Netatalk Frequently Asked Questions
-($Id: FAQ,v 1.1 2001-03-06 23:20:25 lancel Exp $)
+($Id: FAQ,v 1.12.8.1 2009-04-30 09:35:06 franklahm Exp $)
-Compilation -----------------------------------------------------------------
+-----------------------------------------------------------------------------
-Installation ----------------------------------------------------------------
+Q1: Where can I get more information on Netatalk?
+Q2: What is this I keep seeing about asun?
+Q3: How do I get the most recent version of Netatalk?
+Q4: Can I get an almost current version of Netatalk without having to learn CVS?
+Q4a: Is there an RPM, package, or tarball for my platform?
+Q5: I'm having massive file deletion problems!
+Q6: I am having lots of file locking problems!
+Q7: I'm getting this message in my logs:
+ WARNING: DID conflict for ... Are these the same file?
+Q8: I can't seem to use passwords longer than 8 characters for my netatalk
+ accounts. How can I fix that?
+Q9: I would like to use encrypted passwords to authenticate to the Netatalk
+ server. How do I do that?
+Q10: How can I set who has access to certain directories?
+Q11: What are the .AppleDouble and .Parent directories which are created in
+ the netatalk locations?
+Q12: Hidden files - what's up with that?
+Q13: I get a "socket: Invalid argument" error when trying to start netatalk
+ under Linux. What is causing this?
+Q14: Netatalk works over Appletalk, but my IP connections are refused, even
+ though I have enabled them in the configuration files.
+Q15: I'm having Quark Express file locking problems, is there information on that?
+Q16: I'm getting this error in Quark Express when trying to save a file to
+ the server: 'Error Type -50'
+Q17: Does netatalk work with Mac OSX?
+Q18: I'm getting an 'Application for this document not found' error on OS X.
+Q19: I'm getting an 'Error Type -43' error on OS X.
+Q20: How do I get the directories that are created by Netatalk to have the
+ correct permissions by default?
+Q21: What does this error mean:
+ 'afpd[#####]: setdirmode: chmod .AppleDouble Operation not permitted'
+Q22: I'm having problems with the Trash folder: either when someone drags
+ files into it, the system want's them todelete them immeidately, or files
+ get stuck in there and won't delete.
+Q23: The daemons aren't starting, things aren't showing up in the Chooser,
+ and I get a message like this in the logs: afpd[####]: Can't register
+ Tests:AFPServer@*
+Q24: I want to be able to allow users to change their passwords? How do
+ I enable this feature. Every time I try I get an error that it was
+ unable to save the password.
+Q25: Can a mount a Mac volume on my unix machine?
+Q26: Can I run Samba and Netatalk together to access the same files?
+Q27: Files I create on my Samba shares are invisible on the mac side.
+Q27a: How can I set netatalk to hide some files from the Samba (or
+ unix) sides?
+Q28: Files I create on my netatalk shares are invisible on the PC side.
+Q28a: How can I set Samba to hide the netatalk specific files (e.g.
+ .AppleDouble).
+Q29: I compiled Samba with the --with-netatalk flag. What did that do?
+Q30: What about the differences in naming schemes, and legal/illegal
+ characters between Windows, Macs (and unix?)
+Q31: Where can I get the cnid-db (Berkely DB) software? (needed for
+ --with-did=cnid)
+Q32: What about security in Netatalk?
-Execution -------------------------------------------------------------------
-Q: I get a "socket: Invalid argument" error when trying to start netatalk
- under Linux. What is causing this?
-A: The "appletalk" and "ipddp" kernel modules have to be installed under
- linux for netatalk to function. The appletalk module can be automatically
- loaded by adding the line "alias net-pf-5 appletalk" to the
- /etc/modules.conf file. Issuing the command "modprobe (module)" will
- load the module for the current session.
-Q: netatalk works over Appletalk, but my IP connections are refused, even
- though I have enabled them in the configuration files.
