Configuring an AppleTalk Server in Linux

Configuring an AppleTalk Server in Linux

If you have a mixture of older Macs (such as a Power Macintosh with Mac OS 8.1) and newer Macs (such as an iMac with Mac OS X) on the same LAN, an AppleTalk server could be the best way to share files and printers among them. With the netatalk package installed on your Red Hat Linux server, netatalk can be configured to act as that AppleTalk server.

Using netatalk, you can allow multiple Mac clients to use the following features from a computer running Red Hat Linux:

  • AppleShare file server ( Files and directories you share from your AppleTalk server (via netatalk) are stored with features and permissions that a Mac user would expect.

  • AppleTalk printer server ( Printers configured on your Linux server can be shared as though they were AppleTalk printers.

  • AppleTalk router ( Your Red Hat Linux system can act as a router between multiple AppleTalk networks.

The netatalk project site is located at http://netatalk.sourceforge.net. There, you can find documentation (in particular, a FAQ), as well as links to helpful netatalk Web sites.

To use netatalk in its most basic configuration, all you need to do is:

  • Create a LAN connecting your Linux netatalk server and Mac client computers. (You can configure netatalk as a router to connect multiple LANs.)

  • Start netatalk as described in the "Starting netatalk" section. This enables any users with user logins to your Linux computer to access their home directories from a Mac (using Linux logins and passwords). You can also add printers and other directories to share.

Before you fire up netatalk, however, I recommend that you check out the section that follows.

Important?

Drivers required to use netatalk are on the Red Hat Linux CD #3 in the kernel-unsupported package that is specific to your processor. That package is not installed by Red Hat Linux, even with an Everything install! You must install kernel-unsupported to be able to use netatalk at all in Red Hat Linux.

Before you start using netatalk

Know that when you are creating an AppleTalk server on a Linux file system, you are creating a hybrid-type file system. Strange issues can arise because the two types of servers handle ownership, access, and file attributes (such as what applications launch a file) differently.

On the netatalk shared directory structure (referred to as a volume, or share), special directories exist to hold attributes (file type and creator), trash, temporary items, and find content. If you change files or directories on AppleTalk volumes from Linux without taking special precautions, you'll delete a file and leave its attributes around or create a file that has no attributes (so a Mac doesn't know how to launch it). You can't even move a whole directory structure from one Linux partition to another without losing the connection between the files and their attributes.

Here are a few tips to think about before you start using netatalk:

  • Use Mac clients to create, move, and copy files on the Mac volume whenever possible. This is the best way to keep your volumes clean and working properly.

  • If you must move netatalk files and folders from a Linux shell, use the apple_mv, apple_cp, and apple_rm commands (described later in this chapter).

  • You can share the same volumes with both your Mac clients (using netatalk) and Windows clients (using Samba), but this involves certain risks and caveats as well. See the "Sharing files with netatalk and Samba" section later in this chapter for ways to avoid trouble.

  • Mac users expect permission on files and directories to be more open than many Linux administrators are comfortable with. Check the "Securing netatalk volumes" section for information on the best ways to securely provide the necessary access.

  • Tools for tracking down network services and troubleshooting problems for AppleTalk networks are different than those used for pure TCP/IP networks. Refer to the "Troubleshooting netatalk" section for information on the tools you can use for tracking down network problems.

Setting up the netatalk server

The following steps provide a high-level overview of how to set up your netatalk server. (The sections that follow contain details on how to do these steps.)

  1. Start netatalk Like most Linux network services, netatalk can be set to start automatically from a start-up script, in this case /etc/init.d/atalk. (You can do some limited file sharing with the default configuration, as described in the next section.)

  2. Configure general settings (/etc/atalk/netatalk.conf file) — Use the netatalk.conf file to add your own general netatalk server settings. The default settings for the general netatalk configuration are:

    • Clients Up to 20 Mac clients can connect to your server at a time.

    • AppleTalk host name Your computer's host name (type hostname -s to see it) is used as your computer's AppleTalk server host name.

    • Authentication Netatalk will allow users to connect using a guest login (nobody user) with no password, a clear-text password, or an encrypted password (Diffie-Hellman style authentication).

    • Guest user A guest user can connect without entering a password and access shared volumes that are open to the world. This guest user is assigned to the Linux nobody user name. (By default, no guest shares are set up.)

