Chapter 4. Upgrading from Netatalk 2

Frank Lahm

6 Sep, 2013

Table of Contents

New configuration
New AppleDouble backend
Other major changes
Table with old and new configuration file names
Table with old and new option names
To Do


There are two major changes in Netatalk:

  1. New configuration file afp.conf, obsoleting all previous configuration files

  2. New AppleDouble backend "appledouble = ea" which stores Mac metadata and resource forks in extended attributes of the filesystem

New configuration

  • ini style syntax (like Samba’s smb.conf)

  • one to rule them all: configure AFP settings and volumes in one file

  • obsoletes afpd.conf, netatalk.conf, AppleVolumes.default and afp_ldap.conf


most option names have changed, read the full manpage afp.conf for details

New AppleDouble backend

New AppleDouble backend "appledouble = ea" which stores Mac metadata and resource forks in extended attributes of the filesystem.

  • default backend (!)

  • requires a filesystem with Extended Attributes, fallback is "appledouble = v2"

  • converts filesystems from "appledouble = v2" to "appledouble = ea" on the fly when accessed (can be disabled)

  • dbd can be used to do conversion in one shot

Implementation details:

  • stores Mac Metadata (eg FinderInfo, AFP Flags, Comment, CNID) in an Extended Attributed named “org.netatalk.Metadata

  • stores Mac ResourceFork either in

    • an Extended Attribute named “org.netatalk.ResourceFork” on Solaris w. ZFS, or in

    • an extra AppleDouble file named “._file” for a file named “file

  • the format of the ._ file is exactly as the Mac’s CIFS client expects it when accessing the same filesystem via a CIFS server (Samba), thus you can have parallel access from Macs to the same dataset via AFP and CIFS without the risk of loosing data (resources or metadata). Accessing the same dataset with CIFS from Windows clients will still break the coupling of “file” and “._file” on non ZFS filesystems (see above), so for this we still need an enhanced Samba VFS module (in the works).

As these days the only applications making use of Resource Forks are Adobe Photoshop (image preview) and Postscript Type 1 fonts, even on eg Linux you’ll get rid of 99% of any extra Netatalk AppleDouble files (and folders).

Other major changes

  • New service controller daemon netatalk which is responsible for starting and restarting the AFP and CNID daemons. All bundled start scripts have been updated, make sure to update yours!

  • The CNID databases are now stored under /var/netatalk/CNID/ by default. You can use configure --localstatedir=PATH at compile time to change the location.

  • Netatalk 2.x volume options “usedots” and “upriv” now enabled by default

  • Removed SLP and AFP proxy support

  • Removed type/creator extension mapping support


  1. Stop Netatalk 2.x

  2. Install Netatalk 3

  3. Manually recreate configuration in afp.conf and extmap.conf

  4. Update your Netatalk start script (SMF, systemd, whatever...) to only start netatalk

  5. Move afp_voluuid.conf and afp_signature.conf to the localstate directory (default /var/netatalk/), you can use afpd -v in order to find the correct path

  6. Start Netatalk 3

Table with old and new configuration file names

Table 4.1. old and new configuration file names

Old File NameNew File NameDescription
-etc/afp.confnew ini-style format
-etc/extmap.confstarting with netatalk 3.0.2
etc/netatalk/afp_signature.confvar/netatalk/afp_signature.confmoved to $localstatedir
etc/netatalk/afp_voluuid.confvar/netatalk/afp_voluuid.confmoved to $localstatedir
etc/netatalk/netatalk.conf (/etc/default/netatalk)-obsolete

Table with old and new option names

Table 4.2. from netatalk.conf (/etc/default/netatalk) to afp.conf

Old netatalk.confNew afp.confOld Default ValueNew Default ValueSectionDescription
ATALK_NAMEhostname--(G)use gethostname() by default
CNID_METAD_RUN-yes--controlled by netatalk(8)
AFPD_RUN-yes--controlled by netatalk(8)
AFPD_MAX_CLIENTSmax connections20200(G)-
AFPD_GUESTguest accountnobodynobody(G)-
CNID_CONFIGlog level-l log_notecnid:note(G)-
CNID_CONFIGlog file--(G)-
ATALKD_RUN-no--AppleTalk is obsoleted
PAPD_RUN-no--AppleTalk is obsoleted
TIMELORD_RUN-no--AppleTalk is obsoleted
A2BOOT_RUN-no--AppleTalk is obsoleted
ATALK_BGROUND-no--AppleTalk is obsoleted
ATALK_ZONE-no--AppleTalk is obsoleted

