talk to a printer via
4627
AppleTalk. Next, if the string ``rev'' appears, psf invokes psorder to reverse
4628
the pages of the job. Finally, if psf was called with a filter's name as the
4629
leading string, it invokes that filter. If there is no filter to run, psf
4630
examines the magic number of the input, and if the input is not PostScript,
4631
converts it to PostScript.
4632
4633
KLUDGE
4634
4635
In the default configuration, psf supports two kludges. The first causes psf to
4636
check its name for the letter `m'. If this letter is found and accounting is
4637
turned on, psf calls pap twice, once to get an initial page count and to print
4638
the job, and another time to get a final page count. This is a work-around for
4639
bugs in a variety of PAP implementions that cause printers to never properly
4640
close the PAP output file. A notable example is any printer by Hewlett-Packard.
4641
4642
The second kludge causes psf to examine its name for the letter `w'. If this
4643
letter is found and accounting is turned on, psf calls pap with the -w flag.
4644
This flag causes pap to wait until the printer's status contains the string
4645
`idle'. Once this string is found, the job is printed as normal. This kludge is
4646
a work-around for printers, notably Hewlett-Packard's LaserJet IV, which will
4647
report a page count while a previous jobs is still printing.
4648
4649
EXAMPLE
4650
4651
The sample printcap entry below invokes psf to print text files, PostScript
4652
files, troff's C/A/T output, and TeX's DVI output, to an AppleTalk connected
4653
LaserWriter Plus. Since the LaserWriter Plus stacks pages in descending order,
4654
we reverse the pages and print the burst page last.
4655
4656
4657
laser|lp|LaserWriter Plus on AppleTalk:\
4658
:sd=/usr/spool/lpd/laser:\
4659
:lp=/usr/spool/lpd/laser/null:\
4660
:lf=/var/adm/lpd-errs:pw#80:hl:\
4661
:of=/usr/libexec/ofpap:\
4662
:if=/usr/libexec/ifpaprev:\
4663
:tf=/usr/libexec/tfpaprev:\
4664
:df=/usr/libexec/dfpaprev:
4665
4666
Note that if the host in question spools to more than one AppleTalk printer, /
4667
dev/null should not be used for the lp capability. Instead, a null device
4668
should be created with mknod for each printer, as has been done above.
4669
4670
Finally, there is a file in the spool directory, /var/spool/lpd/laser, called
4671
.paprc, which pap reads for the AppleTalk name of the printer.
4672
4673
SEE ALSO
4674
4675
psorder(1), printcap(5), lpd(1), mknod(1), pap(1).
4676
4677
-------------------------------------------------------------------------------
4678
4679
Name
4680
4681
psorder - PostScript pageorder filter
4682
4683
Synopsis
4684
4685
psorder [-duf] sourcefile
4686
4687
DESCRIPTION
4688
4689
psorder is a filter that re-orders the pages of a PostScript document. The
4690
result is written to the standard output. By default, documents are processed
4691
into ascending order (the lowest numbered page is printed first). Some
4692
PostScript documents specify that the order of their pages should never be
4693
changed; the default action of psorder is to follow this specification.
4694
4695
If no source file is given, or if sourcefile is `-', psorder reads from the
4696
standard input file.
4697
4698
OPTIONS
4699
4700
-d
4701
4702
Re-order the pages of the document in downward or descending order. This is
4703
typically used to change the order of a document to be printed by a printer
4704
that stacks pages face-up, such as an Apple LaserWriter or LaserWriter
4705
Plus.
4706
4707
-u
4708
4709
Specifies forward order, and is the default. It is used to try and ensure
4710
the correct ordering when a document will be printed by a printer that
4711
stacks the pages face-down.
4712
4713
-f
4714
4715
Force psorder to re-order the pages, even if the document claims that its
4716
page order is not to be trifled with. This option should only be used
4717
experimentally, as it may cause documents to print incorrectly.
4718
4719
SEE ALSO
4720
4721
psf(8), lpr(1).
4722
4723
-------------------------------------------------------------------------------
4724
4725
Name
4726
4727
timelord - Macintosh time server daemon
4728
4729
Synopsis
4730
4731
SYNTAX
4732
4733
timelord [-d] [-n filename]
4734
4735
DESCRIPTION
4736
4737
timelord is a simple time server for Macintosh computers that use the tardis
4738
client.
4739
4740
OPTIONS
4741
4742
-d
4743
4744
Debug mode, i.e. don't disassociate from controlling TTY.
