MFH:

[netatalk.git] / doc / CONFIGURE

Configuring Netatalk
====================

These files should have been copied into the configuration directory
(default: /usr/local/etc)  by the `make install' in step 4 of
the INSTALL file.


Netatalk supplies two different types of AFP servers and both can run at
the same time. Classic AFP over AppleTalk requires afpd and atalkd. AFP
over IP only requires afpd.



1. /usr/local/etc/afpd.conf
===========================

Edit /usr/local/etc/afpd.conf as required. Some options:

Format:
- [options]             to specify options for the default server
and/or
 "Server name" [options]        to specify an additional server

The following options are available:

Transport Protocols:
     -[no]tcp   Make AFP-over-TCP [not] available
     -[no]ddp   Make AFP over AppleTalk [not] available. if you have
                -proxy specified, specify -uamlist "" to prevent ddp
                connections from working. 
     -transall      Make both available (default)

Transport Options:
     -ipaddr <w.x.y.z>  
                Specifies the IP address the server should
                respond to (default is the first IP address of the system).
                This option also allows one machine to advertise TCP/IP for
                another machine.
     -server_quantum <number> 
                Specifies the DSI server quantum. The minimum
                value is 1MB. The max value is 0xFFFFFFFF. If you specify a
                value that is out of range, you'll get the default value
                (currently the minimum). 
     -admingroup <groupname>
                         Specifies the group of administrators who should all
                         be seen as the superuser when they log in.  Default
                         is disabled.
     -ddpaddr x.y       Specifies the DDP address of the server. the default
                is to auto-assign an address (0.0). this is only
                useful if you're running on a multihomed host.
     -port <number>     Specifies the TCP port the server should
                respond to (default is 548)
     -fqdn <name:port>  Specify a fully-qualified domain name
                        (+optional port). this gets discarded if the
                        server can't resolve it. this is not honored
                        by appleshare clients <= 3.8.3 (default: none)
     -proxy             Run an AppleTalk proxy server for specified AFP/TCP
                server (if address/port aren't given, then first IP
                address of the system/548 will be used). if you don't
                want the proxy server to act as a ddp server as well,
                set -uamlist to an empty string.

Authentication Methods:
     -uampath <path>    Use this path to look for User Authentication
                Modules. (default: /etc/atalk/uams)
     -uamlist <a,b,c> Comma-separated list of UAMs. (default:
                uams_guest.so,uams_clrtxt.so,uams_dhx.so)

        Some Common UAMs
        uams_guest.so: Allow guest logins

        uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
                Allow logins with passwords transmitted in the clear.

        uams_randnum.so:        Allow Random Number and Two-Way Random Number
                        exchange for authentication.

        uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
                        Allow Diffie-Hellman eXchange (DHX) for authentication.

Password Options:
     -[no]savepassword  [Don't] Allow clients to save password locally
     -passwdfile <path> Use this path to store Randnum
                        passwords. (default: ~/.passwd. the only other
                        useful value is /etc/atalk/afppasswd.)
     -passwdminlen <#>  Minimum password length. may be ignored.
     -[no]setpassword           [Don't] Allow clients to change their passwords.
     -loginmaxfail <#>  Maximum number of failed logins. this may be
                        ignored if the uam can't handle it.

AppleVolumes files:
     -defaultvol <path> Specifies path to AppleVolumes.default file
                        (default /etc/atalk/AppleVolumes.default, same
                        as -f on command line)
     -systemvol <path>  Specifies path to AppleVolumes.system file
                        (default /etc/atalk/AppleVolumes.system, same
                        as -s on command line)
     -[no]uservolfirst  [Don't] read the user's ~/AppleVolumes or
                ~/.AppleVolumes before reading
                /etc/atalk/AppleVolumes.default (same as -u on
                        command line)
     -[no]uservol       [Don't] Read the user's volume file

     -nlspath <path>    Prepend this path to each code page filename in volume
                options (default: /etc/atalk/nls).

Miscellaneous:
     -guestname "user"  Specifies the user name for the guest login
                        (default "nobody", same as -g on command line)
     -loginmesg "Message"       Client will display "Message" upon logging in
                        (no default, same as -l "Message" on
                        command-line)
     -nodebug           Switch off debugging
     -client_polling    Disable server notifications.  This forces the
                        clients to poll every 10 seconds for directory updates.  Note, 
                        currently this is the only way to get asynchronous updates.
     -ticklevel <number>        Specify the tickle timeout interval (in seconds)
     -timeout <number>          Specify the number of tickles to miss before tearing
                        down a client connection
     -icon                      Use the platform-specific icon.

An example:
"Lance" -transall -uamlist uams_dhx.so -nosavepassword -setpassword
"Lance" is the server name, I enable both TCP and DDP, all logins via DHX
(requires AppleShare Client 3.8.6), the users cannot save the password
with keychains and it allows the users to set their passwords.

With no afpd.conf the default is:

- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so
-nosavepassword 

No server name, allow afp over tcp and afp over AppleTalk , allow
guest access, logins in clear text and DHX, don't allow the user to
save the password.

Try   man afpd  and  man afpd.conf  for further details.


