words: netatalk
written for linux format magazine, united kingdom
[ home ]
[ anders ]
[ resume ]
[ choppers ]
[ projects ]
  [ netatalk ]
  [ route66 ]
  [ javascript ]
  [ webgallery ]
  [ mockMarket ]
  [ merits ]
  [ dailyBulletin ]
  [ panacea ]
[ words ]
[ pictures ]
[ movies ]
[ contact ]

Linux Format Article: Setting up Netatalk
By: Anders Brownworth

You've spent all this energy getting a Linux machine running, but you still have a network full of Macs. Wouldn't it be nice to get them to play together nicely? You are in luck. Netatalk is a program that makes your Linux machine look like a Macintosh fileserver on a network. In this article, we're going to show you how to set it all up!

Netatalk supports two types of AppleTalk. Classic AppleTalk, and AppleShareIP. (AppleTalk over TCP/IP) The original Netatalk by the University of Michigan's Research Systems Unix Group supports Classic AppleTalk. Since then, Adrian Sun has been developing Netatalk to include AppleShareIP and numerous other bug fixes and enhancements. We are going to install Adrian Sun's version of Netatalk, netatalk-1.4b2+asun2.1.3.tar.gz.

Download Netatalk:
There are several different ways you can download Netatalk. You can download the source code, a precompiled version, or the precompiled version as a RedHat rpm. Download one of the precompiled versions. If you wish to compile Netatalk from the source, take a look at the Netatalk-HOWTO located at

Origional source:
Precompiled version:
Debian .deb version:
RedHat .rpm version:

If you are running RedHat and you grabbed the rpm, install it like this:

rpm -iv netatalk-1.4b2+asun2.1.3-6.src.rpm

If you grabbed one of the precompiled versions, decompress and install them like this:

> tar -xzvf netatalk-1.4b2+asun2.1.3.tar.gz
> cd netatalk-1.4b2+asun2.1.3
> make install

For Classic AppleTalk networking, Netatalk requires AppleTalk support in the kernel. Luckily most major distributions include AppleTalk support. (such as RedHat) If you don't have it, you will have to recompile your kernel. (to check, try this: dmesg | grep -i apple)

The installed version of Netatalk lives in: /usr/local/atalk/. Server binaries and config files are in /usr/local/atalk/etc/ and userland binaries are in /usr/local/atalk/bin/.

RedHat and Debian may store the package in non-standard locations. You may have to do something like this:

find /* -name atalkd -print

to discover the binary.

AppleShareIP and Classic AppleTalk Shares:
afpd, the program that makes AppleTalk shares available in both Classic AppleTalk and AppleShareIP, gets it's options from the configuration file called afpd.conf.

The simplest afpd.conf file just includes a - which stands for "this machine" with all the default options. A slightly more complicated example would be a file containing one word, Balboa, as the name of the server.

A few examples: Let's assume we have a server called "balboa" with the following afpd.conf file:

Balboa2 -port 12000
"Bad Boy" -port 12001
"Out There" -port 12000 -address

The first line ( - ) gives you a server called balboa. The second line creates a server called Balboa2 on port 12000 and the third creates yet another server called Bad Boy on port 12001. The last line creates a server called Out There bound to port 12000 on virtual IP address

"Guest Volume" -nocleartxt -loginmesg "Pay homage to my guest server!"

This line will create a dedicated guest server. -nocleartxt disables password login, hence the guest nature of the server. A login message will be shown after the guest user connects.

"The Vault" -noguest -port 12000

With this setting we will get a volume on port 12000 called The Vault which will not allow guest access.

"Inner Sanctum" -notcp -defaultvol  -systemvol 

Here we define a server called Inner Sanctum which does not use TCP/IP (DDP only) and uses an alternate AppleVolumes.default and AppleVolumes.system file. Don't forget to replace with the correct path and file name.

AppleVolumes Files:
To establish a Classic AppleTalk share, we have to edit /usr/local/atalk/etc/AppleVolumes.system and add the share like this:

/data/www "Webserver"

This creates a volume called Webserver which exposes the contents of /data/www.

The other thing that this file controls is type-creator mappings. Unlike Linux files, all Macintosh files consist of two pieces, a resource fork and a data fork. The resource fork stores things like icons, file types and a mapping to the application that was used to create the file. Because Linux files are essentially one long list of characters instead of a resource fork and a data fork, Netatalk writes the resource forks in files inside a directory called .AppleDouble. Therefore a pair of Linux files represents one Macintosh file. (somefile.txt and .AppleDouble/somefile.txt) Consider the following type-creator mapping that would be in afpd.conf:

.txt    TEXT    MSWD

This tells afpd to tell Macintoshes that the file type is of type TEXT and the creator is MSWD (Microsoft Word) when it runs into non Macintosh files ending in .txt. The server will do this for all files that do not have a .AppleDouble counterpart.

atalkd is the "Classic AppleTalk" kernel interface. It will serve as the link between the kernel AppleTalk module and the rest of the classic AppleTalk functions of Netatalk. It will even take care of AppleTalk routing between multiple network cards.

