'Netatalk' is an implementation of the AppleTalk Protocol
Suite for Unix systems -- it allows a Linux system to act as a file &
print server for a network of Macs. Netatalk provides support for routing
AppleTalk, serving Unix and AFS file systems over AFP (AppleShare), serving
Linux printers, and accessing AppleTalk printers over PAP. A number of other
printing and debugging utilities are also included.
This article discusses the basic setup of Netatalk on
a Linux machine to make a file and print server for pre-X Mac OS clients.
The current version of Netatalk (1.5) does not support file sharing with
Mac OS X clients, use NFS instead. Printer sharing
works, though.
Neither the PPC nor the x86 releases of Mandrake Linux
contain netatalk RPMs. PPC users should give the netatalk RPM from Stew Benedict's Mandrake
Linux PPC page a try, reports have been positive. x86 users can get a
Mandrake RPM from the netatalk
project download page at Sourceforge. Notice that these RPMs are not supported
by Mandrakesoft. Of course you can also get the sources from there and compile
it yourself.
The same page lists a configuration module for the 'Webmin' system administration
tool which comes with Mandrake Linux. According to reports it works quite
well and might be a good choice for configuring Netatalk. PPC users might
also use the old and unmaintained AppleTalk Configurator
(
RPMs) which still seems to do its job.
Install the RPM as 'root' with
urpmi [RPM]
I do not recommend using 'pure' RPM with the RPM package
from Sourceforge, since it triggers some odd dependencies. 'urpmi' will handle
them for you.
section index top
By default every user on a Mac client with a valid account
name / password pair on a Linux machine can log into his 'home' directory
on the Linux machine.
Additional 'Guest' shares (i.e. shares for users who don't have an account
on the Linux machine) can be created by just adding the shares which should
be available to the Mac clients to '/etc/atalk/AppleVolumes.default' (just
below the '~' which makes the home directories available):
/tmp tmp
The first entry specifies the directory to be shared
on the Linux machine and the second the name under which this share will
appear on the Mac clients.
Now start the service as 'root' with
service atalk start
It takes about twenty seconds for atalkd to start up.
If you start the atalk service at boot time this delay might be annoying.
Edit '/etc/atalk/netatalk.conf' as 'root' and change
ATALK_BGROUND=no
to
ATALK_BGROUND=yes
This puts the atalk startup process into the background.
If your Linux machine has more than one external network
interface, it is a good idea to tell atalk which network interface it should
cover. Add it to '/etc/atalk/atalkd.conf' (as 'root'), e.g.
eth0
for the first Ethernet interface.
Now let's test: On the Mac client open the 'Chooser'
from the Mac system menu and click on 'AppleShare'. The hostname of your
Linux machine should now appear in the 'file server' list. Double click on
it. You should now get a dialog field from which you can log in either as
a 'user' or as a 'guest'. To log in as a user, you have to provide your Linux
user name / password pair. Do not forget to edit the 'user name' field, since
your Mac OS user name is most likely to be different from that on the Linux
machine.
Alternatively, choose the 'tmp' share, choose 'Guest', confirm and the 'tmp'
share should now appear on your Mac desktop.
Pitfalls:
- Be very careful which directories you export. The
Apple Filing Protocol Daemon will create some files in each directory
you export. Use the 'noadouble' option to shares exported via 'AppleVolumes.default'.
- File names containing more than 32 characters on
the Netatalk shares will not show up on the Mac clients.
- Netatalk uses tcpwrappers for access control. If
you want access control and are using 'xinetd', you have to provide scripts
to go into '/etc/xinetd.d' by yourself. Read the article
on xinetd for an introduction.
- A comment in '/etc/rc.d/rc3.d/S91atalk' states:
Make sure not to start atalkd in the background:
its data structures must have time to stabilize before running other processes.
I have experienced no difficulties with starting 'atalkd' in the background
during boot, though, but your mileage may vary. (Thanks to John Haywood for
making me aware of this comment)
To share a printer which is connected to the Linux machine
with the Mac clients, you'll have to edit '/etc/atalk/papd.conf'. Assuming
the printer's name is 'Printer' and runs under the standard CUPS system,
you would have to add these lines as 'root':
Linuxprinter:\ :pr=|/usr/bin/lp -d Printer:\ :op=daemon:\ :pd=/etc/cups/ppd/Printer.ppd:
The first line defines the name of the printer on the
Mac clients. 'pr' specifies the printer name, 'op' the spooling operator
on the Linux machine and 'pd' the location of the PPD (PostScript Printer
Definition) file.
Restart the atalk service with:
service atalk restart
Now go back to the chooser and click on the 'LaserWriter
8' icon. In the right hand field should now appear the string 'Linuxprinter'.
Double-click on it and choose the correct PPD file (the same you use in Mac
OS). On your Mac desktop appears a new printer icon with the text 'Linuxprinter'.
You can now print to that printer from every Mac OS application.
Pitfalls:
- Mac OS makes the new network printer the default
printer. You can change this via the context menu of the respective printer
icons.
- The above method works for QuickDraw and PostScript
capable printers. I'm not sure if it works for printers which do not offer
these capabilities.
Mandrake Linux Tom Loscheider comments:
I have tons of experience with non postscript
and non Mac printers using cups & netatalk with Mac clients. I can say
from experience, that if you get the printer working correctly in Linux,
you will be able to print to it from a Mac. :-)- Yes, even WinPrinters.
Once you have setup proper printing and papd sharing on the Linux server,
you can then copy the appropriate ppd from the '/etc/cups/ppd' directory
to the Mac client (System > Extensions > Printer Descriptions) This
PPD should then be selected in the Chooser or Desktop Printer Utility setup.
It will give you ALL the features that Kups or Cups admin have available
in the print dialog of the Mac. I have tested it with Mac OS 8.0 through
OS-X 10.1.3. Works great.
section index top
(This section added on Oct. 31)
Netatalk offers you several possibilities to restrict
access to AppleTalk services.
-
Via share options in '/etc/atalk/AppleVolumes.default'
Several per share options can restrict access:
-
'allow [user, group]' and 'deny [user, group]'.
Note that 'allow'ing one group or user will deny access for all other user
or groups. Group names have to be prefixed with '@'.
-
'options:ro' exports the share read-only (read-write
is default).
-
'password' allows you to set an eight character
maximum password for accessing the share.
-
'rolist:[user, group]', 'rwlist:[user, group]'
Allows you to split read-only and read-write access by users or groups.
-
Via a '.AppleVolumes' file in the user's home directory
If such a file exists, only the directories listed in this file are shared
via AppleTalk. The format is the one used in 'AppleVolumes.default'.
-
Via '/etc/atalk/papd.conf'
By specifying the 'am=' option, you can restrict access to the printers connected
to the Linux machines:
am=uams_guest.so
requires the printer user to supply a valid user name on the Linux machine.
am=uams_pam.so
requires the printer user to supply a valid user name / password pair on
the Linux machine.
Per printer authentication is not possible.
Pitfalls:
- Mac clients do not accept passwords longer than eight
characters, even if it is a password to a valid account on the Linux machine.
section index top
|