1 Netatalk Frequently Asked Questions
2 ($Id: FAQ,v 1.5 2001-10-17 07:08:28 lancel Exp $)
4 -----------------------------------------------------------------------------
6 Q1: Where can I get more information on Netatalk?
7 Q2: What is this I keep seeing about asun?
8 Q3: How do I get the most recent version of Netatalk?
9 Q4: Can I get an almost current version of Netatalk without having to learn CVS?
10 Q5: I'm having massive file deletion problems!
11 Q6: I am having lots of file locking problems!
12 Q7: I'm getting this message in my logs:
13 WARNING: DID conflict for ... Are these the same file?
14 Q8: I can't seem to use passwords longer than 8 characters for my netatalk
15 accounts. How can I fix that?
16 Q9: I would like to use encrypted passwords to authenticate to the Netatalk
17 server. How do I do that?
18 Q10: How can I set who has access to certain directories?
19 Q11: What are the .AppleDouble and .Parent directories which are created in
20 the netatalk locations?
21 Q12: Hidden files - what's up with that?
22 Q13: I get a "socket: Invalid argument" error when trying to start netatalk
23 under Linux. What is causing this?
24 Q14: netatalk works over Appletalk, but my IP connections are refused, even
25 though I have enabled them in the configuration files.
26 Q15: I'm having Quark Express file locking problems, is there information on that?
27 Q16: I'm getting this error in Quark Express when trying to save a file to
28 the server: 'Error Type -50'
29 Q17: Does netatalk work with Mac OSX?
30 Q18: I'm getting an 'Application for this document not found' error on OS X.
31 Q19: I'm getting an 'Error Type -43' error on OS X.
32 Q20: How do I get the directories that are created by Netatalk to have the
33 correct permissions by default?
34 Q21: What does this error mean:
35 'afpd[#####]: setdirmode: chmod .AppleDouble Operation not permitted'
36 Q22: I'm having problems with the Trash folder: either when someone drags
37 files into it, the system want's them todelete them immeidately, or files
38 get stuck in there and won't delete.
39 Q23: The daemons aren't starting, things aren't showing up in the Chooser,
40 and I get a message like this in the logs: afpd[####]: Can't register
42 Q24: I want to be able to allow users to change their passwords? How do
43 I enable this feature. Every time I try I get an error that it was
44 unable to save the password.
47 -----------------------------------------------------------------------------
50 Q1: Where can I get more information on Netatalk?
52 A: The current location of the actively developed netatalk project can be
53 found on SourceForge, at: http:/www.sourceforge.net/projects/netatalk.
55 There are (at least) two very active e-mail lists to which you can
56 subscribe, the first, netatalk-admins, is for usage and basic
57 setup/compile questions. It is NOT maintained at sourceforge, but rather
58 at the University of Michigan, which was involved with a good deal of the
61 Subscribe by sending an e-mail to netatalk-admins-request@umich.edu with a
62 subject of "subscribe" and a blank body. This can be very high volume, but
63 usually a few messages a day.
65 The archive is available at:
66 ftp://terminator.rs.itd.umich.edu/unix/netatalk/ and is called
67 netatalk-admins.mail. This is a ~6M mbox file. Previous archives are
68 available there as well.
70 Netatalk-devel list is more specific to coding and testing. It can be
71 browsed at: http://www.geocrawler.com/redir-sf.php3?list=netatalk-devel,
73 http://lists.sourceforge.net/lists/listinfo/netatalk-devel This varies in
74 volume, but is usually moderately active.
76 netatalk-docs is specific to documentation. It can be browsed at:
77 http://www.geocrawler.com/redir-sf.php3?list=netatalk-docs
79 http://lists.sourceforge.net/lists/listinfo/netatalk-docs
80 As far as I can tell, this list is completely dead.
82 There are older netatlk information sites at:
83 http://www.umich.edu/~rsug/netatalk/index.html
84 http://www.anders.com/projects/netatalk/ and many unices have their own
85 sites and distributions (tarballs, rpm's, packages, etc.)
87 Q2: What is this I keep seeing about asun?
89 A: Before netatalk moved to SourceForge, Adrian Sun (asun) had written
90 some patches to netatalk which helped significantly with it's usability,
91 especially using appleshareIP. These patches are still provided by many
92 unix vendors. I believe all of these patches are included in the current
96 Q3: How do I get the most recent version of Netatalk?
98 A: Via CVS from Sourceforge.net. This is the actively maintained version
99 of netatalk, changes are being made constantly, and therefore it is not
100 suitable for production environments. The netatalk at Sourceforge is in
101 Beta, so keep that in mind.
103 To create the CVS tree - from the directory you want to use as your CVS
106 % cvs -d:pserver:anonymous@cvs.netatalk.sourceforge.net:/cvsroot/netatalk login
108 hit <enter> at the Password: prompt
111 -d:pserver:anonymous@cvs.netatalk.sourceforge.net:/cvsroot/netatalk co
114 this will create a netatalk subdirectory, and check out all of the files.