4745
4746
-n nbpname
4747
4748
Register this server as nbpname. This defaults to the hostname.
4749
4750
-------------------------------------------------------------------------------
4751
4752
Name
4753
4754
timeout - Send a signal to a program after a certain time
4755
4756
SYNTAX
4757
4758
timeout [-s signal] seconds program [args]
4759
4760
DESCRIPTION
4761
4762
timeout executes a program (with arguments args) and sends a signal to it after
4763
a certain amount of seconds.
4764
4765
OPTIONS
4766
4767
-s signal
4768
4769
Signal to send to the spawned process. This can be a numerical or symbolic
4770
ID. This defaults to TERM.
4771
4772
EXAMPLES
4773
4774
timeout 10 pap foo.ps
4775
4776
Execute "pap foo.ps" and send a SIGTERM if pap doesn't return after 10
4777
seconds.
4778
4779
timeout -s HUP 60 sh
4780
4781
Spawn a shell and send a hangup signal after one minute.
4782
4783
timeout -s 9 10 evilprog
4784
4785
Execute a program and KILL it if it doesn't quit after 10 seconds.
4786
4787
-------------------------------------------------------------------------------
4788
4789
Name
4790
4791
uniconv - convert Netatalk volume encoding
4792
4793
Synopsis
4794
4795
uniconv [-ndv] -c cnidbackend -f fromcode -t tocode [-m maccode] volumepath
4796
4797
Description
4798
4799
uniconv converts the volume encoding of volumepath from the fromcode to the
4800
tocode encoding.
4801
4802
Options
4803
4804
-c
4805
4806
CNID backend used on this volume, usually cdb or dbd. Should match the
4807
backend selected with afpd for this volume. If not specified, the default
4808
CNID backend `cdb' is used
4809
4810
-d
4811
4812
don't CAP encode leading dots (:2e), equivalent to usedots in
4813
AppleVolumes.default(5)
4814
4815
-f
4816
4817
encoding to convert from, use ASCII for CAP encoded volumes
4818
4819
-h
4820
4821
display help
4822
4823
-m
4824
4825
Macintosh client codepage, required for CAP encoded volumes. Defaults to
4826
`MAC_ROMAN'
4827
4828
-n
4829
4830
`dry run', don't do any real changes
4831
4832
-t
4833
4834
volume encoding to convert to, e.g. UTF8
4835
4836
-v
4837
4838
verbose output, use twice for maximum logging.
4839
4840
-V
4841
4842
print version and exit
4843
4844
WARNING
4845
4846
Setting the wrong options might render your data unusable!!! Make sure you know
4847
what you are doing. Always backup your data first.
4848
4849
It is *strongly* recommended to do a `dry run' first and to check the output
4850
for conversion errors.
4851
4852
afpd(8) should not be running while you change the volume encoding. Remember to
4853
change volcodepage in AppleVolumes.default(5) to the new codepage, before
4854
restarting afpd.
4855
4856
USE AT YOUR OWN RISK!!!
4857
4858
Selectable charsets
4859
4860
Netatalk provides internal support for UTF-8 (pre- and decomposed) and CAP. If
4861
you want to use other charsets, they must be provided by iconv(1)
4862
4863
uniconv also knows iso-8859.adapted, an old style 1.x NLS widely used. This is
4864
only intended for upgrading old volumes, afpd(8) cannot handle iso-8859.adapted
4865
anymore.
4866
4867
CNID background
4868
4869
The CNID backends maintains name to ID mappings. If you change a filename
4870
outside afpd(8) (shell, samba), the CNID db, i.e. the DIDNAME index, gets
4871
inconsistent. Netatalk tries to recover from such inconsistencies as gracefully
4872
as possible. The mechanisms to resolve such inconsistencies may fail sometimes,
4873
though, as this is not an easy task to accomplish. I.e. if several names in the
4874
path to the file or directory have changed, things may go wrong.
4875
4876
If you change a lot of filenames at once, chances are higher that the afpds
4877
fallback mechanisms fail, i.e. files will be assigned new IDs, even though the
4878
file hasn't changed. uniconv therefore updates the CNID entry for each file/
4879
directory directly after it changes the name to avoid inconsistencies. The two
4880
supported backends for volumes, dbd and cdb, use the same CNID db format.
4881
Therefore, you could use uniconv with cdb and afpd with dbd later.
4882
4883
Warning: There must not be two processes opening the CNID database using
4884
different backends at once! If a volume is still opened with dbd (cnid_metad/
4885
cnid_dbd) and you start uniconv with cdb, the result will be a corrupted CNID
4886
database, as the two backends use different locking schemes. You might run into
4887
additional problems, e.g. if dbd is compiled with transactions, cdb will not
4888
update the transaction logs.
