Make Netatalk talk to Leopard (Mac OS X 10.5)
After installing Leopard on my MacBook I realized, that I could no longer connect to my media server using AppleTalk. Having configured Netatalk quite often before I found the reason very quick. Leopard seems to require Two-Way Password encryption and won't work without it (if you know about a way to make Leopard connect, please leave it in the comments). Here's how to enable it on Debian Etch and Ubuntu servers.
Unfortunately the required module to enable password encryption on Debian is not in the standard package and needs to be compiled by the user.
First wee need to fetch the source for netatalk:
> apt-get source netatalk
then install all dependencies:
Debian:
> su
> apt-get install devscripts fakeroot libssl-dev cracklib2-dev
> apt-get build-dep netatalk
> exit
Ubuntu:
> sudo apt-get install devscripts fakeroot libssl-dev cracklib2-dev
> sudo apt-get build-dep netatalk
and build netatalk
> cd netatalk-2.0.3
> DEB_BUILD_OPTIONS=ssl debuild
The final step is to install our own build of netatalk
Debian:
> su
> dpkg -i ../netatalk*.deb
Ubuntu:
> sudo dpkg -i ../netatalk*.deb
The new version of netatalk is now running, but you can still not connect from your mac.
First create a .passwd file in the home directories of all users connecting with Leopard
Debian:
> su
> echo userpassword > /home/username/.passwd
> chown username /home/username/.passwd
> chmod 600 /home/username/.passwd
Ubuntu:
> sudo echo userpassword > /home/username/.passwd
> sudo chown username /home/username/.passwd
> sudo chmod 600 /home/username/.passwd
Then restart netatalk
Debian:
> su
> /etc/init.d/netatalk restart
Ubuntu:
> sudo /etc/init.d/netatalk restart
If you did not edit your /etc/netatalk/afpd.conf you should be up an running, by now. If you DID add a line to afpd.conf you nbeed to add the following to -uamlist:
uams_dhx.so
Example:
- -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword
That's it. You now have an appletalk server thet's leopard compatible AND more secure then before!
by Stefan LH
Hi i've been following your instructions but still can't get it to work, I get this error when running DEBBUILDOPTIONS
Now signing changes and any dsc files... signfile netatalk_2.0.3-4.dsc Sebastian Rittau gpg: skipped "Sebastian Rittau ": secret key not available gpg: [stdin]: clearsign failed: secret key not available debsign: gpg error occurred! Aborting.... debuild: fatal error at line 1155: running debsign failed
Any ideas?
I'm not sure. There might be a packet missing, maybe openssl or pgp. I don't know. If anyone finds a solution, please let me know, I want to add it to this entry.
Well i got it working, my system was a bit of a mix of stable and testing
so i installed a clean etch and now everything's working. I didn't have to create the .passwd file though, and i still get the debsign error
Fredrik, I (finally) solved this problem by adding the otions "-i -us -uc -b" to debuild
Don't worry about that. The .deb files can be signed by the program's author. That way you know it wasn't modified when you try to install it. Since we are modifying the deb, Ubuntu is trying to sign the file as the last step, but it fails because you don't have the key -- you aren't the original author.
All that means is the .deb that was created will not be signed.
Long story short: Ignore that error, the deb will install anyways.
No luck at all here. It took me forever to get the correct set of reqs to get this to build (it doesn't help that netatalk requires both libcupsys2 and heimdal-dev, whih are listed as conflicting in Apt), but I was finally able to do so. I too got the error concerning the missing private key, but the .deb file is created none-the-less, so I installed it.
Unfortunately, it's still no-go, even with the rest of the suggested modifications. I've had to install Samba until there is some sort of fix. I was running Etch stable, but could only get the deps correct by upgrading it to testing. It also didn't help that build-deps wouldn't complete, and that there was at least one dep (cracklib) that wasn't listed as a dep, but which would kill the build.
A frustrating way to spend my evening, only to have everything finally built and installed, only to not work at all. Sigh.
Yaz.
It appears you have the exact same problem that i had, unfortunatly i did'nt find any other solution than to reinstall etch and then follow the instructions on this site and here: http://blog.our-files.com/?p=5
shouldn't your step "> build-dep netatalk" rather be "apt-get build-dep netatalk"?
and I'd suggest to do a "echo "netatalk hold" | sudo dpkg --set-selections" so that our compiled package isn't overwritten by the package manager later.
With this you can re-enable cleartext passwords for your account in Leopard:
That way you don't need to stray from the standard netatak package available in Debian or Ubuntu.
Hope that helps.
Actually it seemed the command to activate the clear text password you posted is not for Leopard. A little checking the defaults showed it must be the following:
Thank you so much; just wasted about an hour wondering why this didn't work but worked with my Fedora machines.
This is the blog post I wish I had found before I mucked through all this myself
http://blog.wearesakuzaku.com/94-making-netatalk-work-on-debian-with-leopard/
Erwin, I knew there had to be a way to re-enable cleartext passwords on Leopard, but I had no idea how to discover what the name of the setting was. How did you figure that out?
Thanks for the link to that posting, Cody -- it turns out I too was missing libssl-dev. I had to solve the circular dependency problem by running /usr/lib/pbuilder/pbuilder-satisfydepends, and with those two in place, once I re-ran ./configure, it finally reported that it was configured to build the DHX support. I'm finally reconnected to my Linux box. Huzzah!
Yaz.
I was actually browsing through the output of
defaults readto see if I would run into anything to adjust the transparency of the menubar when I saw this one. Doing a search withafp_cleartext_allowthe first result is a page at macosxhints and at the bottom of that page you can find the needed command.Okay, I am almost positive I need this same fix. I don't have the uams_dhx.so file but no matter what I do I can't get the circular dependencies problem resolved. Can you give more detail on how to use the pbuilder command to get both the heimdal-dev and the libkrb5-dev packages installed at the same time? I am truly at a loss now.
