afp, netatalk, samba

Default ubuntu 10.04 installation

sudo su
apt-get install netatalk avahi-daemon
cd /etc/netatalk/
mkdir /var/userdata
chmod 777 /var/userdata/ -R
adduser user1
adduser user2

Enable the server options.

nano /etc/netatalk/afpd.conf                     (at end of the file add):

- - transall -uamlist uams_randnum.so,uams_dhx2.so -nosavepassword -advertise_ssh

if you want to use shared printers edit:

ATALKD_RUN=no
PAPD_RUN=no
CNID_METAD_RUN=yes
AFPD_RUN=yes
TIMELORD_RUN=no
A2BOOT_RUN=no

nano /etc/netatalk/AppleVolumes.default

~/ "$u Home Directory" allow:user1,user2,$u rwlist:@admin options:usedots,upriv perm:0775 veto:/lost+found/
/var/userdata "userdata" allow:user1,user2,@admin rwlist:@admin options:usedots,upriv perm:0775 veto:/lost+found/

if you want time machine add:

/home/username/TimeMachine TimeMachine allow:username1,username2 cnidscheme:cdb options:usedots,upriv

edit advertising service:

nano /etc/avahi/services/afpd.service
<?xml version="1.0" standalone='no'?>
<!--*-nxml-*--> 
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
 <service-group>
  <name replace-wildcards="yes">%h</name>
  <service>
   <type>_afpovertcp._tcp</type> 
   <port>548</port>
  </service>
  <service>
   <type>_device-info._tcp</type>
   <port>0</port>
<txt-record>model=Xserve</txt-record>
  </service>
 </service-group>

Edit iptables rules:

#afp avahi netatalk

-A INPUT -p tcp --dport 548 -j ACCEPT<br>
-A INPUT -p udp --dport 5353 -j ACCEPT<br>
-A OUTPUT -p udp --dport 5353 -j ACCEPT</p>

Restart the server.

sudo /etc/init.d/netatalk restart

Test it by finder, connect to server (apple+K) type in the url/ip and user/pass
To advertise the server on the network edit:
nano /etc/nsswitch.conf

Just add “mdns” at the end of the line that starts with “hosts:”. Now the line should look like this:

hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns

Add avahi-deamon at boot.

sudo update-rc.d avahi-daemon defaults

now add samba

sudo apt-get install samba 
libpam-smbpass
nano /etc/samba/smb.conf
workgroup = EXAMPLE
   ...
   security = user

The security parameter is farther down in the [global] section, and is commented by default. Also, change EXAMPLE to better match your environment.

Create a new section at the bottom of the file, or uncomment one of the examples, for the directory to be shared:

[share]
    comment = Ubuntu File Server Share
    path = /var/userdata
    browsable = yes
    guest ok = yes
    read only = no
    read list = @qa
    write list = @sambashare, user1, user2
    create mask = 0755
####sudo mkdir -p /var/userdata
sudo chown -R user1 /var/userdata/
sudo chgrp -R sambashare /var/userdata/
####sudo setfacl -R -m g:ga:rx /var/userdata (excecute rights not used)
sudo nano /etc/group and add users to the sambashare group.
add samba to firewall:
sudo ufw allow Samba
<DONE>
TODO add open LDAP

 

Hessen Kasselstraat 8
5615 SM Eindhoven
phone: +316-81888456