4889
4890
In general, it is recommended to use the same backend for uniconv you are using
4891
with afpd(8).
4892
4893
Examples
4894
4895
convert 1.x CAP encoded volume to UTF-8, clients used MacRoman codepage,
4896
cnidscheme is dbd:
4897
4898
example% uniconv -c dbd -f ASCII -t UTF8 -m MAC_ROMAN /path/to/share
4899
4900
convert iso8859-1 volume to UTF-8, cnidscheme is cdb:
4901
4902
example% uniconv -c cdb -f ISO-8859-1 -t UTF8 -m MAC_ROMAN /path/to/share
4903
4904
convert 1.x volume using iso8859-1 adapted NLS to CAP encoding:
4905
4906
example% uniconv -f ISO-8859-ADAPTED -t ASCII -m MAC_ROMAN/path/to/share
4907
4908
convert UTF-8 volume to CAP, for MacCyrillic clients:
4909
4910
example% uniconv -f UTF8 -t ASCII -m MAC_CYRILLIC /path/to/share
4911
4912
See also
4913
4914
AppleVolumes.default(5),afpd(8),iconv(1),cnid_metad(8),cnid_dbd(8)
4915
4916
Index
4917
4918
Symbols
4919
4920
2-Way Randnum exchange
4921
4922
"2-Way Randnum exchange" UAM, UAMs supported by Netatalk
4923
4924
A
4925
4926
achfile, achfile
4927
acleandir, acleandir
4928
ADv1
4929
4930
AppleDouble v1, Volumes and filenames
4931
4932
ADv2
4933
4934
AppleDouble v2, CNID backends, Volumes and filenames
4935
4936
aecho, aecho
4937
AEP
4938
4939
Apple Echo Protocol, aecho, atalkd
4940
4941
afile, afile
4942
AFP
4943
4944
Apple Filing Protocol, File Services
4945
4946
afpd, Starting and stopping Netatalk, afpd
4947
afpd.conf, afpd.conf
4948
AFPD_GUEST, netatalk.conf
4949
AFPD_MAX_CLIENTS, netatalk.conf
4950
AFPD_RUN, netatalk.conf
4951
AFPD_UAM_LIST, netatalk.conf
4952
afppasswd, afppasswd
4953
AFS Kerberos
4954
4955
"AFS Kerberos" UAM (Kerberos IV), UAMs supported by Netatalk
4956
4957
ALLMULTI
4958
4959
NIC multicast settings, atalkd.conf
4960
4961
AppleDB
4962
4963
.AppleDB CNID database store, How to upgrade if no persistent CNID storage
4964
was used
4965
CNID database folder, CNID backends
4966
4967
AppleShare
4968
4969
Synonym for an AFP server, Setting up the AFP file server
4970
4971
Appletalk
4972
4973
The AppleTalk protocol suite, Appletalk
4974
4975
AppleVolumes.default, AppleVolumes.default
4976
apple_cp, apple_cp
4977
apple_mv, apple_mv
4978
apple_rm, apple_rm
4979
ASCII
4980
4981
afpd's unixcodepage setting, afpd and character sets
4982
afpd's volcharset setting, Compatibility with earlier versions
4983
American Standard Code for Information Interchange, Why Unicode?
