It use to be somewhat difficult to have Filesystems on an Ubuntu system show up on the Mac Finder the same way that other Mac Filesystems would show up. There has been the Open Source Unix implementation of the Apple File System (afp) but for a long time the Ubuntu packages were not properly configured to work transparently with modern (Snow Leopard) Mac OS X.
One blog post, HowTo: Make Ubuntu A Perfect Mac File Server And Time Machine Volume did a great job going through all the steps needed to build Netatalk from source and configure it to work very transparently with Ubuntu releases of the past. But with the Ubuntu 10.4 Lucid release, the Netatalk that is in the Ubuntu repository is built and configure to support transparent Apple File Protocol based file sharing.
But there are a few configuration issues, mainly with the Unix implementation of Bonjour resource discovery protocol, that still needs to be done to make it so you can see your Ubuntu Filesystems on your Mac’s Finder like other Macintosh instances. Also we’ll see how to make it so that the Ubuntu instance will show up as an ssh server as well.
Installing Packages
You will need to install the following packages onto your Ubuntu 10.4 instance. This assumes that you already did a clean install of Ubuntu 10.4 and used the update manager to bring it up to date. If you have already installed some of these, it should not be a problem.
Install ssh server
I can’t believe that ubuntu doesn’t install an ssh server by default. But in any case its pretty easy. This is not needed to use netatalk but I wanted to make ssh and netatalk to work and be available via bonjour.
sudo apt-get install openssh-server
Then you’ll need to set up your authorized keys on the ubuntu server. In your home directory do the following:
mkdir -p .ssh
# Copy your public key[s] to .ssh/authorized_keys (not shown here)
# Set the permissions to only allow your user to access the .ssh directory and files in there
chmod -R og-rwx .ssh
Install Netatalk
sudo apt-get install netatalk
Configure Netatalk
You don’t need to change any of the configuration files for netatalk. The defaults will enable the sharing of your home directory. If you want to share any additional filesystems from your Ubuntu instance to your Macs, you can add them to the /etc/netatalk/AppleVolumes.default. That file has explanations of al the options.
You may want to change the default last item in /etc/netatalk/AppleVolumes.default from:
~/ "Home Directory"
to something like:
~/ "$h_$u Home Directory" options:upriv,usedots
This will change the name that shows up in listing to be “hostname_username Home Directory” and will use Unix Privilages. Most importantly the usedots says to not do Hex translation of dot files. If you don’t do this, you’ll see things like
:2e_somefilename
instead of .somefilename
where filenames start with “dot”.
Configure AVAHI
AVAHI is probably already installed if you did a standard installation.
Copy the avahi ssh service configuration into /etc/avahi/services
sudo cp /usr/share/doc/avahi-daemon/examples/ssh.service /etc/avahi/services/
Create an avahi afpd service configuration by creating a file /etc/avahi/services/afpd.service with the following content:
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>
You should now be able to see the Ubuntu host in your Finder under the SHARED section on the left side of the Finder. You should also see your Ubuntu host in the “New Remote Connection” window of the Mac Terminal app (CMD-SHIFT-K) if you select the “Secure Shell (ssh)” Service.
If you don’t see the Ubuntu hostname in the FInder or in the Terminal New Remote Connection service, restart the avahi-daemon service:
sudo restart avahi-daemon
TimeMachine Support
The new Ubuntu Netatalk package is supposed to also support TimeMachine storage. You can enable this in /etc/netatalk/AppleVolumes.default and add tm as an option to the filesystems that is published in this file. I have not tried this and many sources consider this a risky way to store Time Machine backups.
Troubleshooting
You should make sure that there is at least one afpd process running on the Ubuntu instance. You can see the log info in /var/log/daemon.log.
That’s it!
