Lash Macs to Your Network With Netatalk
OS X will cure a lot of Apple's traditional interoperability woes, but adoption is still at less than 20%, and many network admins are faced with fleets of older Mac desktops. netatalk running under Linux or UNIX can cure some of the heartache and bring those Macs into the fold.
Here are some guidelines for deciding if Netatalk is a good choice for you:
- you already have a *nix server, with established user accounts
- users running Mac desktops
- smaller LAN or department needing basic file and print services
Apple's Workgroup Manager recognizes Netatalk servers. One thing Netatalk does not do: Mac boxes can access UNIX shares, but UNIX boxes cannot access Mac files or services. It's a one-way ride. For many client machines on any platform, this is not a problem- shared files and services are on a server. If you need shared files or printers to be on a Mac box, Netatalk won't work.
The client machines need the AppleTalk client. For fewer hassles, have the most current version. OS X support is iffy, but improving. Check the docs in your tarball. The current stable Netatalk version as of this writing is 18.104.22.168. Be sure to download from the Netatalk page on Sourceforge, that is the current, active site.
- Other BSDs
See /netatalk-1.5.x.x/README, in the directory where your unpacked tarball resides. It contains a list of the most important instruction files to use, which are in /netatalk-1.5.x.x/doc/.
Preparing the Kernel
Linux kernels from 2.2 on provide AppleTalk support. To see if your kernel has AppleTalk support compiled in, first run as root:
# dmesg | grep Apple
This searches the boot messages for any mention of Apple. Or cd to /var/log/boot.log and look with your own eyeballs:
# less boot.log
As the wise admin does not load up the kernel with unnecessary baggage, chances are it is not there. Fear not, for a simple kernel recompile will put it there. Or load it as a kernel module. Adding it to the kernel, rather than running as a module, will give better performance, and less hassle. Kernel modules need to be started at boot time, which means either writing a startup script, or starting them manually.
Compiling a kernel is not scary. A Linux system can have as many different kernels as the user desires, select the one you want to use at boot. Observe the usual elementary precautions: have up-to-date backups, and a boot disk. During the 'make config' part (or xconfig, or menuconfig, whatever you choose) select 'Appletalk DDP' in Networking options.
See the Kernel Howto for excellent, detailed instructions.
Installation is straightforward, it does not require any exotic libraries. Run
# ./configure --help
to see all available options. It is not necessary to specify any options for the installation to succeed, however you should review this carefully for useful options. For example:
--with-shadow enable shadow password support
--with-tcp-wrappers enable TCP wrappers support
--enable-redhat use redhat-style sysv configuration
--enable-suse use suse-style sysv configuration
--e--build=BUILD configure for building on BUILD [BUILD=HOST]
Then make, make install. Run updatedb after installation so the locate command will find the new files right away.
This goes faster if you are already familiar with Apple's networking jargon, they have their own terminology. They use things like seeds, nonseeds, soft seed, and zones. The configuration files are installed in /usr/local/etc/netatalk.
The documentation is, let's face it, a bit of a pain. A full complement of man pages are installed, however you have to know the names in order to access them. This sort of thing makes me a bit grumpy, even if it is free. On the other hand, no one is stopping me from making improvements, so I shall shut up and tell how to find the docs. Go to the directory where your tarball was unpacked and look in the /netatalk-1.5.x.x/man directory. All the names of the man pages are there:
[carla@windbag man1]$ ls
These files are not very readable as they are in Troff format, use the man command: man achfile. The point is to collect the page names. There are several man directories here, simply collect the contents in a file, then print it for reference. This is the quickest way I know to build an index:
[carla@windbag man]$ ls man1 man3 man4 man5 man8 > netatalk_man_index
This creates a text file named netatalk_man_index, containing the names of all the files in the named directories. Remember, > overwrites, >> appends.
Be sure to consult the man pages, they contain the latest, most accurate information. There are some discrepancies between the man pages and the docs in /netatalk-1.5.x.x/doc. Trust the man pages.
There are several configuration files to attend to: netatalk.conf, afpd.conf, atalkd.conf, and papd.conf. The simplest and fastest way to get up and running is to edit only netatalk.conf. In netatalk.conf, at a minimum set the zone, and server hostname. Man netatalk.conf contains the complete option set.
afpd.conf, AppleTalk Filing Protocol daemon, is not required. It contains a number of network, protocol, and authentication settings. afpd.conf overrides both global settings and compiled options. man afpd and man afpd.conf.
atalkd.conf, AppleTalk daemon, is another non-required config file, included for your AppleTalk routing fine-tuning pleasure. See "Understanding AppleTalk Routing" for an excellent tutorial. man atalkd.conf, man atalkd.
The final entry in our configuration file hit parade is papd.conf, Printer Access Control daemon. papd shares the same defaults as lpd, so it is not needed on most systems. It is needed for Solaris. If papd is used, it must be enabled in /netatalk.conf.
There is a pretty good Webmin module, it simplifies configuration quite nicely. Find it on the Netatalk home page on SourceForge.
Until Apple completes its ongoing transition to TCP/IP with OS X and we don't need to jump through all these hoops, Netatalk is a nice tool for bringing Macs into your fold.