    • Daemon processes Netatalk starts daemon processes to manage your AppleTalk network interface (atalkd daemon), start the AppleTalk print sharing service (papd daemon), and start the AppleTalk filing protocol (afpd daemon) for sharing volumes.

  3. Configure server settings (/etc/atalk/afpd.conf file) Configuring afpd.conf lets you set up specific settings for your netatalk server (you can even have multiple, virtual servers configured that each look different to the outside world). The contents of the afpd.conf file affect how the AppleTalk filing protocol daemon (afpd) shares its volumes with Mac clients.

  4. Set up users — The netatalk server can rely on the Linux users you add to the computer (using clear-text passwords), then limit access to your shared volumes based on those permissions. Or, you can configure netatalk to use encrypted passwords to validate users.

  5. Share volumes (/etc/atalk/AppleVolumes.default file) When netatalk starts, each user with a valid Linux login to your computer can, by default, access his or her own home directory as an AppleTalk share from a Mac client. You can (and probably will) have more shared volumes by configuring them in the AppleVolumes.default file.

  6. Securing shared volumes Netatalk can take advantage of Linux security features to protect shared volumes. You can secure volumes at the host, user, and file/directory level.

  7. Share printers (/etc/atalk/papd.conf file) — Netatalk can share any printer you have connected to Linux (or otherwise configured locally) by adding a definition to the papd.conf file. No printers are shared until you add them.

As you work with your shared volumes and printers, you will find that maintenance issues arise from time to time. In particular, you should refer to the following sections: "File/directory-level security" (for dealing with hidden attribute files and directories), "Sharing files with netatalk and Samba" (to share the same directories from netatalk and Samba), and "Troubleshooting netatalk" (for general troubleshooting tips).

Starting netatalk

Start up netatalk as you would most Linux network services: from a start-up script. The netatalk script is called atalk (/etc/init.d/atalk). To turn it on, type the following as root user:

# chkconfig atalk on

The previous command causes netatalk to start the next time you reboot. To start it now, type:

# service atalk start

Here's what happens when you start the AppleTalk service:

  • The AppleTalk daemon (atalkd) starts from the contents of the /etc/atalk/atalkd.conf file.

  • The papd daemon registers print services using the contents of the /etc/atalk/papd.conf file.

  • The afpd daemon registers volumes from the contents of the /etc/atalk/AppleVolumes.default file (using settings from the AppleVolumes.system file).

To check that the netatalk service started properly, as root user type the following from any Linux system on the network (the output may take a minute or two to appear):

# nbplkup
toys:AFPServer               65280.115:128
toys:netatalk                65280.115:4
toys:Workstation             65280.115:4

To check if your netatalk server is available from a Mac client, go to the Mac client and perform the appropriate procedure:

  • For a pre–Mac OS X client — Click the Apple Chooser. From the Chooser window, click AppleShare. The netatalk server should appear in the "Select a file server" pane. Click on it and click OK, then use any valid user login and password from Linux to open that user's home directory.

  • For a Mac OS X client — From the Finder bar, click Go, then Connect to server. Type the URL of the netatalk shared directory. For example, for the home directory on the computer named toys for the user named chris, you could type the following:

    afp://toys/chris
    

If you can't find and open the netatalk server from your Mac, see the "Troubleshooting netatalk" section in this chapter for some suggestions.

Defining general AppleTalk server settings

Settings in the /etc/atalk/netatalk.conf file define information related to the general operation of your netatalk server. Step 2 of "Setting up the netatalk server" describes the default settings in this file. The following code lines illustrate a few things you might want to change (as root user).

AFPD_MAX_CLIENTS=100

Instead of limiting the number of Mac clients who can simultaneously use your netatalk server to 20, you can use any number you like (100 is shown above). To change the zone and server name, you could change the following settings:

ATALK_ZONE=GSTREET
ATALK_NAME="History 101"

This example sets the zone name to GSTREET and the server name to History 101. To change how authentication is performed, you could use one of the following two AFPD_UAMLIST examples:

AFPD_UAMLIST="-U uams_guest.so"
AFPD_UAMLIST="-U uams_clrtxt.so"

The first example makes netatalk a guest-only server. The second line allows only valid users from the Linux system using clear-text passwords. The following line lets you change the guest user account:

AFPD_GUEST=nobody

You could change nobody to any valid user account on Linux, and that account will be used as your guest user. Other settings in the netatalk.conf file let you set which daemons run.

