So for the last week or so ive been working solidly on setting up my file server, to the point where it will be a beast of all beasts, and will have multiple different ways of accessing the public and protected data on it, from a variety of systems.

Since I have a mac as my main laptop and so does my other half and some friends, i thought id put some attention into Apple File sharing. The netatalk package provides this under debian, however after some reading and research it seems that the default package does NOT contain the ssl libraries needed to use encrypted passwords for authentication. So after spending some time reading.. I worked out how to do it, the DEBIAN way to get the packages.

First off you want to get the source packages and required dependencies, and the ssl libraries. You will want to be in a directory where you can store the source, as it just by default downloads/extracts to your current working directory.

cd /usr/src
apt-get install openssl cracklib2 libpam-cracklib cracklib2-dev
apt-get source netatalk
apt-get build-dep netatalk

I did get some errors downloading the netatalk source relating to it being unable to verify but im ignoring them due to other issues that I have at the moment.

Next step is to edit the debian build rules file.

cd netatalk-2.0.3
vi debian/rules

it will look something simular to this:

DEB_UPDATE_RCD_PARAMS := defaults 50
DEB_CONFIGURE_EXTRA_FLAGS := \
--with-shadow --enable-fhs \
--with-tcp-wrappers --with-mangling \
--enable-timelord --enable-overwrite \
--with-pkgconfdir=/etc/netatalk \
--with-nls-dir=/usr/share/netatalk/nls \
--disable-logger --enable-srvloc \
--enable-pgp-uam --enable-krb4-uam --enable-krbV-uam
DEB_BUILD_OPTIONS=ssl debuild
##FIXME: Other changes are needed, like enabling DHX plugin
..rest of file..

You need to add the line that says “DEB_BUILD_OPTIONS=ssl debuild”. This will make the system build and compile the package to include encrypted passwords.
Save that file and then exit. Then build the package.

dpkg-buildpackage

A lot of info will fly up the screen, but make sure when it finishes you go back and check over it, and look for a section simular to this


Configure summary:
Install style:
none
AFP:
AFP 3.x calls activated: yes
Large file support (>2GB) for AFP3: yes
DDP enabled: yes
CNID:
backends: cdb dbd last
UAMS:
DHX (PAM SHADOW)
RANDNUM (PAM SHADOW)
Kerberos V
Kerberos IV
PGP
passwd (PAM SHADOW)
guest
Options:
CUPS support: yes
SLP support: yes
tcp wrapper support: yes
quota support: yes
admin group support: yes
valid shell check: yes
cracklib support: yes
dropbox kludge: no
force volume uid/gid: no
Apple 2 boot support: no

You will notice that it says DHX is compiled in. This is the module required for using encrypted passwords.
After that its a simple matter of installing the package.


cd ..
dpkg -i netatalk_2.0.3-4_i386.deb

And off it will go and install it.

You will need to modify the afpd.conf file located in /etc/netatalk to use the new module compiled in.

Simply add this line
-uamlist uams_dhx.so,uams_guest.so,uams_clrtxt.so,uams_passwd.so,uams_gss.so

to the file, arround this area


# Authentication Methods:
# -uampath Use this path to look for User Authentication Modules.
# (default: /usr/lib/netatalk)
# -uamlist Comma-separated list of UAMs. (default:
# uams_guest.so,uams_clrtxt.so,uams_dhx.so)
#
# some commonly available UAMs:
# uams_guest.so: Allow guest logins
#
# uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
# Allow logins with passwords
# transmitted in the clear.
#
# uams_randnum.so: Allow Random Number and Two-Way
# Random Number exchange for
# authentication.
#
# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
# Allow Diffie-Hellman eXchange
# (DHX) for authentication.
-uamlist uams_dhx.so,uams_guest.so,uams_clrtxt.so,uams_passwd.so,uams_gss.so

You may want to disable a few things that it starts by default though. I didnt want printing support, or the appletalk protocol running so i turned them off by simply editing /etc/defaults/netatalk and changing

ATALKD_RUN=yes
PAPD_RUN=yes
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

to

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

That there is your standard setup.
Other files to pay attention to:
/etc/netatalk/AppleVolumes.default : Contains the volumes to share and permissions etc.

Any questions let me know,
Thans