Thanks,
kazoo
Thanks for this.
"sudo build-dep netatalk" should read "sudo apt-get build-dep netatalk"
cheers
Thank you!
Worked out fantastic!!!
You are the man, it works and rocks!!!
thanks!
Anyone happen to have some advice on this error? I get this even if i just try to install the netatalk w/o altering it or anything (sudo apt-get install netatalk).
tarting Netatalk services (this will take a while): nbp_rgstr: Connection timed out Can't register deep-blue:Workstation@* invoke-rc.d: initscript netatalk, action "start" failed. dpkg: error processing netatalk (--install): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: netatalk
Any suggestions would be great, thanks all.
Worked like a charm Ubuntu Feisty
Maybe it's a good idea to ask ubuntu build team to enable SSL by default in their build?
Any reason to do not? I think netatalk in ubuntu/debian is mostly used by people with macs in their network...
ty ty ty!
time 4 timemachine 
I'm pretty sure I have Ubuntu configured correctly and netatalk built correctly. I can connect fine to my home directory from Leopard. I have a 2nd drive that I mount as /storage. I added this share to the AppleVolumes.default. When I try to connect to this Leopard just spins and spins. Anyone else have problems connecting to anything besides their home directory?
I would recommend to delete all the Appletalk and Mac files (like ds_store)
Ah ha! Thanks, that worked. I thought I had done that once but apparently I must have missed something. I couldn't figure out why it didn't work after doing a clean install of leopard. It was actually completely hanging the OS, with no choice but to hold down the power button
Super! it works really good, but there's one problem i have with netatalk/afpd on ubuntu.. i can see all files on my server except .htaccess files. Does anyone else has this problem or an solution?
Hello All,
I have been trying to get my mac book pro running leopard to connect my Fedora Core 7 running Netatalk. It took a little to get Netatalk to compile with the new Berkly DB APIs. I just had to add an additional argument to a stat function pointer. It was pretty straight forward. I don't think it would be the root of my problem. After getting it to build and installing it, I am able to connect to my home directory on my FC7 machine using Netatalk with no problems. However, I am trying to access an external drive mount at /mnt/hd. I have commented out the ~ from my AppleVolumes.default file. I have included a line like this:
/mnt/hd "backup"
With these settings, I am prompted for user and password. So I type in my credentials that are valid on my FC7 box. It then connects me to my home directory every time regardless of how my AppleVolumes.default file is configured. I cannot seem to see what the problem is. The external HD is an hfsplus filesystem. I was thinking that maybe FC7 and Netatalk do not like working with hfsplus filesystems, so I changed my path to something like this:
/home/[user]/shared "backup"
Which is obviously on my local ext3 partition. I still get connected to /home/[user] directory.
Any suggestions?
Thanks for any help, smanders
Thank you.
It works like a charm!
I suggest you to add a version on the debian/changelog file (or use dch -i) to prevent accidental upgrades.
I was following the steps literally without understanding a lot of it. I need some extra explanation of the comment about uams_dhx.so. Where is the line into which I need to add it? In what file? I don't think I typed such a line as a top level command. ???
OK, sorry for the dumb question. I found the line, when I decided to go ahead and add some needed lines to afpd.conf even though I had no idea where this -transall ... line was to be found.
Thanks for instructions so simple that even doopy me can follow them!
Hi there, I'm having serious problems to connect to Netatalk on a MyBook World Edition NAS. Netatalk is up and running, howecer I cannot connect, nor as guest or a specific user. I get these messages in a log:
I added the .passwd-file to a shared folder (because there is no user on the NAS), forced cleartext on Leopard but now I'm stuck. I'm more than willing to post all the .conf's that are needed! Can someone please help me, this is driving me nuts...
PS: Tiger cannot connect either
Haven't tried this myself... but check out the com.apple.AppleShareClient.plist file under 'Macintosh HD:Users:[your user shortname]:Library:Preferences'
There is a setting there 'afp _ cleartext _ allow' which defaults to 'no'. Try changing it to 'Yes'.
-Cheers, Peter.
Why go through the hassle of recompiling yourself (especially if you are not familiar with the steps involved in Debian package compiling):
Just read the README.Debian file below /usr/share/doc/netatalk and see how you can add an APT line to subscribe to unofficial pre-compiled package made by the official netatalk package maintainer.
...which happens to be me
P.S.
If you have any complaints or suggestions for improvements, you are most welcome to throw them at me: install the package reportbug and run "reportbug netatalk" on the commandline).
Don't just expect me to stumble across your random notes spread across the internet
Thank you very much. This solved my partially-related issue of getting Netatalk to work again after upgrading to Ubuntu 8.04 Hardy. I appreciate people that post clear, concise, and well-presented guides like this.
Worked great for me! Thanks for the well-written directions.
Great guide.
First go didn't work for me on a fresh Ubuntu 8.10.
Kept getting a "Connection Failed" error on my mac.
I ended up finding some good info that complements this post at: http://www.blackmac.de/archives/58-Make-Netatalk-talk-to-Leopard-Mac-OS-X-10.5.html
To solve the problem I basically had to install some additional packages (as referred to a comment in the above linked post) and re-install.
Packages were libssl0.9.8-dbg, libpam0g, libpam0g-dev, libpam-cracklib.
I also added come additional options to build, specifically: DEBBUILDOPTIONS=ssl dpkg-buildpackage -rfakeroot -i -us -uc -b
dunno which one thing solved it but it is all good now. (Ubuntu 8.10 + Mac Leopard)