Defining specific AppleTalk servers settings

Your netatalk server can appear as multiple file servers, each with different attributes. You can set up these "virtual" servers in the /etc/atalk/afpd.conf file. Within each file server entry, you name the server, and then assign a variety of options to set how it is accessed. A few nice examples of how to do this are shown as comments in the afpd.conf file itself:

"Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!"
"User Volume" -uamlist uams_clrtxt.so -port 12000

The "Guest Volume" example causes a "Welcome guest!" message to appear when a user logs into the server. Because it is a guest server (uams_guest.so), no password is required. In the "User Volume" example, clear-text passwords and valid user accounts are needed for the volume. The service is provided on port number 12000. Guest Volume and User Volume appear as the names of the two servers, respectively, in the Mac's chooser window.

If your Linux computer is a router/firewall, with one or more network interfaces connected to public networks, you should use the -ipaddr IPaddress option. With that option, you can restrict access to the netatalk server from a particular network interface (probably one that only allows access from your local LAN). There are more than 30 options listed in afpd.conf that you can consider.

Setting up users

As mentioned earlier, the netatalk server (by default) allows users with valid user names and passwords to log in to the server with clear-text (unencrypted) passwords and gain access to (at least) their own home directories. See the "Securing netatalk volumes" section later to see how to set up the server to use encrypted passwords.

Sharing netatalk volumes

You use the AppleVolumes.default file to indicate which volumes from the netatalk server are made available to your Mac clients. This file is located in /etc/atalk/AppleVolumes.default.

Note?

See "File/directory-level security" for detailed information on hidden files and directories, as well as user/group permissions issues related to sharing volumes.

Look at the last line in the AppleVolumes.default file. The single tilde (~) on a line by itself tells the AppleTalk daemon to make all Linux home directories (usually in the /home directory) available as AppleTalk shared directories. When a user logs into the netatalk server, the user's own home directory appears as an available shared directory. A user that chooses to open that directory has the same rights to change, add, and delete files that he has when logged in directly to Linux.

A common practice is to add the text "Home Directory" to the line that contains the single tilde (~) so that it appears as follows:

~  "Home Directory"

Sharing additional directories can be done by simply adding a full path name to the directory you want to share and the volume name you want to assign to it. For example:

/var/toyprojects "Linux Toys"

As you can see in this example, /var/toysprojects is shared under the name "Linux Toys". The path name is limited to 27 characters. In this simple case, access permissions to the volume are determined by the user, host, and folder-level security that is set up for the volume (see the "Securing netatalk volumes" section for more information).

You can also add options directly to each listing in the AppleVolumes.default file. On the same line, after the path (/var/toyprojects) and volume name ("Linux Toys") options as shown above, you can add some options. Here are a few options that might interest you (look inside the AppleVolumes.default file for others):

  • casefold:option ( Normally, when a shared volume appears on the Mac client's screen, file and directory names appear in upper- and lowercase as they exist on the Linux system. By replacing option in the casefold option with tolower or toupper, you can have lowercase or uppercase apear in both directions, respectively. Or, you could have case translated (xlatelower or xlateupper) to set what the client sees.

  • allow:users/@groups or deny:users/@groups ( You could add specific users or groups to an allow or deny option to have those users or groups allowed or denied access to the shared volume. (Separate each with a comma; indicate a group with an @ sign.)

  • password:pwd ( Replace pwd with a password (up to eight characters) to define a password that is specific to the volume.

  • rolist:users/@groups or rwlist:users/@groups — Use rolist or rwlist options to allow read-only or read/write access, respectively, to the users or groups you add to the list. (Separate each with a comma; indicate a group with an @ sign.)

By opening these shared volumes and creating files and folders in them, Mac clients automatically create some files and folders that are invisible to the Mac client. These files and folders hold resource fork information and other features that would not normally be in a Linux file system. The "File/directory-level security" section describes these files and folders.

Note?

Although most of the files and folders described below are invisible to Mac clients, if you share the same directories using Samba or some Linux file-sharing feature (such as NFS), they will be visible. You can use the veto feature of Samba to hide these files from Windows users.

Securing netatalk volumes

Some Linux and netatalk features can be used to secure your volumes from unwanted access or misuse. The following sections describe how to protect your netatalk servers at the user, host, and file/directory levels.