115 If you run this same command subsequently, you will update any files which
116 have changed (on the CVS server) since your last checkout.
118 Once you've done that, read the INSTALL file in the netatalk/ directory,
120 plus the CONFIGURE file. You'll need to have some supplementary software
121 installed, such as gmake. Additional information can be found in docs/.
123 The main things to know, though, are this: you must run
125 % ./autogen.sh in the netatalk/ directory first, in order to create your
128 Then run % ./configure --help | more in order to get a
129 feel for which compile flags are available. Some of these flags are
132 To learn more about CVS, a good place to start is: http://www.cvshome.org,
133 or http://www.cvshome.org/docs/manual, or
134 http://www.cvshome.org/form/form.cgi (this is the FAQ).
137 Q4: Can I get an almost current version of Netatalk without having to learn CVS?
139 A: Yes. Weekly (or thereabouts) snapshots of the CVS tree should be
140 posted for the benefit of those that don't want to / can't use CVS. As of
141 10/3/01, these were being put up at:
143 ftp://ftp.marcuscom.com/pub/netatalk/nightly
145 From the mail archives:
146 I have started an archive of nightly CVS snap shots that build a tar.gz of
147 netatalk ready to configure and build. The images can be downloaded from:
149 ftp://ftp.marcuscom.com/pub/netatalk/nightly
150 This site only allows active FTP, so the snaps are also available at:
151 http://www.marcuscom.com/netatalk/nightly
153 You should be able to treat these images as you would a release. Just
154 configure as you normally work, then run make (or gmake as the case may
155 be). There is no need to run autogen.sh on these images. Please let me
156 know if you have any problems with these images. Thanks. -Joe
159 Q5: I'm having massive file deletion problems!
160 Q6: I am having lots of file locking problems!
161 Q7: I'm getting this message in my logs:
162 WARNING: DID conflict for ... Are these the same file?
164 A: Compile with the --with-did=last flag set. This activates a different
165 method of calculating inodes in the software, and will hopefully fix some
166 of these problems. This code, along with the CNID code, was still being
167 worked out in Pre7. The cnid/db3 flags also go along with this:
168 --enable-cnid-db use persistent cnid database per volume (EXPERIMENTAL)
169 --with-db3=PATH specify path to Berkeley DB3 installation
170 --with-did=[scheme] set DID scheme (last,mtab)
172 (For more information on CNID, see the README.cnid file, into which I just
173 copied wholesale Joe's comments on what he did with cnid and lastdid.)
175 --with-did=last reverted things back to the old 1.4b2 directory ID
176 calculation algorithm. This also solved the problem of the syslog
177 messages and the users complaining of file deletions. It's also been
178 found that by disabling *BSD's SOFTUPDATES feature on Netatalk volumes (on
179 FreeBSD), multi-user interaction seemed to work better. This was back in
180 a late 4.2-BETA, so it's not clear if this still holds true in 4.4-RELEASE
184 Q8: I can't seem to use passwords longer than 8 characters for my netatalk
185 accounts. How can I fix that?
187 Q9: I would like to use encrypted passwords to authenticate to the Netatalk
188 server. How do I do that?
190 A: Update to a newer version of AppleShare Client (I think the most
191 recent is 3.8.8). This allows longer passwords, and will allow you to
192 use encrypted passwords. Set which way you would like to authenticate
193 in either afpd.conf or netatalk.conf, depending on your set up.
196 Q10: How can I set who has access to certain directories?
198 A: You can certainly do this with your unix permissions, but also explore the
199 allow/deny/rwlist/rolist options in the AppleVolumes.default file:
201 # allow/deny/rwlist/rolist format [syntax: allow:user1,@group]:
202 # user1,@group,user2 -> allows/denies access from listed users/groups
203 # rwlist/rolist control whether or not the
204 # volume is ro for those users.