This program is controlled by the atalkd.conf file. The simplest version of this file is an empty file which causes atalkd to overwrite it with some reasonable options. You should specify all of your network cards in this file. If you specify more than one, atalkd will route AppleTalk packets between the cards.

Consider the following examples:

eth0 -net 153-174 -addr 154.212 -zone "The Far Side"

Each line of this file specifies a network interface (eth0). The rest of the parameters are optional. In the example, the eth0 interface is on a network of AppleTalk addresses between 153 and 174. The card will be configured to use the AppleTalk address 154.212 and exist in the zone "The Far Side".

eth0 -net 153-174 -addr 154.212 -zone "The Far Side"
eth1 -net 175-200 -addr 182.318 -zone "Bloom County" -seed

The second line causes eth1 to exist on a network between 175 and 200 with the address 182.318 and seed the zone "Bloom County". Therefore, atalkd will act as a router on this network and act as a bridge between the two networks. Note that the network numbers may not overlap, nor can there be another router on the eth1 network. If another router is discovered that disagrees with what atalkd is trying to set, atalkd will exit.

Starting up the server
Now comes the fun part. Try to test a startup of the Netatalk server by running the rc.atalk script in the /etc/init.d directory. Depending on your install, you may have to do a find to figure out where the startup script is installed.

find /* -name "*atalk*" -print

Type "./rc.atalk start" and give it a few seconds. This will start up a Classic Apletalk fileserver and Appletalk IP if you have any TCP options set in the afpd.conf file. Atalkd will take the longest to start as it checks out the network before registering itself.

Alternatively you could just run an Appletalk over TCP/IP server by having a TCP server configured in the afpd.conf file and launching afpd by hand:

/usr/local/atalk/etc/afpd -F /usr/local/atalk/etc/afpd.conf

If everything seems to have started up without complaining, go to a Mac and open the Chooser. (under the Apple menu on the left hand side) Click on AppleShare and see if your Netatalk server shows up. (for AppleShareIP you have to click the AppleShareIP button and type your machine IP or name in.

With some luck you will be presented with a password prompt. You can only log into the server with a non root account that has a valid shell and a password of 8 or less characters. Guest access is also permitted unless denied in afpd.conf. If you are able to login, you will get a list of volumes which you can select and mount.

Use one of the startup scripts included with netatalk to launch your server when your system boots. There are a variety of ways that a machine will boot up. Some have an rc.local file where you can specify the path to an rc.atalk script while others use a symbolic link with a naming scheme to determine the order in which startup scripts will run. Take a look at /etc/rc.d/ or /etc/init.d/ for startup scripts.

If you want to serve more than 5 connections, you must supply a max connections variable to afpd. The -c flag will set this.

afpd -c 25

Other things you can do:
Two-Way Encrypted password authentication is supported by Netatalk, but to do this, the server needs to know what the clear-text password. Because the system passwords are encrypted, the server doesn't know the clear-text version, so you have to supply it. By creating a .passwd file for each user in their home directory with their clear-text password in it, Two-Way Encrypted password authentication can be established. However, it is obviously quite insecure to leave the clear-text passwords in a predictable location, so Netatalk requires that each user's .passwd file be owned by that user and his default group, and read-write access to that user and nobody else. Simply put, do this to the file:

chown /home/user/.passwd
chmod 600 /home/user/.passwd

where "user" is the username and "group" is that user's default group.

Netatalk doesn't only act as a fileserver. It can also do print spooling or even print to existing AppleTalk spools. AppleTalk print spooling is accomplished with a program called papd. The concept being that you have a local (parallel or serial) printer that has Mac drivers and is already set up under Linux. papd will advertise itself on the network as a print spool and accept jobs from Macintoshes, (print jobs are Post Script files) and then papd feeds this information to the Linux printing system. (lpd) Examples of setting papd up are available on the web at:

The reverse of this (printing to a Macintosh printer from Linux) is done through pap. To see how to use pap:

man pap

Just like there are utilities to ping computers over TCP/IP, there is "aecho" for appletalk. It works just the same as you would guess. "getzones" will return a list of the Macintosh zones on the network, and "nbplkup" with no options will return a comprehensive list of all the AppleTalk services available on the local network.

There are many other handy little programs to discover with Netatalk, so don't be afraid to get your hands dirty.

With some luck, you have followed us through the installation and configuration of Netatalk. A Linux machine running Netatalk and Samba (Windows equivalent of Netatalk) gives a Windows NT machine a run for the money. Tack a webserver like Apache on there and you can have a fully functional industrial strength web development platform built with free software! Enjoy!

Other Resources:
The Netatalk-HOWTO:
The Netatalk Faq-O-Matic:
The origional Netatalk pages:
The Netatalk Admins list: