AFP

From Alessandro's Wiki
Jump to: navigation, search

this is the protocol used for network file sharing in Apple systems (at leas for the latest ones)

server settings

  • afpd.conf is the server configuration file, a backup server might look like this:
 - -transall -ipaddr 192.168.0.10 -port 548  -noddp -uamlist uams_dhx.so,uams_dhx2.so -nozeroconf

user permissions

  • in /etc/netatalk/AppleVolumes.default we can set the file permissions to use for each service.
    • example: we have a network with an all-users group and we want them to be able to overwrite each-other files. Others can read:
      • umask:002
      • dperm:0775
      • fperm:0664
    • default linux behaviour, with read only to group users.
      • umask:022
      • dperm:0755
      • fperm:0644
  • the complete line:
/directory/shared/ "Awesome Share" options:usedots,upriv,noadouble,nohex cnidscheme:cdb umask:002 dperm:0775 fperm:0664

veto files

  • this option hides the objects specified between slashes
veto: recycled/desktop.ini/Folder Settings/

UAM list

  • usually in one of these dirs:
/usr/local/etc/netatalk/uams
/usr/lib/atalk
/usr/lib64/netatalk
ls /usr/lib/atalk/
uams_dhx2_pam.so  uams_dhx2_passwd.so  uams_dhx_pam.so  uams_dhx_passwd.so  uams_gss.so  uams_guest.so  uams_pam.so  uams_passwd.so  uams_randnum.so

Fedora 18

  • a config file is located here:
/usr/libexec/netatalk/netatalk.sh

Volumes

 path [name] [casefold:x] [options:z,l,j] \
   [allow:a,@b,c,d] [deny:a,@b,c,d] [dbpath:path] [password:p] \
   [rwlist:a,@b,c,d] [rolist:a,@b,c,d] [limitsize:value in bytes] \
   [preexec:cmd] [root_preexec:cmd] [postexec:cmd]  [root_postexec:cmd] \
   [allowed_hosts:IPv4 address[/IPv4 netmask bits]] \
   [denied_hosts:IPv4 address[/IPv4 netmask bits]] \
   ... more, see below ...
  • defaults:
:DEFAULT: options:upriv,usedots,tm  umask:002 dperm:0775 fperm:0664
  • only user home with defaults:
~
  • a time machine volume (user based) :
/backup/timemachine/$u/                         "TimeMachine"  options:usedots,upriv,noadouble,nohex,tm
  • a share allowed only to some users and group "video"
/export/ingestion  "Ingest" options:usedots,upriv,noadouble,nohex cnidscheme:cdb umask:002 dperm:0775 fperm:0664 allow:ale,jack,@video

a read only share

  • we need to create an hidden folder for AppleDB files:
mkdir /share/hidden
chmod 700 /share/hidden
dbpath:/share/hidden/.AppleDB/
  • a read only share
/export/mirror/share     "Share-snapshot"  options:usedots,noadouble,nohex,ro,nocnidcache

problem solving

Finder "stuck" on connect to share

  • in the log you'll see the server stopping after a message like this:

afpd[]: Setting uid/gid to 100/100

  • the solution in my case was:
    • stop the server
    • remove the Finder database file .AppleDB
    • restart server.
find . -name \.AppleDouble -exec rm -rf {} \; 
find . -name \.AppleDB -exec rm -rf {} \; 
find . -name \.DS_Store -exec rm -rf {} \; 
find . -name \.AppleDesktop -exec rm -rf {} \; 
find . -name \.TemporaryItems -exec rm -rf {} \; 
find . -name Network\ Trash\ Folder -exec rm -rf {} \;
find . -name Temporary\ Items -exec rm -rf {} \;

when having a mirror server

  • DB becomes inconsistent due to path change (if different server) , the RSYNC command will need to exclude some files:
cat /mirror/excludes_afp
.AppleDB/
.DS_Store
.AppleDesktop/
.AppleDouble/
.TemporaryItems/
Temporary Items/
Network Trash Folder/
  • example:
rsync -a --delete --delete-excluded --exclude-from=excludes_afp source_host:/dir/ /mirror/host/
  • mediacluster excludes
.encoding.log
.encoding.log.post.txt
.encoding.log.p2.txt
.stats.mbtree
.stats
ingestion/done/
virtual/

version 3

 * Following config files are obsolete now:
 * afpd.conf, netatalk.conf, AppleVolumes.default and afp_ldap.conf
 * in favour of
 * /etc/afp.conf

 * Please convert your existing configs before you restart your daemon

 * The new AppleDouble default backend is appledouble = ea
 * Existing entries will be updated on access, but can do an offline
 * conversion with
 * dbd -ruve /path/to/Volume

variables

 rules:
     1) if you specify an unknown variable, it will not get converted. 
     2) if you specify a known variable, but that variable doesn't have
        a value, it will get ignored.
 
 the variables:
 $b   -> basename of path
 $c   -> client's ip or appletalk address
 $d   -> volume pathname on server    
 $f   -> full name (whatever's in the gecos field)
 $g   -> group
 $h   -> hostname 
 $i   -> client ip without tcp port or appletalk network   
 $s   -> server name (can be the hostname)
 $u   -> username (if guest, it's whatever user guest is running as)
 $v   -> volume name (either ADEID_NAME or basename of path)
 $z   -> zone (may not exist)
 $$   -> $

references