206 Also, some unices, specically FreeBSD, have other options:
209 "What about file and directory permissions? Since I didn't use the FORCE
210 UID/GID code, I decided to use a feature of FreeBSD called SUIDDIR. From
211 the LINT kernel config file:
213 # If you are running a machine just as a fileserver for PC and MAC
214 # users, using SAMBA or Netatalk, you may consider setting this option
215 # and keeping all those users' directories on a filesystem that is
216 # mounted with the suiddir option. This gives new files the same
217 # ownership as the directory (similar to group). It's a security hole
218 # if you let these users run programs, so confine it to file-servers
219 # (but it'll save you lots of headaches in those cases). Root owned
220 # directories are exempt and X bits are cleared. The suid bit must be
221 # set on the directory as well; see chmod(1) PC owners can't see/set
222 # ownerships so they keep getting their toes trodden on. This saves
223 # you all the support calls as the filesystem it's used on will act as
224 # they expect: "It's my dir so it must be my file".
226 FORCE UID/GID code, I decided to use a feature of FreeBSD called
227 SUIDDIR. From the LINT kernel config file:
229 # If you are running a machine just as a fileserver for PC and MAC
230 # users, using SAMBA or Netatalk, you may consider setting this option
231 # and keeping all those users' directories on a filesystem that is
232 # mounted with the suiddir option. This gives new files the same
233 # ownership as the directory (similar to group). It's a security hole
234 # if you let these users run programs, so confine it to file-servers
235 # (but it'll save you lots of headaches in those cases). Root owned
236 # directories are exempt and X bits are cleared. The suid bit must be
237 # set on the directory as well; see chmod(1) PC owners can't see/set
238 # ownerships so they keep getting their toes trodden on. This saves
239 # you all the support calls as the filesystem it's used on will act as
240 # they expect: "It's my dir so it must be my file".
242 And the associated mount command:
244 mount -o suiddir /dev/da2s1e /macvol/artfiles
246 This was used on my dedicated Netatalk/Samba filesystems. On
247 filesystems that were also used for interactive shell access, I chmod'd
248 my Netatalk shares 2770. The reason for this is that I set up a UNIX
249 group for each department in the ad agency. I had an art group, a media
250 group, an accounting group, and then, or course, a general staff group.
251 Each share was only allowed access by the group that needed to access
252 the share. So, the Artfiles share allowed access only to the art group:
254 /macvol/artfiles "Art Files" allow:@art
256 And the others followed in kind. Therefore, the 2770 mask allowed only
257 owners and people in the associated group access to read and write
258 files. The leading 2 set the setgid bit so that all child files and
259 directories would retain the same group permissions. I found this to
262 This was used on my dedicated Netatalk/Samba filesystems. On
263 filesystems that were also used for interactive shell access, I chmod'd
264 my Netatalk shares 2770. The reason for this is that I set up a UNIX
265 group for each department in the ad agency. I had an art group, a media
266 group, an accounting group, and then, or course, a general staff group.
267 Each share was only allowed access by the group that needed to access
268 the share. So, the Artfiles share allowed access only to the art group:
270 /macvol/artfiles "Art Files" allow:@art
272 And the others followed in kind. Therefore, the 2770 mask allowed only
273 owners and people in the associated group access to read and write
274 files. The leading 2 set the setgid bit so that all child files and
275 directories would retain the same group permissions. I found this to
279 Q11: What are the .AppleDouble and .Parent directories which are created in
280 the netatalk locations?
282 A: (also mention samba veto files, and the appledouble/MSwindows options
283 in AppleVolumes.default
285 The .AppleDouble folders hold the resource fork information for the mac
286 files, plus other attributes which are not normally stored by Unix. For
287 this reason, when you want to move files around in your mac volumes, it's
288 a good idea to do it from the Mac side (as opposed to from the unix side,
289 or Samba), unless you make absolutely sure you get the .AppleDouble
290 directories. These directories are often hidden from the Samba side, via
291 the veto files configuration.
293 You can also set netatalk to not create an .AppleDouble directory unless
294 it absolutely needs it, by setting the noadouble setting in
295 AppleVolumes.default.
298 Q12: Hidden files - what's up with that?
300 A: If you set the noadouble flag in AppleVolumes.default, you won't see
301 the .Apple* or .Parent directories on the Mac side. If you use the veto
302 files option in Samba, they may be hidden from the windows side as well.
305 Q13: I get a "socket: Invalid argument" error when trying to start netatalk
306 under Linux. What is causing this?
308 A: The "appletalk" and "ipddp" kernel modules have to be installed under
309 linux for netatalk to function. The appletalk module can be automatically
310 loaded by adding the line "alias net-pf-5 appletalk" to the
311 /etc/modules.conf file. Issuing the command "modprobe (module)" will
312 load the module for the current session.
315 Q14: netatalk works over Appletalk, but my IP connections are refused, even
316 though I have enabled them in the configuration files.