I am not very skilled at linux terminal work…i keep trying, but usually get frustrated and drift away after a while. I have tried many of the guides to get an AFP share up and running on ubuntu, but no matter what I try security of some sort always shuts me down. (I know it is not wise in security, but I wish you could turn all permissioning off and add layers back on later after things are running)
I’ve followed both your steps and an older guide that seemed to work as well (though i don’t use or care about time machine support)…I get the server listed in Finder and when I try to connect to it I am always told my password is invalid and I cannot connect. I know you probably need more info about my system to properly diagnose the issue, but I wouldn’t know where to look without instructions. Any info you could provide to prevent me from turning this PC into a crappy SMB/Windows box in the closet would be helpful Been researching and experimenting all day and am getting frustrated again …thank you 🙂
@Nik: I’m not sure what causes that. I think its happened to me too, but a while ago.
Do you have another Mac computer you can use to see if you can at least do AFP from your one Mac to another as a reality check on your network and other assumptions?
But back to the Mac to Linux connection:
I can’t remember where the target Linux Machine gets its authentication credentials from. I think its from the Linux User. So did you try using the user name and password of your target Linux Machine and not the Mac you are on?
worked like a charm.. Thx! 🙂
I have my ubuntu computer connected to my router via Ethernet cable. Would my ubuntu machine need to be wirelessly connected to the network in order for me to take advantage of it’s server capabilities on my MacBook, which is connected to the same network, only via wifi?
@Emma: It should work via Wireless or wired Ethernet. Of course the performance should be much better with wired Ethernet.
@Nik: The user details the Mac connects with are the Linux users usrname/password. To keep things simple you could just add a new user to the Linux box with your Mac username and password…
sudo adduser your_mac_username
…and just answer the questions as they come up
@Robert: Thanks very much for posting this tutorial, most others on the net refer to earlier versions of Ubuntu and things have moved on a bit since then
Worked for me. Have you tried to share your CUPS printer, too? The ipp.service file is not contained in the AVAHI package anymore.
Just a note–if you do a bare install of US10.04, pretty much every package needs to be installed manual (a friend who sent me this noted that, which I found amusing, since yes, you are choosing that route, but anyway). I did openssh by default but had to manually install avahi-daemon.
Either way, worked like a charm, thanks for the guide!
Dear Robert
I’m very excited to see that someone has made an updated tutorial about this, it’s exactly what I was looking for.
I’m a newbie to linux, and was hoping you could explain the step with the public ssh keys, or link to an explanation of it, thanks 🙂
Robert,
I tried every guide out there and no avail, I have Ubuntu 10.04 server and I have a mac mini. My mac mini connects to the router wirelessly and the server is wired. I followed last this setup http://sidikahawa.blogspot.com/2010/03/setting-up-time-machine-server-on-my.html and its not working. I can’t connect to the server from my Mac. Any ideas?
This is my daemon log:
Sep 11 22:43:05 server afpd[2277]: shutting down on signal 15
Sep 11 22:43:07 server afpd[2299]: Registering CNID module [last]
Sep 11 22:43:07 server afpd[2299]: Registering CNID module [cdb]
Sep 11 22:43:07 server afpd[2299]: Registering CNID module [dbd]
Sep 11 22:43:07 server afpd[2299]: Loading ConfigFile
Sep 11 22:43:07 server afpd[2299]: Finished parsing Config File
Sep 11 22:43:07 server afpd[2299]: main: atp_open: Cannot assign requested address
Sep 11 22:43:07 server afpd[2299]: ASIP started on 10.0.0.5:548(4) (2.0.5)
Sep 11 22:43:07 server afpd[2299]: uam: loading (/usr/lib/netatalk/uams_dhx2.so)
Sep 11 22:43:07 server afpd[2299]: uam: uams_dhx2.so loaded
Sep 11 22:43:07 server afpd[2299]: uam: loading (/usr/lib/netatalk/uams_clrtxt.so)
Sep 11 22:43:07 server afpd[2299]: uam: uams_clrtxt.so loaded
Sep 11 22:43:07 server afpd[2299]: uam: “Cleartxt Passwrd” available
Sep 11 22:43:07 server afpd[2299]: uam: “DHX2” available
Sep 11 22:47:12 server afpd[2299]: shutting down on signal 15
Sep 11 22:48:22 server avahi-daemon[956]: Found user ‘avahi’ (UID 107) and group ‘avahi’ (GID 120).