-A: If tcp_wrappers support is compiled into netatalk, access has to be
- granted in /etc/hosts.allow for netatalk to successfully accept IP
- connections. This can be done by the addition of the line:
- afpd: 127. xxx.xxx.xxx. (whatever other subnets)
+-----------------------------------------------------------------------------
+
+Q1: Where can I get more information on Netatalk?
+
+A: Netatalk's home page can be found at:
+
+ http://netatalk.sourceforge.net/
+
+ Netatalk is maintained at SourceForge. The Netatalk project page on
+ SourceForge is located at:
+
+ http://sourceforge.net/projects/netatalk/
+
+ There are (at least) three very active e-mail lists to which you can
+ subscribe. The first, netatalk-admins, is for usage and setup/compile
+ questions. Subscription information as well as an archive are available at:
+
+ http://lists.sourceforge.net/lists/listinfo/netatalk-admins
+
+ This can be very high volume, but usually a few messages a day.
+
+ Netatalk-devel list is more specific to coding and testing. The archive
+ and more information can found at:
+
+ http://lists.sourceforge.net/lists/listinfo/netatalk-devel
+
+ This list varies in volume, but is usually moderately active.
+
+ Netatalk-docs is specific to documentation. For more information see:
+
+ http://lists.sourceforge.net/mailman/listinfo/netatalk-docs
+
+ There are other netatalk information sites. Some of these are no
+ longer actively updated, some are site-specific, but still have
+ good information:
+
+ http://www.anders.com/projects/netatalk/
+ http://www.faredge.com.au/netatalk/index.html
+
+
+Q2: What is this I keep seeing about asun?
+
+A: Before Netatalk moved to SourceForge, Adrian Sun (asun) had written
+ some patches to Netatalk which helped significantly with its usability,
+ especially using AppleShare IP. These patches are still provided by many
+ Unix vendors. All of these patches are included in the current SourceForge
+ versions.
+
+
+Q3: How do I get the most recent version of Netatalk?
+
+A: Via CVS from SourceForge.net. This is the actively maintained version
+ of Netatalk, changes are being made constantly, and therefore it is not
+ suitable for production environments. The netatalk at SourceForge is in
+ Beta, so keep that in mind.
+
+ To create the CVS tree - from the directory you want to use as your CVS
+ root, run:
+
+ % cvs -d:pserver:anonymous@cvs.netatalk.sf.net:/cvsroot/netatalk login
+
+ hit <enter> at the Password: prompt
+
+ % cvs -z3
+ -d:pserver:anonymous@cvs.netatalk.sf.net:/cvsroot/netatalk co
+ netatalk
+
+ This will create a netatalk subdirectory, and check out all of the files.
+ If you run this same command subsequently, you will update any files which
+ have changed (on the CVS server) since your last checkout.
+
+ Once you've done that, read the INSTALL file in the netatalk/ directory,
+ plus the CONFIGURE file. If you're installing from CVS, you'll most likely
+ need have some supplementary software installed, such as gmake. Some
+ systems work fine with make. Additional information can be found in doc/.
+
+ The main things to know, though, are this: you must run
+
+ % ./autogen.sh
+
+ in the netatalk/ directory first, in order to create your configure file.
+
+ Then run
+
+ % ./configure --help | more
+
+ in order to get a feel for which compile flags are available. Some of these
+ flags are summarized below, some are summarized in the INSTALL file, and
+ some have individual README files.
+
+ To learn more about CVS, good places to start are:
+
+ http://www.cvshome.org
+ http://www.cvshome.org/docs/manual
+ http://www.cvshome.org/form/form.cgi (this is the FAQ)
+
+ There are GUI CVS systems for Windows and MacOS. Search on SourceForge for
+ WinCVS or MacCVS.
+
+
+Q4: Can I get an almost current version of Netatalk without having to learn CVS?