318 A: If tcp_wrappers support is compiled into netatalk, access has to be
319 granted in /etc/hosts.allow for netatalk to successfully accept IP
320 connections. This can be done by the addition of the line:
321 afpd: 127. xxx.xxx.xxx. (whatever other subnets)
324 Q15: I'm having Quark Express file locking problems, is there information on that?
326 A: Yes, see below about the --enable-did= flag. Also, try using the
327 --flock-locks flag. Enabling this code disabled the new byte locking
328 feature. With FLOCK locks, the whole file would be locked. With byte
329 locks, a byte range could be locked without locking the whole file.
332 Q16: I'm getting this error in Quark Express when trying to save a file to
333 the server: 'Error Type -50'
335 A: Turn off the document preview feature off in Quark.
338 Q17: Does netatalk work with Mac OSX?
340 A: Yes, but only the most recent versions, and it's still being finalized.
341 Versions prior to 1.5Pre7 did NOT work with OS X, although some really
342 early versions did (netatalk 1.4+asun?).
345 Q18: I'm getting an 'Application for this document not found' error on OS X.
347 Q19: I'm getting an 'Error Type -43' error on OS X.
349 A: Configure with --with-did=last. More info on this flag is below.
352 Q20: How do I get the directories that are created by Netatalk to have the
353 correct permissions by default?
355 A: Investigate the SetGid bit on your unix platform. It's a good idea to
356 set this on your shared directories, and your .AppleDouble directories.
357 From the mail archives: "Usually directories designated for use with
358 AppleShare have the setgid (g+s) bit set. It forces inheritance of
359 permissions. Without it, the .AppleDouble subdirectory can't be created
360 since the new folder doesn't necessarily have the same write privileges."
362 Also: Evi Nemeth's "Unix System Administration Handbook" which is chock
363 full of useful advice (and one or two pieces of not-so good advice, but
364 even those are debatable). Here's what it says about setguid (3rd. ed,
367 "The bits with octal values 4000 and 2000 are the setuid and setgid bits.
368 These bits allow programs to acess files and processes that would
369 otherwise be off-limits to the users that run them. ... When set on a
370 directory, the setgid bit causes newly created files within the directory
371 to take on the group membership of the directory rather than the defualt
372 group of the user that created the file. This convention makes it easier
373 to share a directory of files among several users, as long as they all
374 belong to a common group. Check your system before relying on this
375 feature, since not all version of UNIX provide it. ... This interpretation
376 of the setgid bit is unrelated to it's meaning when set on an executable
377 file, but there is never any ambiguity as to which meaning is
378 appropriate." (any typos are mine)
380 NOTE: The SETUID is usually discussed along with the SetGID bit. The
381 SetUID bit is VERY dangerous. If you set it on an executable, and the
382 executable is owned by root, anyone who runs that executable is root for
383 the duration of that executable's run, so a clever person can leverage
384 that into a full-scale compromise. The SETGID bit also has implications
385 that way, so be careful where you set it.
387 You set it by doing a chmod 2777 or 2775, or whatever. It's that first 2 bit.
390 Q21: What does this error mean:
391 'afpd[#####]: setdirmode: chmod .AppleDouble Operation not permitted'
393 A: This can be due to a few things.
395 1) The SetGid bit might not be set on either your directory, or on the
396 .AppleDouble directory. I think the bit has to be set recursively on the
399 2) You may not be member of the group set on the directory you're trying
402 3) This was a persistant bug in 1.5pre6 for awhile, upgrading might help.
405 Q22: I'm having problems with the Trash folder: either when someone drags
406 files into it, the system want's them todelete them immeidately, or files
407 get stuck in there and won't delete.
409 A: chmod the Network Trash folder to 2775 (/home/public/Network Trash
410 Folder for instance).
413 Q23: The daemons aren't starting, things aren't showing up in the Chooser,
414 and I get a message like this in the logs: afpd[####]: Can't register
417 This is sometimes a result of missing NIC information in the atalkd.conf
418 file. Put your network interface (something like le0, eth0, fxp0, lo0)
419 alone on a line in atalkd.conf, and reboot. When atalkd starts, it will
420 populate the file with a line like: le1 -seed -phase 2 -addr 66.6 -net
421 66-67 -zone "No Parking"
423 To find your network interface, run
426 and see which interface has your IP address. Use that one.
428 Q24: I want to be able to allow users to change their passwords? How do
429 I enable this feature. Every time I try I get an error that it was
430 unable to save the password.
432 A: Use -[no]setpassword in afpd.conf. This enables? disables the
433 ability of clients to change their passwords