User-level security

When you create a shared volume (in AppleVolumes.default), you can indicate which users can access that volume. Users can be authenticated using clear-text passwords (to log in to their basic Linux user accounts) or by setting up a special encrypted password file using netatalk.

Users can be assigned to particular volumes when you define those volumes in the AppleVolumes.default file as described earlier. Here's an example where the users mike and jojo and anyone in the group wheel are allowed access to a volume:

/var/homework "History homework" allow:mike,jojo,@wheel

To use the default clear-text passwords, you need only set up user accounts as you normally would in Linux (see Chapter 11). However, to use encrypted passwords for users (on a server configured to use encrypted passwords in the afpd.conf file as described earlier), you must create an AppleTalk password file (/etc/atalk/afppasswd). As root, type the following:

# afppasswd -c

This command gathers all regular users (UID 500 and above) and the guest user (nobody) and adds them to the afppasswd file. After you create afppasswd initially, you can later add individual users manually to that file (provided they also have valid Linux accounts).

Next, you need to add proper passwords for each of the users that will be allowed access to your netatalk shares. For example:

# afppasswd -a jake
Enter NEW AFP password: *******
Enter NEW AFP password again: *******

Issues related to choosing a good password (see Chapter 14) are true for setting AppleTalk passwords as well. If the passwords match, the user will be able to log in using the assigned user name and password when he tries to mount the AppleTalk volume from the netatalk server, provided the netatalk is using encrypted authentication (uams_dxh.so).

Host-level security

You can restrict which computers on your network have access to your netatalk services using the /etc/hosts.allow and /etc/hosts.deny files. These files are described in the "Using TCP wrappers" section of Chapter 14. These are the same files you use to allow or restrict access to other Linux networking services.

The following is an example of an entry in the hosts.allow file.

ALL: .linuxtoys.com EXCEPT abc.linuxtoys.com

The example shown allows access to netatalk (and all other services) from all computers in the linuxtoys.com domain except for the computer named abc.linuxtoys.com. See Chapter 14 for details about other ways to indicate services (instead of ALL) and hosts.

File/directory-level security

Netatalk creates hidden files and directories to handle Mac features that are not in Linux. Understanding those files/directories and working with standard Linux ownership and permissions are the best ways to refine access to the AppleTalk volumes you share.

Understanding hidden Mac files and directories

Netatalk creates special files and directories that you can't see from the Mac Finder. Because these files begin with a dot (.), they are hidden from normal directory listings (ls) in Linux as well. The following descriptions should help you understand these files and directories.

Note?

To see hidden files from a folder window (from the GNOME desktop), click Edit ? Preferences. Then from the Views tab, click the "Show hidden and backup files" box. Type ls -a to see them from a Terminal window.

  • .AppleDouble — Every directory within your shared AppleTalk (netatalk) volume contains a .AppleDouble directory. This directory is created automatically as soon as you create a file or directory from a Mac client on the netatalk server. Within this directory are separate files representing attributes of each file in the associated directory. For example, creating a text file in /var/toyprojects called mytext.txt would create a file called /var/toyprojects/.AppleDouble/mytext.txt that contained attributes about that file.

    You can create an Icon directory to.AppleDouble, enabling you to add custom icons to the shared volume. Icons in the directory (named file.icon after the file type) should be readable by everyone who can see the icon and writable to those allowed to change it.

  • .AppleDouble/.Parent — This directory within each .AppleDouble directory contains information about the shared directory.

  • .AppleDesktop — For each shared volume, this directory is located in the top-level directory. This directory contains information about the applications that created the data stored on the volumes and the icons used to represent that data.

  • Network Trash Folder — This folder, in the top-level shared directory, holds deleted files from the client. (Note spaces in the directory name, which must be preceded with a backspace to access the folder from the Linux shell.)

  • Temporary Items — Some applications need this folder (located in the top-level directory) to create temporary files.

Other directories may also appear, as applications that work on files in a volume need special directories to get their work done.

Setting file/directory permissions

Permissions on shared netatalk volumes tend to be more wide open than would typically be the case on shared Linux directories in order to match the expectations that Mac users generally have about permissions.

