Filesharing for OSX: AFP on Debian

by Mike

So I have my shiny new Macbook Pro 13″ for work, a 24″ Dell 2408 to make things a bit more usable and a new Aluminium Apple Keyboard. This setup is working really well as far as work goes, but one thing really troubling me is the poor samba mount performance under OSX, and this was a real problem for me, considering all of my development work is done on a local dev server, and I was accessing its filesystem via Samba previous. In steps AFP…

I chose AFP because support for it inside OSX seemed better than NFS in the fact that it seems far better integrated into Finder (well, NFS isn’t integrated at all). It also lets me use Time Machine, Apple’s own backup suite, which seems to work rather well.

To achieve AFP on a Linux server, working perfectly under OSX as well as having support for Time Machine, we will need the latest Netatalk (2.0.5 at time of writing), and Avahi.

Netatalk

Latest Version

If you are running unstable already, you can skip this part, but for those of us less brave, we need to grab netatalk 2.0.5 from unstable for Time Machine support.

FIrst up, we need to do some basic apt-pinning configuration, this will let us use packages from further up the development tree.

Open ‘/etc/apt/preferences’ (You’ll need to create it if this is the first time you’ve used it)
Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release a=unstable
Pin-Priority: 800

You’ll need to replace stable with the release you are using (ie. of you’re on testing a=testing).

This allows us to put a higher priority on stable packages, so apt doesn’t see all the new packages from unstable and try updating everything.

Next we need to add the unstable repository to ‘/etc/apt/sources.list’
deb ftp://ftp.us.debian.org/debian/ unstable main

Followed by
apt-get update

Installing Netatalk

Now we need to fetch Netatalk from the unstable tree.
apt-get install netatalk/unstable

Configuring Netatalk

First we need to open up ‘/etc/default/netatalk’, Scroll down until you find the configuration block looking like the one below and change the values to match what you see here:
# Set which daemons to run (papd is dependent upon atalkd):
ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

Configure Shares

Open up ‘/etc/netatalk/AppleVolumes.default’, and add shares following the examples below:
~ "$u" cnidscheme:cdb options:usedots,upriv
/mnt/files Files cnidscheme:cdb options:usedots,upriv
/home/mike/dev Dev cnidscheme:cdb options:usedots,upriv
/mnt/files/TimeMachine TimeMachine cnidscheme:cdb options:usedots,upriv,tm

Notice the ‘tm’ option for TimeMachine. Also, the first line creates a share named the same as the authenticated user to their home directory.

That’s everything for netatalk, we can restart it now:
/etc/init.d/netatalk restart

Avahi

We’ll use Avahi to advertise our AFP server, so it comes up in Finder with no configuration needed (other than a login!).

Let’s get the programs we’ll need:
apt-get install avahi-daemon libnss-mdns

Firstly we need to edit ‘/etc/nsswitch.conf’ and add ‘mdns’ to the end of the hosts line, so it looks something like this:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

Now we need to configure the Avahi advertising for our AFP server, we do this by creating a new service (replacing vi with your preferred editor):
vi /etc/avahi/services/afpd.service

And add the following:
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM “avahi-service.dtd”>
<service-group>
<name replace-wildcards=”yes”>%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

Save that and restart avahi:
/etc/init.d/avahi-daemon restart

Time machine

Before you can use your new network share for Time Machine, you need to enable support for unsupported network shares on the command line:
defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

iptables

You need to open 548 and 5353, I added the folowing to my iptables import file.
-A INPUT -p tcp -m tcp --dport 548 -j ACCEPT
-A INPUT -p udp -m udp –dport 548 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 5353 -j ACCEPT
-A INPUT -p udp -m udp –dport 5353 -j ACCEPT

Conclusion

That should be it, you should be able to see your share in Finder, on the first time you’ll have to click “Connect As..” - if you choose to remember the details in your keychain then it should connect automatically in future.

I found the performance of AFP to be far greater than Samba at least, and I now have a full filesharing and backup system, so winners all round.