+
+A: Yes. Daily snapshots of the CVS tree should be posted for the benefit of
+ those that don't want to / can't use CVS. They are available at:
+
+ http://www.marcuscom.com/netatalk/nightly/
+
+ You should be able to treat these images as you would a release. Just
+ configure as you normally work, then run make (or gmake as the case may
+ be). There is no need to run autogen.sh on these images.
+
+
+Q4a: Is there an RPM, package, or tarball for my platform?
+
+A: Perhaps. These vary in how often they're updated:
+
+ FreeBSD
+ port: /usr/ports/net/netatalk - maintained by Joe Clark
+ SuSE Linux
+ included in the distribution
+ OpenBSD
+ port: /usr/ports/net/netatalk/ - not actively maintained
+ Debian GNU/Linux
+ included in all current distributions
+ RedHat Linux
+ included in the distribution
+
+
+Q5: I'm having massive file deletion problems!
+
+Q6: I am having lots of file locking problems!
+
+Q7: I'm getting this message in my logs:
+ WARNING: DID conflict for ... Are these the same file?
+
+A: Compile with the --with-did=last flag set. This activates a different
+ method of calculating inodes in the software, and will hopefully fix some
+ of these problems. This code, along with the CNID code, was still being
+ worked out in Pre7. The cnid/bdb flags also go along with this:
+
+ --with-bdb=PATH specify path to Berkeley DB installation
+ --with-did=[scheme] set DID scheme (cnid,last)
+
+ (For more information on CNID, see the README.cnid file.)
+
+ --with-did=last reverted things back to the old 1.4b2 directory ID
+ calculation algorithm. This also solved the problem of the syslog
+ messages and the users complaining of file deletions. It's also been
+ found that by disabling *BSD's SOFTUPDATES feature on Netatalk volumes (on
+ FreeBSD), multi-user interaction seemed to work better. This was back in
+ a late 4.2-BETA, so it's not clear if this still holds true in 4.4-RELEASE
+ or not.
+
+
+Q8: I can't seem to use passwords longer than 8 characters for my Netatalk
+ accounts. How can I fix that?
+
+Q9: I would like to use encrypted passwords to authenticate to the Netatalk
+ server. How do I do that?
+
+A: Update to a newer version of AppleShare Client (I think the most
+ recent is 3.8.8). This allows longer passwords, and will allow you to
+ use encrypted passwords. Set which way you would like to authenticate
+ in either afpd.conf or netatalk.conf, depending on your setup.
+
+ For more information on the AppleShare Client from Apple, and which clients
+ are needed for which MacOS, see
+
+ http://til.info.apple.com/techinfo.nsf/artnum/n60792?OpenDocument&software
+
+ (this site requires cookies, and a registration and sign-in).
+
+
+Q10: How can I set who has access to certain directories?
+
+A: You can certainly do this with your Unix permissions, but also explore the
+ allow/deny/rwlist/rolist options in the AppleVolumes.default file:
+
+ # allow/deny/rwlist/rolist format [syntax: allow:user1,@group]:
+ # user1,@group,user2 -> allows/denies access from listed users/groups
+ # rwlist/rolist control whether or not the
+ # volume is ro for those users.
+
+ Also, some unices, specially FreeBSD, have other options:
+ (By Joe Clark)
+
+ "What about file and directory permissions? Since I didn't use the FORCE
+ UID/GID code, I decided to use a feature of FreeBSD called SUIDDIR. From
+ the LINT kernel config file:
+
+ # If you are running a machine just as a fileserver for PC and MAC
+ # users, using SAMBA or Netatalk, you may consider setting this option
+ # and keeping all those users' directories on a filesystem that is
+ # mounted with the suiddir option. This gives new files the same
+ # ownership as the directory (similar to group). It's a security hole
+ # if you let these users run programs, so confine it to file-servers
+ # (but it'll save you lots of headaches in those cases). Root owned
+ # directories are exempt and X bits are cleared. The suid bit must be
+ # set on the directory as well; see chmod(1) PC owners can't see/set
+ # ownerships so they keep getting their toes trodden on. This saves
+ # you all the support calls as the filesystem it's used on will act as
+ # they expect: "It's my dir so it must be my file".
