Skip to content

Installing Netatalk on Debian Linux

Daniel Markstedt edited this page Dec 28, 2024 · 8 revisions

Install the latest Netatalk

Netatalk is distributed as a deb package in all Debian releases except Debian 12 Bookworm. You can install it with apt and other package managers.

Ex. (with root privileges)

apt install netatalk

If you are running Bookworm, you can build your own debs from the downstream Salsa repo. See the Debian deb packaging chapter for instructions on how to get started.

For building and installing from source yourself, find links to the official documentation below.

Installation

This guide was written for Netatalk 2.4.x for the legacy Autotools build system. In most cases, you want to follow the instructions in the links at the top of this page to install a later version instead.

Install dependent packages with the package manager of your choice. Some of these are mandatory to build and run netatalk; others are optional and provide additional functionality.

sudo apt install \
    autoconf \
    automake \
    docbook-xsl \
    libacl1-dev \
    libavahi-client-dev \
    libcrack2-dev \
    libcups2-dev \
    libdb-dev \
    libgcrypt-dev \
    libkrb5-dev \
    libldap2-dev \
    libltdl-dev \
    libpam0g-dev \
    libssl-dev \
    libtirpc-dev \
    libtool \
    libtool-bin \
    libwrap0-dev \
    quota \
    tcpd \
    xsltproc

Mandatory packages

  • libdb-dev (BerkeleyDB) is used for the default CNID backend, which stores a database of the shared volumes.
  • libgcrypt20-dev is used for the DHX2 UAM, which is required to authenticate with macOS (Mac OS X) clients.

Depending on your Debian version, if you don't already have a C compiler and make installed, you may also need build-essential.

Optional packages (generally useful)

  • libssl-dev is used for the DHX and RandNum UAMs, which provide encrypted authentication with Classic Mac OS clients. NOTE OpenSSL 1.1 is the only supported version. OpenSSL 3.0 removed support for DHX cryptography.
  • libcups2-dev is required for CUPS printing support (papd).
  • libavahi-client-dev is required for zeroconf support, which macOS (Mac OS X) uses for service discovery.
  • libpam0g-dev may be required to build with PAM authentication support.

Optional packages (specialized use cases)

  • autoconf automake libtool libtool-bin libltdl-dev are used to bootstrap the source code for building with GNU Autotools. If you are using code from a release tarball, you don't need them.
  • libacl1-dev libldap2-dev are for ACL/LDAP identity and access management.
  • libkrb5-dev will enable the Kerberos UAM for single sign-on support.
  • libtirpc-dev quota are for file system quota support.
  • libwrap0-dev tcpd are for TCP wrapper support.
  • libcrack2-dev enables password checking for the RandNum UAM.
  • docbook-xsl xsltproc are needed to build the html manual.

Description of all dependencies can be found in the Installation chapter of the Netatalk manual

Build the code

Get the latest release tarball of Netatalk 2, or clone the netatalk git repository and check out the latest bleeding-edge Netatalk 2 branch.

If you chose the latter option, you need to first bootstrap the build system with autoconf to generate the configure script.

git clone https://github.com/Netatalk/netatalk.git -b branch-netatalk-2-4 netatalk2
./bootstrap

Run the configure script with the following parameters, then compile and install the software:

./configure --enable-systemd --sysconfdir=/etc --with-uams-path=/usr/lib/netatalk
make all
sudo make install

If this process finishes without errors, you should now have the Netatalk software installed on your system. The next step is to tweak the configuration.

First off, decide on the directory(ies) that you want to share, as well as the user that you want sharing them. You will need the Linux username and password of the user to access the shared directories, and due to limitations of classic Mac OS the password cannot be longer than 8 characters.

The following example uses the a user called "pi", a single shared directory, and a single routerless AppleTalk network without Zones.

mkdir ~/afpshare $ chmod 2775 ~/afpshare

Edit the following configuration files:

sudo pico /etc/netatalk/AppleVolumes.default

At the bottom of the file, add this line:

/home/pi/afpshare "File Server"

Tip: You can append adouble:v1 volcharset:ASCII if you are having issues with very old versions of Mac OS.

Next file to edit:

sudo pico /etc/netatalk/afpd.conf

Add this to the bottom of the file:

- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx2.so -nosavepassword

You may customize the -uamlist option to disable and enable various authentication methods. For instance, remove uams_guest.so if you want to disallow guest access.

Note that the -nosavepassword is for additional security, and you may opt omit this if you're on a private network.

If your Mac OS system is using a codepage different from MAC_ROMAN, e.g. MAC_CYRILLIC, you can specify this in -maccodepage. See the afpd.conf documentation for more info. Similarly, if your host system uses a different codepage than UTF-8, you can specify that with -unixcodepage.

For troubleshooting, append something like this:

-setuplog "default log_maxdebug /var/log/afpd.log"

See the man page for 'afpd.conf' for a breakdown of all of the options available.

(Optional - Netatalk will autodetect the network in most cases) Finally, edit this file:

sudo pico /etc/netatalk/atalkd.conf

Specify the interface you want Netatalk to use by adding this to the bottom of the file using eth0 as an example:

eth0

If you are running into issues connecting to your File Server, you can try to change this line to:

eth0 -phase 2 -net 0-65534 -addr 65280.163

AppleTalk Support in Kernel

In order to use AppleShare / AFP over AppleTalk (DDP) the Linux system must have an AppleTalk networking stack. Luckily, Debian's Linux kernel comes with a module called "appletalk", which provides this functionality. Without an AppleTalk networking stack, you will only be able to use Netatalk with TCP.

To check if your kernel has AppleTalk support, issue this command and inspect the output:

lsmod | grep appletalk

If the module isn't detected, try launching atalkd first and try again. If atalkd errors out complaining about "Address family not supported by protocol", you may have to try another version of Linux, or compile the Linux kernel yourself. There are guides elsewhere on this topic that you can follow.

Using Netatalk

At this point, you should be able to run the Netatalk daemons on your system.

sudo systemctl enable atalkd.service afpd.service cnid.service
sudo systemctl start atalkd.service afpd.service cnid.service

Optional services:

sudo systemctl enable papd.service timelord.service a2boot.service
sudo systemctl start papd.service timelord.service a2boot.service
Clone this wiki locally