Sep 11 22:48:22 server avahi-daemon[956]: Successfully dropped root privileges.
Sep 11 22:48:22 server avahi-daemon[956]: avahi-daemon 0.6.25 starting up.
Sep 11 22:48:22 server avahi-daemon[956]: Successfully called chroot().
Sep 11 22:48:22 server avahi-daemon[956]: Successfully dropped remaining capabilities.
Sep 11 22:48:22 server avahi-daemon[956]: Loading service file /services/afpd.service.
Sep 11 22:48:23 server dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 5
Sep 11 22:48:23 server dhclient: DHCPOFFER of 192.168.1.14 from 192.168.1.1
Sep 11 22:48:23 server dhclient: DHCPREQUEST of 192.168.1.14 on eth0 to 255.255.255.255 port 67
Sep 11 22:48:23 server avahi-daemon[956]: Network interface enumeration completed.
Sep 11 22:48:23 server avahi-daemon[956]: Registering new address record for fe80::205:5dff:fe30:3759 on eth0.*.
Sep 11 22:48:23 server avahi-daemon[956]: Server startup complete. Host name is server.local. Local service cookie is 3882084108.
Sep 11 22:48:23 server avahi-daemon[956]: Service “server” (/services/afpd.service) successfully established.
Sep 11 22:48:23 server avahi-daemon[956]: Registering HINFO record with values ‘I686’/’LINUX’.
Sep 11 22:48:23 server dhclient: DHCPACK of 192.168.1.14 from 192.168.1.1
Sep 11 22:48:23 server avahi-daemon[956]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.1.14.
Sep 11 22:48:23 server avahi-daemon[956]: New relevant interface eth0.IPv4 for mDNS.
Sep 11 22:48:23 server avahi-daemon[956]: Registering new address record for 192.168.1.14 on eth0.IPv4.
Sep 11 22:48:23 server dhclient: bound to 192.168.1.14 — renewal in 32596 seconds.
Sep 11 22:48:25 server init: apport pre-start process (1041) terminated with status 1
Sep 11 22:48:25 server init: ssh main process (976) terminated with status 255
Sep 11 22:48:25 server init: apport post-stop process (1140) terminated with status 1
Sep 11 22:48:24 server ntpdate[1097]: step time server 91.189.94.4 offset -1.043771 sec
Sep 11 22:48:25 server avahi-daemon[956]: Joining mDNS multicast group on interface virbr0.IPv4 with address 192.168.122.1.
Sep 11 22:48:25 server avahi-daemon[956]: New relevant interface virbr0.IPv4 for mDNS.
Sep 11 22:48:25 server avahi-daemon[956]: Registering new address record for 192.168.122.1 on virbr0.IPv4.
Sep 11 22:48:25 server dnsmasq[1305]: started, version 2.52 cachesize 150
Sep 11 22:48:25 server dnsmasq[1305]: compile time options: IPv6 GNU-getopt DBus I18N DHCP TFTP
Sep 11 22:48:25 server dnsmasq-dhcp[1305]: DHCP, IP range 192.168.122.2 — 192.168.122.254, lease time 1h
Sep 11 22:48:25 server dnsmasq[1305]: reading /etc/resolv.conf
Sep 11 22:48:25 server dnsmasq[1305]: using nameserver 192.168.1.1#53
Sep 11 22:48:25 server dnsmasq[1305]: read /etc/hosts – 9 addresses
Sep 11 22:48:26 server avahi-daemon[956]: Registering new address record for fe80::ecc5:d5ff:fe9b:a2b0 on virbr0.*.