+
+ FORCE UID/GID code, I decided to use a feature of FreeBSD called
+ SUIDDIR. From the LINT kernel config file:
+
+ # If you are running a machine just as a fileserver for PC and MAC
+ # users, using SAMBA or Netatalk, you may consider setting this option
+ # and keeping all those users' directories on a filesystem that is
+ # mounted with the suiddir option. This gives new files the same
+ # ownership as the directory (similar to group). It's a security hole
+ # if you let these users run programs, so confine it to file-servers
+ # (but it'll save you lots of headaches in those cases). Root owned
+ # directories are exempt and X bits are cleared. The suid bit must be
+ # set on the directory as well; see chmod(1) PC owners can't see/set
+ # ownerships so they keep getting their toes trodden on. This saves
+ # you all the support calls as the filesystem it's used on will act as
+ # they expect: "It's my dir so it must be my file".
+
+ And the associated mount command:
+
+ mount -o suiddir /dev/da2s1e /macvol/artfiles
+
+ This was used on my dedicated Netatalk/Samba filesystems. On
+ filesystems that were also used for interactive shell access, I chmod'd
+ my Netatalk shares 2770. The reason for this is that I set up a UNIX
+ group for each department in the ad agency. I had an art group, a media
+ group, an accounting group, and then, or course, a general staff group.
+ Each share was only allowed access by the group that needed to access
+ the share. So, the Artfiles share allowed access only to the art group:
+
+ /macvol/artfiles "Art Files" allow:@art
+
+ And the others followed in kind. Therefore, the 2770 mask allowed only
+ owners and people in the associated group access to read and write
+ files. The leading 2 set the setgid bit so that all child files and
+ directories would retain the same group permissions. I found this to
+ work well.
+
+ This was used on my dedicated Netatalk/Samba filesystems. On
+ filesystems that were also used for interactive shell access, I chmod'd
+ my Netatalk shares 2770. The reason for this is that I set up a UNIX
+ group for each department in the ad agency. I had an art group, a media
+ group, an accounting group, and then, or course, a general staff group.
+ Each share was only allowed access by the group that needed to access
+ the share. So, the Artfiles share allowed access only to the art group:
+
+ /macvol/artfiles "Art Files" allow:@art
+
+ And the others followed in kind. Therefore, the 2770 mask allowed only
+ owners and people in the associated group access to read and write
+ files. The leading 2 set the setgid bit so that all child files and
+ directories would retain the same group permissions. I found this to
+ work well."
+
+
+Q11: What are the .AppleDouble and .Parent directories which are created in
+ the Netatalk locations?
+
+A: See the README.veto file in this directory.
+
+ The .AppleDouble folders hold the resource fork information for the Mac
+ files, plus other attributes which are not normally stored by Unix. For
+ this reason, when you want to move files around in your Mac volumes, it's
+ a good idea to do it from the Mac side (as opposed to from the Unix side,
+ or Samba), unless you make absolutely sure you get the .AppleDouble
+ directories. These directories are often hidden from the Samba side, via
+ the veto files configuration.
+
+ You can also set Netatalk to not create an .AppleDouble directory unless
+ it absolutely needs it, by setting the noadouble setting in
+ AppleVolumes.default.
+
+
+Q12: Hidden files - what's up with that?
+
+A: If you set the noadouble flag in AppleVolumes.default, you won't see
+ the .Apple* or .Parent directories on the Mac side. If you use the veto
+ files option in Samba, they may be hidden from the Windows side as well.
+ (More information in the Samba section, and in the README.veto file in
+ this directory.)
+
+
+Q13: I get a "socket: Invalid argument" error when trying to start Netatalk
+ under Linux. What is causing this?
+
+A: The "appletalk" and "ipddp" kernel modules have to be installed under
+ linux for Netatalk to function. The appletalk module can be automatically
+ loaded by adding the line "alias net-pf-5 appletalk" to the
+ /etc/modules.conf file. Issuing the command "modprobe (module)" will
+ load the module for the current session.
