Installing Netatalk 3.1 on OpenSUSE

= Overview = This installation guide was originally written for Netatalk 3.1.11 on openSUSE Leap 42.2

== Required Packages == Install the following packages by "zypper in".

*gcc *libtool *make *libevent-devel (used by netatalk(8)) *db-devel (dbd CNID backend) *libtdb-devel (tdb CNID backend) *libmysqlclient-devel (mysql CNID backend) *libgcrypt-devel (DHX2 auth) *libopenssl-devel or libressl-devel (DHX auth aka DHCAST128) *krb5-devel (Kerberos V auth) *pam-devel (PAM) *libavahi-devel (Bonjour support) *cracklib-devel (password ckeck) *tcpd-devel (TCP Wrapper) *libacl-devel (ACL support) *openldap2-devel (enhanced ACL support) *dbus-1-devel (used by afpstats command) *dbus-1-glib-devel (used by afpstats command) *glib2-devel (used by afpstats command) *perl-IO-Socket-INET6 (used by asip-status.pl command) *systemtap-sdt-devel (DTrace-compatible) *tracker (used for spotlight indexing) *tracker-devel (used for spotlight indexing)

== Build == Get the tarball from [http://netatalk.sourceforge.net/ Netatalk Web Site].

Extract the tarball.

$ tar xvf netatalk-3.1.11.tar.bz2
$ cd netatalk-3.1.11

You should read the help message, in order to know configure options.

If the applicable libraries are installed, many options will be detected automatically.

$ ./configure --help

Do configure! The following options are not auto-detected.

$ ./configure \
    --with-init-style=suse-systemd \
    --without-libevent \
    --without-tdb \
    --with-cracklib \
    --enable-krbV-uam \
    --with-pam-confdir=/etc/pam.d \
    --with-dbus-sysconf-dir=/etc/dbus-1/system.d \
    --with-tracker-pkgconfig-version=1.0

The version 1.0 --with-tracker-pkgconfig-version=1.0 must match the pkg-config version of the installed Tracker libraries. Use the following commands for finding the version info:

$ pkg-config --list-all | grep tracker
...

On successful completion, you will see a report similar to the following:

Compilation summary:
    CPPFLAGS       = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir) 
    CFLAGS         = -D_U_="__attribute__((unused))" -g -O2
    LIBS           =  -lcrack
    PTHREADS:
        LIBS   = 
        CFLAGS = -pthread
    TRACKER:
        LIBS   = -ltracker-sparql-1.0 -lgio-2.0 -lgobject-2.0 -Wl,--export-dynamic -lgmodule-2.0 -pthread -lglib-2.0 
        CFLAGS = -pthread -I/usr/include/tracker-1.0 -I/usr/include/tracker-1.0/libtracker-sparql -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include 
    SSL:
        LIBS   =  -L/usr/lib64 -lcrypto
        CFLAGS =  -I/usr/include/openssl
    LIBGCRYPT:
        LIBS   = -L/usr/lib64 -lgcrypt -ldl -lgpg-error
        CFLAGS = 
    PAM:
        LIBS   =  -lpam
        CFLAGS = 
    WRAP:
        LIBS   = -lwrap
        CFLAGS = 
    BDB:
        LIBS   =  -L/usr/lib64 -ldb
        CFLAGS = 
    GSSAPI:
        LIBS   = -lgssapi_krb5  -lcrack
        CFLAGS = -D_U_="__attribute__((unused))" -g -O2
    ZEROCONF:
        LIBS   =  -lavahi-common -lavahi-client
        CFLAGS =  -D_REENTRANT
    LDAP:
        LIBS   =  -lldap
        CFLAGS = 
    LIBEVENT:
        LIBS   = 
        CFLAGS = 
    TDB:
        LIBS   = -ltdb 
        CFLAGS = 
    MySQL:
        LIBS   = -L/usr/lib64 -lmysqlclient -lpthread -lz -lm -lssl -lcrypto -ldl
        CFLAGS = -I/usr/include/mysql
Configure summary:
    INIT STYLE:
         suse-systemd
    AFP:
         Extended Attributes: ad | sys
         ACL support: yes
         Spotlight: yes
    CNID:
         backends:  dbd last tdb mysql
    UAMS:
         DHX     (PAM SHADOW)
         DHX2    (PAM SHADOW)
         RANDNUM (afppasswd)
         Kerberos V
         clrtxt  (PAM SHADOW)
         guest
    Options:
         Zeroconf support:        yes
         tcp wrapper support:     yes
         quota support:           yes
         valid shell check:       yes
         cracklib support:        yes
         ACL support:             auto
         Kerberos support:        auto
         LDAP support:            yes
         AFP stats via dbus:      yes
         dtrace probes:           yes
    Paths:
         Netatalk lockfile:       /var/lock/netatalk
         init directory:          /usr/lib/systemd/system
         dbus system directory:   /etc/dbus-1/system.d
         dbus daemon path:        /bin/dbus-daemon
         tracker prefix:          /usr
         tracker install prefix:  /usr
         tracker manager:         /usr/bin/tracker daemon
         pam config directory:    /etc/pam.d
    Documentation:
         Docbook:                 no

Docbook is not needed because it is for developers only.