Sep 11 22:49:23 server afpd[1868]: Registering CNID module [last]
Sep 11 22:49:23 server afpd[1868]: Registering CNID module [cdb]
Sep 11 22:49:23 server afpd[1868]: Registering CNID module [dbd]
Sep 11 22:49:23 server afpd[1868]: Loading ConfigFile
Sep 11 22:49:23 server afpd[1868]: Finished parsing Config File
Sep 11 22:49:23 server afpd[1868]: main: atp_open: Cannot assign requested address
Sep 11 22:49:23 server afpd[1868]: ASIP started on 10.0.0.5:548(4) (2.0.5)
Sep 11 22:49:23 server afpd[1868]: uam: loading (/usr/lib/netatalk/uams_dhx2.so)
Sep 11 22:49:23 server afpd[1868]: uam: uams_dhx2.so loaded
Sep 11 22:49:23 server afpd[1868]: uam: loading (/usr/lib/netatalk/uams_clrtxt.so)
Sep 11 22:49:23 server afpd[1868]: uam: uams_clrtxt.so loaded
Sep 11 22:49:23 server afpd[1868]: uam: “Cleartxt Passwrd” available
Sep 11 22:49:23 server afpd[1868]: uam: “DHX2” available
lucian@server:~$
Thanks for an excellent guide! I followed this directly, instead of wading through all the posts on Kremalicious. (http://www.kremalicious.com/2008/06/ubuntu-as-mac-file-server-and-time-machine-volume/#volumes)
I can connect into a user folder on the main Ubuntu drive when I configure etc/netatalk/AppleVolumes.default with:
~/ “$u” allow:briannishii cnidscheme:cdb
So Netatalk is working, Avahi is working. Now, I have installed a new hard drive in the Ubuntu box, formatted it as an Ext4 volume named “TestVolume”. (In Disk Unitility, Device: “/dev/sdb1”, Label: “TestVolume”, Mount Point: “/media/TestVolume) If I want the same user to access the entire hard drive filled with different folders of music, videos, etc, I should configure AppleVolumes.default with:
/media/TestVolume “TestVolume” allow:briannishii cnidscheme:cdb options:upriv,usedots
And I get “connection failed” at the finder winder from the mac.
The mac console log reads:
“/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder[94] SharePointBrowser::handleEnumerateCallBack returned -6600”
The Ubuntu dameon log returns:
Jan 24 12:32:00 wwubuntuserver-desktop afpd[1672]: ASIP session:548(5) from 10.0.1.3:53810(7)
Jan 24 12:32:00 wwubuntuserver-desktop afpd[1672]: DHX2 login: briannishii
Jan 24 12:32:04 wwubuntuserver-desktop afpd[1672]: DHX2: logincont2 alive!
Jan 24 12:32:04 wwubuntuserver-desktop afpd[1672]: PAM DHX2: PAM Success
Jan 24 12:32:04 wwubuntuserver-desktop afpd[1672]: DHX2: PAM Auth OK!
Jan 24 12:32:04 wwubuntuserver-desktop afpd[1672]: login briannishii (uid 1001, gid 100) AFP3.1
So it feels like the /etc/netatalk/AppleVolumes.default file is not quite right but I’m not sure why…
Up until now, I have had our household connect to hard drives connected via USB to an Airport Extreme Base station, but now that I have this old PC from a friend, I want to take advantage of all the drive bays and build RAID 5 volumes for redundancy safety on multiple volumes for data/music/video storage. As I’m not so concerned with TimeMachine because I will continue to use the AEB for that, I do want to get this AFP working into the Ubuntu box.
Any guidance would be so much appreciated.
Thanks so much!
Well not exactly sure why but on my test setup if I use the cnidscheme to dbd it works for me and cdb did not work, though I didn’t get the same error as you…
Wonderful!!!!!!!!!!
I was just about to buy some expensive NAS but this recipe saved me a lot of money!
Thanks!