+
+
+Q14: Netatalk works over AppleTalk, but my IP connections are refused, even
+ though I have enabled them in the configuration files.
+
+A: If tcp_wrappers support is compiled into Netatalk, access has to be
+ granted in /etc/hosts.allow for Netatalk to successfully accept IP
+ connections. This can be done by the addition of the line:
+
+ afpd: 127. xxx.xxx.xxx. (whatever other subnets)
+
+
+Q15: I'm having Quark Express file locking problems, is there information on
+ that?
+
+A: Yes, see the question regarding DID conflicts and the --enable-did= flag.
+ Also, try using the --flock-locks flag. Enabling this code disabled the
+ new byte locking feature. With FLOCK locks, the whole file would be locked.
+ With byte locks, a byte range could be locked without locking the whole
+ file.
+
+
+Q16: I'm getting this error in Quark Express when trying to save a file to
+ the server: 'Error Type -50'
+
+A: Turn off the document preview feature off in Quark.
+
+
+Q17: Does netatalk work with MacOS X?
+
+A: Yes, but only the most recent versions, and it's still being finalized.
+ Versions prior to 1.5Pre7 did NOT work with OS X, although some really
+ early versions did (netatalk 1.4+asun?).
+
+
+Q18: I'm getting an 'Application for this document not found' error on MacOS X.
+
+Q19: I'm getting an 'Error Type -43' error on MacOS X.
+
+A: Configure with --with-did=last. More info on this flag is given in the
+ DID conflicts question.
+
+
+Q20: How do I get the directories that are created by Netatalk to have the
+ correct permissions by default?
+
+A: Investigate the setgid bit on your Unix platform. It's a good idea to
+ set this on your shared directories, and your .AppleDouble directories.
+ From the mail archives: "Usually directories designated for use with
+ AppleShare have the setgid (g+s) bit set. It forces inheritance of
+ permissions. Without it, the .AppleDouble subdirectory can't be created
+ since the new folder doesn't necessarily have the same write privileges."
+
+ Information about the setgid bit can be found in Evi Nemeth's
+ "Unix System Administration Handbook" (3rd. ed, chap 5.5, pg. 69):
+
+ "The bits with octal values 4000 and 2000 are the setuid and setgid bits.
+ These bits allow programs to access files and processes that would
+ otherwise be off-limits to the users that run them. [...] When set on a
+ directory, the setgid bit causes newly created files within the directory
+ to take on the group membership of the directory rather than the defualt
+ group of the user that created the file. This convention makes it easier
+ to share a directory of files among several users, as long as they all
+ belong to a common group. Check your system before relying on this
+ feature, since not all version of UNIX provide it. [...] This interpretation
+ of the setgid bit is unrelated to it's meaning when set on an executable
+ file, but there is never any ambiguity as to which meaning is
+ appropriate."
+
+ NOTE: The setuid is usually discussed along with the setgid bit. The
+ setuid bit is VERY dangerous. If you set it on an executable, and the
+ executable is owned by root, anyone who runs that executable is root for
+ the duration of that executable's run, so a clever person can leverage
+ that into a full-scale compromise. The setgid bit also has other security
+ implications, so be careful where you set it.
+
+ You set it by doing a chmod 2xxx, where xxx are the normal file permissions
+ (i.e. owner/group/other permissions).
+
+
+Q21: What does this error mean:
+ 'afpd[#####]: setdirmode: chmod .AppleDouble Operation not permitted'
+
+A: This can be due to a few things.
+
+ 1) The setgid bit might not be set on either your directory, or on the
+ .AppleDouble directory. It has to be set recursively on the .AppleDouble
+ folder.
+
+ 2) You may not be member of the group set on the directory you're trying
+ to write to.
+
+ 3) This was a persistant bug in 1.5pre6 for awhile, upgrading might help.
