Install Netatalk 3.1.11 on Debian 9 Stretch
Install the following packages by "apt install".
- libevent-dev (used by netatalk(8))
- libssl-dev (DHX auth aka DHCAST128)
- libgcrypt-dev (DHX2 auth)
- libkrb5-dev (Kerberos V auth)
- libpam0g-dev (PAM)
- libwrap0-dev (TCP Wrapper)
- libdb-dev (dbd CNID backend)
- libtdb-dev (tdb CNID backend)
- libmariadbclient-dev (mysql CNID backend)
- avahi-daemon (Bonjour support)
- libavahi-client-dev (Bonjour support)
- libacl1-dev (ACL support)
- libldap2-dev (enhanced ACL support)
- libcrack2-dev (password ckeck)
- systemtap-sdt-dev (DTrace-compatible)
- libdbus-1-dev (used by afpstats command)
- libdbus-glib-1-dev (used by afpstats command)
- libglib2.0-dev (used by afpstats command)
- libio-socket-inet6-perl (used by asip-status.pl command)
- tracker (used for spotlight indexing)
- libtracker-sparql-1.0-dev (used for spotlight indexing) (version number may differ)
- libtracker-miner-1.0-dev (used for spotlight indexing) (version number may differ)
If tracker's version is unknown, you can know using command "apt search libtracker".
Get the tarball from Netatalk Web Site.
Extract the tarball.
$ tar xvf netatalk-3.1.11.tar.bz2 $ cd netatalk-3.1.11
You should read the help message, in order to know configure options.
If the applicable libraries are installed, many options will be detected automatically.
$ ./configure --help
Do configure! The following options are not auto-detected.
$ ./configure \ --with-init-style=debian-systemd \ --without-libevent \ --without-tdb \ --with-cracklib \ --enable-krbV-uam \ --with-pam-confdir=/etc/pam.d \ --with-dbus-daemon=/usr/bin/dbus-daemon \ --with-dbus-sysconf-dir=/etc/dbus-1/system.d \ --with-tracker-pkgconfig-version=1.0
If you use Debian 7 or earlier, the value of "--with-init-style" option is "debian-sysv", not "debian-systemd".
The version 1.0 --with-tracker-pkgconfig-version=1.0 must match the pkg-config version of the installed Tracker libraries. Use the following commands for finding the version info:
$ pkg-config --list-all | grep tracker ...
On successful completion, you will see a report similar to the following:
Compilation summary: CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir) CFLAGS = -D_U_="__attribute__((unused))" -g -O2 LIBS = -lcrack PTHREADS: LIBS = CFLAGS = -pthread TRACKER: LIBS = -ltracker-sparql-1.0 -lgio-2.0 -lgobject-2.0 -Wl,--export-dynamic -lgmodule-2.0 -pthread -lglib-2.0 CFLAGS = -pthread -I/usr/include/tracker-1.0 -I/usr/include/tracker-1.0/libtracker-sparql -I/usr/include/glib-2.0 -I/usr/lib/x86_64-linux-gnu/glib-2.0/include SSL: LIBS = -L/usr/lib64 -lcrypto CFLAGS = -I/usr/include/openssl LIBGCRYPT: LIBS = -lgcrypt CFLAGS = PAM: LIBS = -lpam CFLAGS = WRAP: LIBS = -lwrap CFLAGS = BDB: LIBS = -L/usr/lib64 -ldb-5.3 CFLAGS = GSSAPI: LIBS = -L/usr/lib/x86_64-linux-gnu/mit-krb5 -Wl,-z,relro -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err CFLAGS = -isystem /usr/include/mit-krb5 ZEROCONF: LIBS = -lavahi-common -lavahi-client CFLAGS = -D_REENTRANT LDAP: LIBS = -lldap CFLAGS = LIBEVENT: LIBS = CFLAGS = TDB: LIBS = -ltdb CFLAGS = MySQL: LIBS = -L/usr/lib/x86_64-linux-gnu -lmariadbclient -lpthread -lz -lm -ldl CFLAGS = -I/usr/include/mysql Configure summary: INIT STYLE: debian-systemd AFP: Extended Attributes: ad | sys ACL support: yes Spotlight: yes CNID: backends: dbd last tdb mysql UAMS: DHX (PAM SHADOW) DHX2 (PAM SHADOW) RANDNUM (afppasswd) Kerberos V clrtxt (PAM SHADOW) guest Options: Zeroconf support: yes tcp wrapper support: yes quota support: yes valid shell check: yes cracklib support: yes ACL support: auto Kerberos support: yes LDAP support: yes AFP stats via dbus: yes dtrace probes: yes Paths: Netatalk lockfile: /var/lock/netatalk init directory: /lib/systemd/system dbus system directory: /etc/dbus-1/system.d dbus daemon path: /usr/bin/dbus-daemon tracker prefix: /usr tracker install prefix: /usr tracker manager: /usr/bin/tracker daemon pam config directory: /etc/pam.d Documentation: Docbook: no
Docbook is not needed because it is for developers only.