4984
4985
asip-status.pl, asip-status.pl
4986
atalk, atalk
4987
atalkd, Starting and stopping Netatalk, atalkd
4988
atalkd.conf, atalkd.conf
4989
ATALKD_RUN, netatalk.conf
4990
atalk_aton, atalk_aton
4991
ATALK_BGROUND, netatalk.conf
4992
ATALK_MAC_CHARSET, netatalk.conf
4993
ATALK_NAME, netatalk.conf
4994
ATALK_UNIX_CHARSET, netatalk.conf
4995
ATALK_ZONE, netatalk.conf
4996
authenticated printing, Using pipes with papd, Notes
4997
Authentication
4998
4999
between AFP client and server, Authentication
5000
5001
B
5002
5003
Backend
5004
5005
CNID backend, CNID backends
5006
CUPS backend, Using AppleTalk printers
5007
5008
BDB
5009
5010
Berkeley DB, Required third party software
5011
5012
C
5013
5014
CAP
5015
5016
Columbia AppleTalk Package, Volumes and filenames
5017
5018
CAP encoding
5019
5020
CAP style character encoding, afpd and character sets
5021
5022
CAP-style authentication
5023
5024
old-style printing authentication, Notes
5025
5026
CDB
5027
5028
"cdb" CNID backend, cdb, Choosing a CNID storage scheme
5029
5030
Charset
5031
5032
character set, Charsets/Unicode
5033
5034
Cleartxt Passwrd
5035
5036
"Cleartxt Passwrd" UAM, UAMs supported by Netatalk
5037
5038
Client Krb v2
5039
5040
"Client Krb v2" UAM (Kerberos V), UAMs supported by Netatalk
5041
5042
CNID
5043
5044
Catalog Node ID, CNID backends, Choosing a CNID storage scheme
5045
5046
CNID backend, CNID backends, cnid_dbd, cnid_index
5047
cnidscheme
5048
5049
specifying a CNID backend, CNID backends, Choosing a CNID storage scheme,
5050
AppleVolumes.default
5051
5052
cnid_dbd, cnid_dbd
5053
cnid_index, cnid_index
5054
cnid_metad, Starting and stopping Netatalk, cnid_metad
5055
5056
dbd CNID database daemon, Choosing a CNID storage scheme
5057
5058
CNID_METAD_RUN, netatalk.conf
5059
Codepage, Why Unicode?
5060
Compile
5061
5062
Compiling Netatalk from Source, Compiling Netatalk
5063
5064
CUPS
5065
5066
Common Unix Printing System, Setting up the PAP print server
5067
5068
CVS
5069
5070
Concurrent Versioning System, Anonymous CVS
5071
5072
D
5073
5074
DBD
5075
5076
"dbd" CNID backend, dbd, Choosing a CNID storage scheme
5077
5078
DDP
5079
5080
Datagram Delivery Protocol, Transport Options
5081
5082
Deb
5083
5084
Debian package, Binary packages
5085
5086
Decomposed
5087
5088
Decomposed Unicode normalization, character sets used by Apple
5089
5090
DHCAST128
5091
5092
"DHCAST128" UAM, UAMs supported by Netatalk
5093
5094
DID
5095
5096
Directory ID, CNID backends
5097
5098
F
5099
5100
FID
5101
5102
File ID, CNID backends
5103
5104
File Services
5105
5106
Netatalk's File Services, File Services
5107
5108
G
5109
5110
getzones, getzones
5111
5112
H
5113
5114
hqx2bin, megatron
5115
5116
I
5117
5118
Iconv
5119
5120
iconv encoding conversion engine, afpd and character sets
5121
5122
IETF
5123
5124
Internet Engineering Task Force, Optional third party software
5125
5126
ISO-8859-1
5127
5128
afpd's volcharset setting, Charset options
5129
5130
ISO-8859-15
5131
5132
afpd's volcharset setting, Charset options
5133
5134
K
5135
5136
Kerberos IV
5137
5138
"Kerberos IV" UAM, UAMs supported by Netatalk
5139
5140
Kerberos V
5141
5142
"Client Krb v2" UAM, Which UAMs to activate?
5143
5144
L
5145
5146
Last
5147
5148
"last" CNID backend, last, Choosing a CNID storage scheme
5149
5150
lpd
5151
5152
System V line printer daemon, Setting up the PAP print server
5153
5154
LPR
5155
5156
Remote Line Printer Protocol, Printing
5157
5158
lpr
5159
5160
BSD lpd/lpr daemon, Setting up the PAP print server
5161
5162
LPRng
5163
5164
LPR Next Generation, Setting up the PAP print server
5165
5166
M
5167
5168
macbinary, megatron
5169
maccodepage
5170
5171
afpd's maccodepage setting, afpd and character sets
5172
5173
MacRoman
5174
5175
MacRoman charset, Why Unicode?