Robert, thanks very much for this concise and most importantly CORRECT tutorial. If only there were more like you, we’d have all learned whatever it is we’re after, and be on with it. Which brings me back to you with a question that I haven’t been able to get answered at the netatalk usegroup:
How do I enable viewing and editing of the / root directory on the netatalk-enabled Ubuntu10.x box via Finder from my Mac running OS X 10.6.x.
I have a LAMP server on the same box, and I’d like to be able to get at the various admin directories and files (/etc /sys /var…) via Finder. Obligatory Disclaimer: I realize this is a risky thing to do, and should never be done on a production server, or even oa LAN box, that others might access, but this box is mine alone, firewalled off from any WAN access, and is used by me to tinker, learn, and generally frustrate myself in my spare time. That being said:
After the usual hours of Googling, hair-pulling, and hoping for response from the netatalkers, I managed to get root to at least show-up in Finder by adding the following to your suggested AppleVolumes.default:
# By default all users have access to their home directory
~/ “$h_$u Home Directory” options:upriv,usedots,tm
/ root allow:username@root options:upriv,usedots dperm:0700 fperm:0700
I can mount the root directory, and even open it to view the sub-directories of the root filesystem, but I cannot then open the sub-diretories and get at the files. themselves. I can select the sub-directories and apparently “open” them, but they display as empty folders. Obviously it’s a permissions issue which is why I added “username” as a member of the “root” group and appended the perms bits at the end. Truth is those flourishes availed me nothing because I got the same result from what I started with which was:
/ root allow:username options:upriv,usedots
I tried to get tricky at one point by throwing password:somepassword in there but netatalk didn’t take kindly to that, and wouldn’t allow me to connect at all.
Of course I can access the root directory via ssh, and therefore via sftp, but that kinda defeats the whole purpose of adding netatalk and avahi to my training wheels box in the first place. So…
Can you help a brother out? Sorry if this was long-winded, and thanks again for sharing your solutions.
Hmm, That use to work, but I just checked on a recent Ubuntu and I’m getting the exact same behavior as you described (ie the directories in root show up but nothing underneath). I’m using:
/ "Root" options:upriv,usedots
/var "var" options:upriv,usedots
I’ll take a look and see what I can find out…
Wow it looks like this is a fundamental bug in Netatalk current release. The only place I found any help though was this post:
http://permalink.gmane.org/gmane.linux.debian.devel.bugs.general/726770
I wrote the author of the bug report Alan Snelgrove and he said:
By the way, it looks like if you mount any subdirectory of / it works ok for that directory and lower. It seems that the problem is only on / (Root)
Your article worked perfectly well for me, thank you.
There is a “missing line” in your description: (# Copy your public key[s] to .ssh/authorized_keys (not shown here).
Being a fairly ignorant Unix-user it took me some time to figure this out 🙂
I would like to add what worked for me, hope this helps.
Configuring (passwordless) authentication when using ssh from a Mac to Ubuntu
On your Mac:
1. Start a terminal session and go to your home directory.
2. run ssh-keygen -t rsa
Just press Enter on all questions. This will generate a private-public keypair as two files named id_rsa and id_rsa.pub in a .ssh sub-directory.
3. Next you need to copy your public key from the Mac to Ubuntu. The most convenient way to get this done is a script named ssh-copy-id. It is not included in OSX.
I found several other descriptions how to get your public key to the host-computer that should have worked – but for some reason unknown to me never did.
Probably running as a wrong user. Anyway: ssh-copy-id does something right …
sudo curl “http://phildawson.co.uk/ssh-copy-id” -o /usr/bin/ssh-copy-id
sudo chmod +x /usr/bin/ssh-copy-id
4. Run ssh-copy-id user@hostnameoraddress
This will create a .ssh directory and a file authorized_keys in the home directory of the user on Ubuntu.