2. /usr/local/etc/atalkd.conf
=============================

The AppleTalk protocol is configured in atalkd.conf. For detailed
information please reference 

http://www.neon.com/atalk_routing.html and
http://www-commeng.cso.uiuc.edu/docs/appletalk/

The whole point of setting up atalkd is to allow AppleTalk routing to
the localhost as a file and print server. The atalkd.conf file sets up
the AppleTalk routing by assigning AppleTalk zone (or zones)
information to the networks it is attached to.

Within AppleTalk there are three different types of routers: seed,
nonseed and soft seed.

Seed publishes the network and zone information to the network. In the
case of a conflict, this router takes precedence. Nonseed acts as a
forwarder in that all network and zone information for its network
segment is pulled from an upstream router. A soft seed router is
configured like a seed router, but will defer and use upstream seeded
zone information if there is a conflict.

Netatalk has the option to behave like a nonseed router or a soft seed
router. Netatalk will defer to an upstream seed if there is a
conflict. Any missing configurations will be filled from the network.

Appletalk phases are of two types. The unused, unsupported, obsolete
phase 1, or the new useful phase 2. 

Phase 1 was Apple's original protocol for Appletalk over LocalTalk. It
treated an entire network segment as one AppleTalk network capable of
holding 254 nodes. Don't use this unless you are directly connected to a
LocalTalk network (unlikely these days).

Phase 2 is the new version. It allows a configurable network range
between the numbers 1 and 65279, each network capable of hosting 253
nodes for a total of 16,515,587 AppleTalk interfaces. That's a lot
of iMacs. :-)

Within an AppleTalk network addressing is a Network:Node:Socket
triplet. The socket number is generally dropped because nothing uses the
information. 

Using ethernet and phase 2 the network number can be singular, '1' or
a range, '1-20'. Node assignment is the responsibility of the clients so
you don't have to worry about it. The range of 65280-65534 is called
the startup range and is used by the Mac when it is on a network
without any routers, you probably shouldn't publish a network within
this range. If you're publishing to a LocalTalk network segment
(Hello? Welcome to Y2K. :) your maximum network range is _one_
network.

Zones must be less then 32 characters long.

Format of lines in this file:
        interface [ -seed ] [ -router | -dontroute ] 
        [ -phase { 1 | 2 } ] [ -addr net.node ]
        [ -net first[-last] ] [ -zone ZoneName ] ...

        interface: the interface that is publishing the appletalk server.  eth0

        -seed - requires two interfaces. The router is acting as a
        bridge between the two networks. A soft seed router.

        -router - only requires one interface.
        
        -dontroute - don't publish routing information
        
        -addr this machines network.node address.

Examples: 

eth0
 - Appletalk network is off eth0, no routing information
published, get it all off the network.

eth0 -router -phase 2 -addr 100.10 -net 100-110 -zone "Upstairs"
- Appletalk network is off eth0, this server is not a bridge, it
publishes zone information for Networks 100-110. The servers appletalk
node address is node 10 of network 100. This zone is called Upstairs.

eth0 -phase 2
eth1 -seed -phase 2 -addr 100.10 -net 100-110 -zone "Upstairs"
- This allows routing between the appletalk networks on eth0 and eth1,
for eth1 this server acts as a soft seed router of a phase 2 network
segment of 100-110 where this machine is 100.10

Try   man atalkd  and  man atalkd.conf  for further details.


3. /usr/local/etc/netatalk.conf
===============================

Set the options as appropriate:

AFPD_MAX_CLIENTS - Maximum number of concurrent clients.

ATALK_ZONE - Name of the zone. Should match the zone in afpd.conf, or use @zone.

ATALK_NAME - Name of the netatalk server.

AFPD_UAMLIST - List of uams available to the clients. Should match
list in afpd.conf "-U uam1, uam2" 

AFPD_GUEST - If guest access is enabled, the id of the afpd process
for the guest client.

ATALKD_RUN, PAPD_RUN, AFPD_RUN - Run these daemons, 'yes/no'.


4. /usr/local/etc/papd.conf     for the Printer Access Protocol (PAP) daemon.
===========================

See the config/papd.conf file for some examples.
A configuration file that works under Solaris 8 is:
MacLaserJet:\
        :pr=|/usr/bin/lp -d fred:\
        :op=nobody:\
        :pd=/usr/local/etc/HPLJ46_1.PPD:

where
  MacLaserJet is some name you have chosen by which Macintoshes will
     refer to the printer. This is the name that appears in the Chooser.
  pr gives the printer name on the Unix system ('fred' in this example).
     On some operating systems you can just specify something like :pr=fred:
     while on others (including Solaris) it is necessary to pipe the print
     command into lp or lpr as shown above.
  op gives the operator name for LPD spooling
  pd gives the pathname to the PostScript Printer Description (PPD) file.
     PPD files are available from Adobe Inc,  via anonymous ftp
     (ftp://ftp.adobe.com//pub/adobe/printerdrivers/mac/all/ppdfiles
               or        //pub/adobe/printerdrivers/win/all/ppdfiles)
     or http://download.sourceforge.net/lpr/hp-ppd-0.2.tar.gz
     or from the printer's manufacturer.

Try   man papd  and  man papd.conf  for further options.