Make and install.
$ make # make install
Check features and paths, using "netatalk -V" and "afpd -V".
$ /usr/local/sbin/netatalk -V netatalk 3.1.11 - Netatalk AFP server service controller daemon This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Please see the file COPYING for further information and details. netatalk has been compiled with support for these features: Zeroconf support: Avahi Spotlight support: Yes afpd: /usr/local/sbin/afpd cnid_metad: /usr/local/sbin/cnid_metad tracker manager: /usr/bin/tracker daemon dbus-daemon: /usr/bin/dbus-daemon afp.conf: /usr/local/etc/afp.conf dbus-session.conf: /usr/local/etc/dbus-session.conf netatalk lock file: /var/lock/netatalk
$ /usr/local/sbin/afpd -V afpd 3.1.11 - Apple Filing Protocol (AFP) daemon of Netatalk This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Please see the file COPYING for further information and details. afpd has been compiled with support for these features: AFP versions: 2.2 3.0 3.1 3.2 3.3 3.4 CNID backends: dbd last tdb mysql Zeroconf support: Avahi TCP wrappers support: Yes Quota support: Yes Admin group support: Yes Valid shell checks: Yes cracklib support: Yes EA support: ad | sys ACL support: Yes LDAP support: Yes D-Bus support: Yes Spotlight support: Yes DTrace probes: Yes afp.conf: /usr/local/etc/afp.conf extmap.conf: /usr/local/etc/extmap.conf state directory: /usr/local/var/netatalk/ afp_signature.conf: /usr/local/var/netatalk/afp_signature.conf afp_voluuid.conf: /usr/local/var/netatalk/afp_voluuid.conf UAM search path: /usr/local/lib/netatalk// Server messages path: /usr/local/var/netatalk/msg/
[Global] [Homes] basedir regex = /home [Test Volume] path = /export/test1 [My Time Machine Volume] path = /export/timemachine time machine = yes
It's recommended to enable extended attributes of filesystem. You can check it by "getfattr" and "setfattr" commands.
If you use ACL, you shoud check it by "getfacl" and "setfacl" commands.
If these are disabled, use "tune2fs" command or edit "/etc/fstab" file.
/dev/sdc2 /mountpoint ext4 defaults,user_xattr,acl 0 2
You should check firewall. AFP's port number is 548. Zeroconf's port number is 5353.
Enabling and Starting
The systemd unit file is /lib/systemd/system/netatalk.service. You must run Avahi ahead of Netatalk.
# systemctl enable avahi-daemon # systemctl enable netatalk # systemctl start avahi-daemon # systemctl start netatalk
If you use Spotlight feature, read Spotlight section in Netatalk Manual.
Set "spotlight = yes".
Set "spotlight = no" for Time Machine's volume. The mining for sparsebundle is wasteful.
[Global] spotlight = yes [Homes] basedir regex = /home [Test Volume] path = /export/test1 [My Time Machine Volume] path = /export/timemachine time machine = yes spotlight = no
A bug have been reported.
- Bug#543 Spotlight cannot search in user homes and FIX: Spotlight: searching in user homes, bug #543 by hat001 · Pull Request #7 · Netatalk/Netatalk - There is still a problem with this patch.
Interoperation with Samba
Recent Netatalk and Samba can store metadata in the compatible format.
Using this way, the following access becomes possible.
- from Mac to Netatalk
- from Mac to Samba
- from Windows to Samba
Using "vol preset" option, the same configuration is set for all volumes.
Using "ea = samba", Extended Attributes become compatible with Samba.
[Global] vol preset = my default values [my default values] ea = samba [Homes] basedir regex = /home [Test Volume] path = /export/test1 [My Time Machine Volume] path = /export/timemachine time machine = yes
Setting various options in [global], the same configuration is set for all shares.
Three vfs objects (catia, fruit and streams_xattr) provide enhanced compatibility with Apple SMB clients and interoperability with a Netatalk.
Using "hide files", the invisible files created via Netatalk are hidden from Windows. Use "hide files", not "veto files".
[My Time Machine Volume] is commented out because Time Machine feature can not be used via SMB.
[global] foo = bar baz = qux ea support = Yes vfs objects = catia fruit streams_xattr fruit:locking = netatalk fruit:encoding = native streams_xattr:prefix = user. streams_xattr:store_stream_type = no hide files = /.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/Temporary Items/.TemporaryItems/.VolumeIcon.icns/Icon?/.FBCIndex/.FBCLockFolder/ read only = No [homes] [Test Volume] path = /export/test1 ;[My Time Machine Volume] ; path = /export/timemachine