On Ubuntu:
1. Log in to Ubuntu using the same user (!) as before. Run with this identity
chmod 644 ~/.ssh/authorized_keys
chmod 700 ~/.ssh
2. Change configuration file for ssh
– sudo gedit /etc/ssh/sshd_config
– check whether the following entries are as shown. Uncomment entries if necessary
PermitRootLogin no
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
PasswordAuthentication no
The last entry is optional, but will make sure you will never be asked for an additional password when logging in from the Mac.
3. to make the changes take effect run
sudo stop ssh
sudo start ssh
Everything should be working.
Hi, thanks for the tute.
Its the third or fourth tute I’ve tried, but Im always having the same problem. I can see my share in Finder, but attempting to connect to it constantly rejects username and password (Im entering the login on the remote linux box). This is a fresh Ubuntu 10 box
Tailing all the log files on Ubuntu, I can see my local Mac connecting to afpd, but there doesnt seem to be any log entries when I hit enter on the login box (or any log entries saying auth failed etc). Do you know of a way I can troubleshoot this please?
Ive tried using both CBD and DBD for the cnidscheme, and also removed the allow:username so according to the docs even guest users should have access
Thanks
Just a follow up to my earlier message, I have made some changes which mean I can now connect to my share (BUT… using cleartext passwords).
I dont really understand why encryption wasnt working properly on Snow Leapord. If anyone else just wants it working, and is happy with cleartext then you can do this…
1) OSX Leopard and above, no longer allows you to connect to shares using cleartext. You can override this using…
defaults write com.apple.AppleShareClient afp_cleartext_allow -bool YES
2) edit afpd.conf – we need to add the cleartext module to the bottom line you added earlier…
-uamlist uams_clrtxt.so
3) Finally, on ubuntu, you need to create a .passwd file in your home directory, containing your cleartext password
cd ~
echo password > .passwd
chown *YOUR_USERNAME* .passwd
chmod 600 .passwd
4) Restart netatalk
Not that Im recommending plaintext passwords, and definitely not if you’re on a shared LAN, but for my secure home LAN, Im just happy to get it working at all now
Robert,
Many thanks for taking the time to put this together and publishing it.
I have followed various threads over the last week about getting Mac OSX client working with Ubuntu Server (10.04) and with no success until now. I expect that shortly I will be nominated for father of the year, after a fresh install of the Ubuntu Server and following this succinct tutorial my son’s MacBook Pro connected no problem after which he promptly kicked off a Time Machine backup.
Brilliant!
You Rock! I too found other article to refer to and use older versions of Ubuntu Server and am always a little cautious to follow this instructions. Thank you for making the time and effort to provide a simple and succinct solution that worked for me like a charm.
One thing I did notice on my Ubuntu box though… I did some throughput tests by copying a 2Gb folder/directory of files from my Mac to the server. I watched the men utilization on the server (which has 4Gb of RAM) and noticed that as the files were copying the men utilization climbed till it reached a little less that 4Gb. After 12 hours, it has not dropped back down.
Do you know if there is some kind of caching going on that might have flush parameters for afp?
PS: I am amazed with the > 4Gb/min (66MB/s) throughput to the server I am getting.
Thank you again.
I believe this is normal behavior of modern OS’s assuming that the Memory utilization shows that the memory is mostly in the cached memory. If you run the free command you’ll see something like:
Notice that the cached value is pretty high. If you see that the free value is low and the cached value is high, that is cool. The OS is sucking any idle memory and using it for disk and other caches. But if a process needs memory, it will take it from the cache, not declare its out of memory. This is generally a good thing. So when you do a big transfer it will allocate the memory to caches and then lazily release the caches only when processes need it.
If you see low “free” memory AND low “cached” memory, then you might have a problem…
For those who are getting authentication issues as soon as you put in the credentials…
It’s a bug in netatalk
To confirm check your /var/log/messages (or /var/log/syslog) and you’ll find that afpd is crashing
Seems to only occur if you also happen to have Samba installed as well.
https://bugs.launchpad.net/ubuntu/+source/netatalk/+bug/810732