+
+
+Q22: I'm having problems with the Trash folder: either when someone drags
+ files into it, the system wants them to delete them immediately, or files
+ get stuck in there and won't delete.
+
+A: chmod the Network Trash folder to 2775 (/home/public/Network Trash
+ Folder for instance).
+
+ As of 10/16/01, MacOS X trash didn't work properly with afps volumes.
+ Apple is working on it.
+
+Q23: The daemons aren't starting, things aren't showing up in the Chooser,
+ and I get a message like this in the logs: afpd[####]: Can't register
+ Tests:AFPServer@*
+
+ This is sometimes a result of missing NIC information in the atalkd.conf
+ file. Put your network interface (something like le0, eth0, fxp0, lo0)
+ alone on a line in atalkd.conf, and reboot. When atalkd starts, it will
+ populate the file with a line such as:
+
+ le1 -seed -phase 2 -addr 66.6 -net 66-67 -zone "No Parking"
+
+ To find your network interface, run
+
+ % ifconfig -a | more
+
+ and see which interface has your IP address. Use that one.
+
+
+Q24: I want to be able to allow users to change their passwords. How do
+ I enable this feature? Every time I try I get an error that it was
+ unable to save the password.
+
+A: Use -[no]setpassword in afpd.conf. This enables or disables the ability of
+ clients to change their passwords.
+
+
+Q25: Can a mount a Mac volume on my Unix machine?
+
+A: Well, maybe. MacOS X obviously might be able to do this with NFS.
+ Also, there is a program called afpfs which was designed to do this,
+ but is not actively maintained and has been reportedly highly unstable.
+ It should be available from:
+
+ http://www.panix.com/~dfoster/afpfs/
+
+Q26: Can I run Samba and Netatalk together to access the same files?
+
+A: Sure. Lots of us do. But there are some concerns. Quite often it's
+ useful, for instance, to hide files of one OS from the other. See
+ the AppleVolumes.default file in Netatalk, and investigate the veto
+ files option in Samba. (See the README.veto file.)
+
+ Also, when copying and moving files created on the Mac, it's better
+ to do that from the Mac, rather than from the Unix server or from
+ Samba. This is because the .AppleDouble folders hold the resource fork
+ information for the Mac files, plus other attributes which are not
+ normally stored by Unix.
+
+ You can also set Netatalk to not create an .AppleDouble directory unless
+ it absolutely needs it, by setting the noadouble setting in
+ AppleVolumes.default.
+
+
+Q27: Files I create on my Samba shares are invisible on the Mac side.
+
+A: Have you checked the AppleVolumes(.default? .sytem? I don't remember
+ which one hides files!) file?
+
+ How long are the file names? Names longer than 31 BYTES (not characters)
+ are not visible on the Mac side. This is because some old MacOS's don't
+ accept long names, and some Finders crash when they encounter them.
+ Therefore Netatalk hides long filenames to prevent crashes. If you
+ prefer Netatalk to truncate the names, use the --with-mangling ./configure
+ option when compiling Netatalk.
+
+ The BYTES distiction is made because there exist doublebyte fonts too,
+ which limit names to 15 chars.
+
+
+Q27a: How can I set Netatalk to hide some files created on the Samba
+ (or Unix) sides?
+
+A: AppleVolumes(.system or .default?) allows you to hide certain files.
+ This might be a good thing to set on, say, .cshrc, ssh keys, and
+ the like.
+
+
+Q28: Files I create on my Netatalk shares are invisible on the PC side.
+
+Q28a: How can I set Samba to hide the Netatalk specific files (e.g.
+ .AppleDouble).
+
+A: Check your Samba veto files option in smb.conf. It's often useful
+ to hide files like .AppleDouble or the network trash folder here.
+
+ Does the mac file have a \ or / in it? Would this cause Samba to
+ not see the file?
+
+
+Q29: I compiled Samba with the --with-netatalk flag. What did that do?
+
+A: Nothing. Some code was written (by a Samba developer?), but as of
+ Fall 2001, Samba doesn't utilize it.