Table 4.3. from afpd.conf to afp.conf

Old afpd.confNew afp.confOld Default ValueNew Default ValueSectionDescription
1st field ("-" or "server name")hostname--(G)use gethostname() by default
-uamlistuam list-U,
-nozeroconfzeroconf-yes (if supported)(G)-
-advertise_sshadvertise ssh-no(G)-
-[no]savepasswordsave password-savepasswordyes(G)-
-[no]setpasswordset password-nosetpasswordno(G)-
-client_pollingclient polling-no(G)-
-hostnamehostname--(G)use gethostname() by default
-loginmesglogin message--(G)/(V)-
-guestnameguest accountnobodynobody(G)-
-passwdfilepasswd fileafppasswdafppasswd(G)-
-passwdminlenpasswd minlen--(G)-
-sleepsleep time1010(G)-
-server_quantumserver quantum3038401048576(G)-
-setuploglog leveldefault log_notedefault:note(G)-
-setuploglog file--(G)-
-k5servicek5 service--(G)-
-k5realmk5 realm--(G)-
-k5keytabk5 keytab--(G)-
-uampathuam pathetc/netatalk/uams/lib/netatalk/(G)moved to $libdir
-ipaddrafp listen--(G)-
-cnidservercnid serverlocalhost:4700localhost:4700(G)/(V)-
-unixcodepageunix charsetLOCALEUTF8(G)-
-maccodepagemac charsetMAC_ROMANMAC_ROMAN(G)/(V)-
-closevolclose vol-no(G)-
-ntdomainnt domain--(G)-
-ntseparatornt separator--(G)-
-tcpsndbuftcpsndbuf--(G)OS default
-tcprcvbuftcprcvbuf--(G)OS default
-fcelistenerfce listener--(G)-
-fcecoalescefce coalesce--(G)-
-fceeventsfce events--(G)-
-fceholdfmodfce holdfmod6060(G)-
-mimicmodelmimic model--(G)-
-adminauthuseradmin auth user--(G)-
-noacl2maccessmap acls-rights(G)-
-[no]tcp--tcp--always TCP only
-[no]ddp--noddp--AppleTalk is obsoleted
-[no]transall--tcp -noddp--always TCP only
-[no]slp--noslp--SLP support is obsoleted
-[no]uservolfirst--nouservolfirst--uservol is obsoleted
-[no]uservol--uservol--uservol is obsoleted
-proxy----AppleTalk is obsoleted
-defaultvol-AppleVolumes.default--afp.conf only
-systemvol-AppleVolumes.system--afp.conf only
-loginmaxfail----not supported from the biginning
-authprintdir----AppleTalk is obsoleted
-ddpaddr----AppleTalk is obsoleted
-[no]icon--noicon -obsolete
-keepsessions----obsolete. Use kill -HUP.

Table 4.4. from afp_ldap.conf to afp.conf

Old afp_ldap.confNew afp.confOld Default ValueNew Defalut ValueSectionDescription
ldap_serverldap server--(G)-
ldap_auth_methodldap auth method--(G)-
ldap_auth_dnldap auth dn--(G)-
ldap_auth_pwldap auth pw--(G)-
ldap_userbaseldap userbase--(G)-
ldap_userscopeldap userscope--(G)-
ldap_groupbaseldap groupbase--(G)-
ldap_groupscopeldap groupscope--(G)-
ldap_uuid_attrldap uuid attr--(G)-
ldap_uuid_stringldap uuid string--(G)-
ldap_name_attrldap name attr--(G)-
ldap_group_attrldap group attr--(G)-

Table 4.5. from AppleVolumes.* to afp.conf

Old AppleVolumes.*New afp.confOld Default ValueNew Defalut ValueSectionDescription
(leading-dot lines)----move to extmap.conf
:DEFAULT:-options:upriv,usedots--use "vol preset ="
1st field ("~")----use [Homes] section
1st field ("/path")path--(V)-
2nd field----use section name
allow:valid users--(V)-
deny:invalid users--(V)-
volcharset:vol charsetUTF8(same as unix charset)(G)/(V)-
maccharset:mac charsetMAC_ROMANMAC_ROMAN(G)/(V)-
veto:veto files--(V)-
cnidscheme:cnid schemedbddbd(V)-
adouble:appledoublev2ea(V)v1, osx and sfm are obsoleted
cnidserver:cnid serverlocalhost:4700localhost:4700(G)/(V)-
dbpath:vol dbpath(volume directory)var/netatalk/CNID/(G)moved to $localstatedir
dperm:directory perm00000000(V)-
fperm:file perm00000000(V)-
root_preexec:root preexec--(V)-
root_postexec:root postexec--(V)-
allowed_hosts:hosts allow--(V)-
denied_hosts:hosts deny--(V)-
volsizelimit:vol size limit--(V)-
perm:----Use "directory perm" and "file perm"
options:roread only-no(V)-
options:invisibledotsinvisible dots-no(V)-
options:nostatstat vol-yes(V)-
options:preexec_closepreexec close-no(V)-
options:root_preexec_closeroot preexec close-no(V)-
options:uprivunix priv-yes(V)-
options:nodevcnid dev-yes(V)-
options:illegalseqillegal seq-no(V)-
options:tmtime machine-no(V)-
options:searchdbsearch db-no(V)-
options:nonetidsnetwork ids-yes(V)-
options:followsymlinksfollow symlinks-no(V)-
options:nohex----auto-convert from ":2f" to ":"
options:usedots----auto-convert from ":2e" to "."

To Do

  • test ad utils with appledouble = ea