5176
5177
megatron, megatron
5178
5179
N
5180
5181
NBP
5182
5183
Name Binding Protocol, Transport Options, atalkd
5184
5185
nbp, nbp
5186
nbplkup, nbp
5187
nbprgstr, nbp
5188
nbpunrgstr, nbp
5189
nbp_name, nbp_name
5190
Nested volumes, CNID backends
5191
net-range
5192
5193
AppleTalk net-range, Routing
5194
5195
netatalk-config, netatalk-config
5196
netatalk.conf, Starting and stopping Netatalk, netatalk.conf
5197
NFS
5198
5199
Network File System, CNID backends, cnid_dbd
5200
5201
NLS
5202
5203
Native Language Support, Volumes and filenames
5204
5205
No User Authent
5206
5207
"No User Authent" UAM (guest access), UAMs supported by Netatalk
5208
5209
NTP
5210
5211
Network Time Protocol, Using Netatalk as a time server for Macintoshes
5212
5213
P
5214
5215
page accounting, Using AppleTalk printers
5216
PAM
5217
5218
Pluggable Authentication Modules, Optional third party software
5219
5220
Panther
5221
5222
Mac OS X 10.3, Setting up the AFP file server
5223
5224
PAP
5225
5226
Printer Access Protocol, Printing
5227
5228
pap, pap
5229
papd, Starting and stopping Netatalk, papd
5230
papd.conf, papd.conf
5231
PAPD_RUN, Starting and stopping Netatalk, netatalk.conf
5232
papstatus, papstatus
5233
PGPuam 1.0
5234
5235
"PGPuam 1.0" UAM, UAMs supported by Netatalk
5236
5237
Phase
5238
5239
AppleTalk phase 1 or 2, atalkd, atalkd.conf
5240
5241
Ports
5242
5243
FreeBSD port, Binary packages
5244
5245
PPD
5246
5247
PostScript Printer Description file, Setting up the PAP print server
5248
5249
Precomposed
5250
5251
Precomposed Unicode normalization, character sets used by Apple
5252
5253
Printing, Printing
5254
psf, psf
5255
psorder, psorder
5256
PSSP
5257
5258
Print Server Security Protocol, Notes
5259
5260
Q
5261
5262
Quotas
5263
5264
Disk usage quotas, CNID backends
5265
5266
R
5267
5268
Randnum exchange
5269
5270
"Randnum exchange" UAM, UAMs supported by Netatalk
5271
5272
Router
5273
5274
AppleTalk router, atalkd acting as an AppleTalk router
5275
5276
RPM
5277
5278
Red Hat Package Manager package, Binary packages
5279
5280
RTMP
5281
5282
Routing Table Maintainance Protocol, atalkd
5283
5284
S
5285
5286
Samba, character sets used by Apple
5287
single2bin, megatron
5288
SLP
5289
5290
Service Location Protocol, Optional third party software, Transport Options
5291
5292
Startscript
5293
5294
startup script, Starting and stopping Netatalk, netatalk.conf
5295
5296
SUN
5297
5298
Sun Microsystems, Optional third party software
5299
5300
Symlink
5301
5302
Unix softlink, CNID backends
5303
5304
T
5305
5306
Time Services, Time Services
5307
Timelord
5308
5309
AppleTalk time server, Time Services
5310
5311
timelord, Using Netatalk as a time server for Macintoshes, Starting and
5312
stopping Netatalk, timelord
5313
timeout, timeout
5314
5315
U
5316
5317
UAM
5318
5319
User Authentication Module, AFP authentication basics, afppasswd, papd
5320
5321
uams_cleartxt.so
5322
5323
"Cleartxt Passwrd" UAM, Netatalk UAM overview table
5324
5325
uams_dhx.so
5326
5327
"DHCAST128" UAM, Netatalk UAM overview table
5328
5329
uams_gss.so
5330
5331
"Client Krb v2" UAM (Kerberos V), Netatalk UAM overview table
5332
5333
uams_guest.so
5334
5335
"No User Authent" UAM (guest access), Netatalk UAM overview table
5336
5337
uams_krb4.so
5338
5339
"Kerberos IV" UAM, UAMs supported by Netatalk
5340
5341
uams_pgp.so
5342
5343
"PGPuam 1.0" UAM, UAMs supported by Netatalk
5344
5345
uams_randnum.so
5346
5347
"(2-Way) Randnum exchange" UAM, Netatalk UAM overview table
5348
5349
unbin, megatron
5350
unhex, megatron
5351
Unicode, Charsets/Unicode
5352
uniconv, uniconv
5353
unixcodepage
5354
5355
afpd's unixcodepage setting, afpd and character sets
5356
5357
unsingle, megatron
5358
UTF8
5359
5360
afpd's volcharset setting, Charset options
5361
Netatalk's precomposed UTF-8 encoding, character sets used by Apple
5362
5363
UTF8-MAC
5364
5365
afpd's volcharset setting, Charset options
5366
Netatalk's decomposed UTF-8 encoding, character sets used by Apple
5367
5368
V
5369
5370
volcharset
5371
5372
afpd's volcharset setting, afpd and character sets
5373
5374
Z
5375
5376
ZIP
5377
5378
Zone Information Protocol, atalkd
5379
Loggerhead is a web-based interface for Breezy
Version: 2.0.1