+
+
+Q30: What about the differences in naming schemes, and legal/illegal
+ characters between Windows, Macs, and Unix?
+
+A: Check out the documentation about the 'mswindows' flag in
+ AppleVolumes.default. For instance, having / or \ or : in a name is
+ especially bad, as they are path seperators on Unix, Windows, and MacOS,
+ respectively). Educating the end user is important for this problem.
+
+
+Q31: Where can I get the cnid-db (Berkely DB) software? (needed for
+ --with-did=cnid)
+
+A: First check to see if your Unix has a port or package. If not,
+ Berkeley DB is available at:
+
+ http://www.sleepycat.com/download.html
+
+Q32: What about security in Netatalk?
+
+A: Most of the security for Netatalk must be derived from the
+ security of the Unix server on which it runs. Directory permissions,
+ valid users, firewalls, IP filters, file integrity checkers, etc.
+ are all part of the equation. That said, it is possible to configure
+ Netatalk to minimize access, and close potential security holes.
+
+ These two flags are especially important:
+
+ --with-tcp-wrappers: enable TCP wrappers support.
+
+ Enables Wietse Venema's network logger, also known as tcpd or
+ LOG_TCP. These programs log the client host name of incoming
+ telnet, ftp, rsh, rlogin, finger etc. requests. Security
+ options are: access control per host, domain and/or service;
+ detection of host name spoofing or host address spoofing;
+ booby traps to implement an early-warning system. TCP
+ Wrappers can be gotten at:
+
+ ftp://ftp.porcupine.org/pub/security/
+
+ Note, if you use TCP Wrappers, it would be a good idea to set your
+ afpd.conf file to disable DDP, or accept connections only on TCP.
+ You can also configure afpd to only run on a certain port, which
+ you can then let through your IPFilter.
+
+ --with-ssl-dirs=[PATH]: specify path to OpenSSL installation.
+
+ NOTE: This is dependent on the same directory layout as the
+ source distribution of OpenSSL. That is: include/ and
+ lib/ to be on the same level. Many .rpm formats do not
+ have their files laid out in this format.
+ The OpenSSL Project is a collaborative effort to develop a
+ robust, commercial-grade, full-featured, and Open Source
+ toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+ and Transport Layer Security (TLS v1) protocols as well as a
+ full-strength general purpose cryptography library.
+ This is required to enable DHX login support, which
+ will encrypt all of the passwords being sent across the
+ connection. (Some old Mac clients don't support this, check
+ this FAQ for the section on AppleShare clients.)
+ Check to see if your Unix has OpenSSL already, or
+ get everything at:
+
+ http://www.openssl.org/
+
+ --with-libgcrypt-dir=[PATH]: specify path to Libgcrypt installation.
+
+ NOTE: This is dependent on the same directory layout as the
+ source distribution of Libgcrypt. That is: include/ and
+ lib/ to be on the same level.
+ This is required to enable DHX2 login support, which
+ will encrypt all of the passwords being sent across the
+ connection. (Some old Mac clients don't support this, check
+ this FAQ for the section on AppleShare clients.)
+ Check to see if your Unix has Libgcrypt already, or
+ get everything at:
+
+ http://directory.fsf.org/project/libgcrypt/
+
+ Be aware that on the volumes that are shared, some of the
+ special folders (.AppleDesktop, "Network Trash Folder") get
+ assigned. A lot of these get created as world-writable (because that's
+ what the Mac clients are expecting them to be) which is often quite
+ undesirable from the Unix system administrator's point of view.
+ Documenting this behavior could be a somewhat daunting task, but
+ highly desirable.
+
+ Shares can be set to be read/write only by certain people and groups.
+
+ The Netatalk code has not been through a major code audit. However,
+ it's Open Source, so if you want to do said audit, contact the
+ Netatalk maintainers (which can be done through the SourceForge site).
+
+ Has anyone tried to run Netatalk in a chroot jail? If so, please
+ share your experiences with the mailing lists.