Make and install.

$ make
# make install

== Check == Check features and paths, using "netatalk -V" and "afpd -V".

$ /usr/local/sbin/netatalk -V
netatalk 3.1.11 - Netatalk AFP server service controller daemon
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.
netatalk has been compiled with support for these features:
  Zeroconf support: Avahi
 Spotlight support: Yes

              afpd: /usr/local/sbin/afpd
        cnid_metad: /usr/local/sbin/cnid_metad
   tracker manager: /usr/bin/tracker daemon
       dbus-daemon: /bin/dbus-daemon
          afp.conf: /usr/local/etc/afp.conf
 dbus-session.conf: /usr/local/etc/dbus-session.conf
netatalk lock file: /var/lock/netatalk

$ /usr/local/sbin/afpd -V
afpd 3.1.11 - Apple Filing Protocol (AFP) daemon of Netatalk
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.
afpd has been compiled with support for these features:
      AFP versions: 2.2 3.0 3.1 3.2 3.3 3.4 
     CNID backends: dbd last tdb mysql 
  Zeroconf support: Avahi

TCP wrappers support: Yes
Quota support: Yes
Admin group support: Yes
Valid shell checks: Yes
cracklib support: Yes
EA support: ad | sys
ACL support: Yes
LDAP support: Yes
D-Bus support: Yes
Spotlight support: Yes
DTrace probes: Yes
          afp.conf: /usr/local/etc/afp.conf
       extmap.conf: /usr/local/etc/extmap.conf
   state directory: /usr/local/var/netatalk/
afp_signature.conf: /usr/local/var/netatalk/afp_signature.conf
  afp_voluuid.conf: /usr/local/var/netatalk/afp_voluuid.conf
   UAM search path: /usr/local/lib/netatalk//

Server messages path: /usr/local/var/netatalk/msg/

== Setting == Edit "/usr/local/etc/afp.conf".

Ex:

[Global]
[Homes]
basedir regex = /home
[Test Volume]
path = /export/test1
[My Time Machine Volume]
path = /export/timemachine
time machine = yes

It's recommended to enable extended attributes of filesystem. It's no problem in case of btrfs.

If you use ext2,3 or 4, you should check it by "getfattr" and "setfattr" commands. If you use ACL, you shoud check it by "getfacl" and "setfacl" commands. If these are disabled, use "tune2fs" command or edit "/etc/fstab" file.

Ex:

/dev/sdc2    /mountpoint    ext4    defaults,user_xattr,acl    0 2

You should check firewall. AFP's port number is 548. Zeroconf's port number is 5353.

== Enabling and Starting == You must run Avahi ahead of Netatalk.

# systemctl enable avahi-daemon
# systemctl enable netatalk
# systemctl start avahi-daemon
# systemctl start netatalk

== Spotlight Feature == If you use Spotlight feature, read [http://netatalk.sourceforge.net/3.1/htmldocs/configuration.html Spotlight] section in Netatalk Manual.

Set "spotlight = yes".

Set "spotlight = no" for Time Machine's volume. The mining for sparsebundle is wasteful.

Ex:

[Global]
    spotlight = yes
[Homes]
basedir regex = /home
[Test Volume]
path = /export/test1
[My Time Machine Volume]
path = /export/timemachine
time machine = yes
spotlight = no

Some problems have been reported. *[http://sourceforge.net/p/netatalk/bugs/543/ Bug#543 Spotlight cannot search in user homes]

== Interoperation with Samba == Recent Netatalk and Samba can store metadata in the compatible format.

Using this way, the following access becomes possible. *from Mac to Netatalk *from Mac to Samba *from Windows to Samba

=== Netatalk ===

Using "vol preset" option, the same configuration is set for all volumes.

Using "ea = samba", Extended Attributes become compatible with Samba.

Edit "/usr/local/etc/afp.conf".

Ex:

[Global]
    vol preset = my default values
[my default values]
ea = samba
[Homes]
basedir regex = /home
[Test Volume]
path = /export/test1
[My Time Machine Volume]
path = /export/timemachine
time machine = yes

=== Samba ===

Setting various options in [global], the same configuration is set for all shares.

Three vfs objects (catia, fruit and streams_xattr) provide enhanced compatibility with Apple SMB clients and interoperability with a Netatalk.

Using "hide files", the invisible files created via Netatalk are hidden from Windows. Use "hide files", not "veto files".

Don't use "fruit:locking = netatalk" because it has [https://lists.samba.org/archive/samba/2015-December/196828.html a bug].

[My Time Machine Volume] is commented out because Time Machine feature can not be used via SMB.

Edit "/etc/samba/smb.conf".

Ex:

[global]
    foo = bar
    baz = qux
ea support = Yes
vfs objects = catia fruit streams_xattr

;   fruit:locking = netatalk
fruit:encoding = native
streams_xattr:prefix = user.
streams_xattr:store_stream_type = no
hide files = /.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/Temporary Items/.TemporaryItems/.VolumeIcon.icns/Icon?/.FBCIndex/.FBCLockFolder/

read only = No

[homes]
[Test Volume]
path = /export/test1
;[My Time Machine Volume]
;   path = /export/timemachine