In particular, the set UID (user) or GID (group) bit is often turned on for directories. By using the set UID/GID feature, any file or directory created in the directory with set UID/GID turned on would be owned by the associated user or group. For example, follow these steps as root user from the shell (creating any directory name you want to share):

# mkdir /var/toyprojects
# chown chris /var/toyprojects
# chgrp toygroup /var/toyprojects
# chmod 2775 /var/toyprojects
# ls -ld /var/toyprojects
drwxrwsr-x      2     chris     toygroup     4096  Mar 16 13:32
/var/toyprojects

In this example, I prepared a directory to be shared by netatalk called /var/toyprojects. I made the owner of the directory the user chris (use your own user name). I created a group (see Chapter 11 for creating groups) and called it toygroup. Then I set the permission to 2775 on the directory, which means that the group set-GID bit is on (2), the owner (chris) has full read/write/execute permission (7), the group (toygroup) has full read/write/execute permission (7), and other has only read and execute permissions (5). (Instead of 2, 4 sets the set-UID bit to be on.)

Turning on the group set-GID bit causes all files and directories created in /var/ toyprojects (and its subdirectories) to be assigned to the toygroup group, regardless of who created it. Because I set group permissions wide open (7), anything created in /var/toyprojects and its subdirectories will be under the complete control of anyone assigned to toygroup. This is a nice technique for sharing files in a group project.

Caution?

Setting the set-UID and GID bits can be dangerous, especially if execute permissions gets turned on by the root user. Anyone who can run an application from Linux with the set-UID or GID bits turned on will have the full permissions of the associated user or group to do what they could do with that application. That could include overwriting critical system files.

Once the top-level directory is created, netatalk will create the files and directories it needs (such as .AppleDouble and Network Trash Folder) as the Mac clients add files and folders. Netatalk should also propagate the correct permissions to those items.

Here are some tips about setting permissions:

  • A user must have write permission to the .AppleDesktop directory (and subdirectories) to create an application in a shared directory.

  • Make permissions to the Network Trash Folder writable by everyone who has access to the shared volume or their files will always be permanently deleted instead of put here.

  • Open permissions to the Temporary Items directory or applications (such as Photoshop) will fail to work with files from the shared volume.

  • Turn off write permissions to programs (executable files) to protect them from being exploited.

Setting Appletalk file/folder type and creator

To check type and creator attributes on Mac files, use the afile command as follows:

# afile file

In the above form, you can see attributes for files and directories of known types. To see all files (even those without associated attributes stored in the .AppleDouble directory), use the -a option to afile.

Use the achfile command to change the type (-t) and creator (-c) of the Macintosh file. Creator/file type pairs are defined in the /etc/atalk/AppleVolumes.system file. You can change these entries to cause different applications to be used for selected file types.

Moving, copying, and deleting netatalk files

When you access files on your netatalk volumes from a Mac client computer, file attributes are maintained or removed properly. Linux commands don't deal with Mac file attributes, however, so you need to run special commands from Linux to move these files and maintain their attributes, instead of the regular Linux commands (mv, cp, rm , and so on).

Note?

Before you use the apple_cp and related commands to add files to your Appletalk volume, open the volume from a Mac client and create a file there. This will cause the appropriate directories and files (.AppleDouble and so on) to be created so they are available to add attributes from Linux apple_* commands.

The commands for copying, moving, and removing files from a shell in Linux on your netatalk server volumes are apple_cp, apple_mv, and apple_rm, respectively. For example:

# apple_cp memo1.doc /var/av1/memos/

This command copied my memo1.doc file from my current directory to the /var/av2/memos/ directory (presumably on the same netatalk volume). This action also copies the resource forks associated with the file to the .AppleDouble directory to the directory you are moving to. Here are examples of move and remove commands:

# apple_mv memo1.doc /var/av1/memos/oldmemos/
# apple_rm memo1.doc

The apple_mv command moves the memo1.doc file from the current directory to the oldmemos directory (moving attribute information from .AppleDouble to the new .AppleDouble directory). The apple_rm command deletes memo1.doc and removes its attribute information.

Sharing files with netatalk and Samba

A common practice if you have both Mac and Windows clients on the same network that need to share the same files is to have both Samba and netatalk configured to share the same volume (that is, set of directories). Before you do that, however, be aware of the following:

  • By default, creating files from Mac clients (on netatalk volumes) will make the files you create easiest to work with from the Mac.

  • You can hide files from Samba users with the veto option in AppleVolumes.default (From Linux, see the /usr/share/doc/netatalk*/doc/README.veto file.)

  • If you don't care about Mac attributes, you can set the noadouble option in the AppleVolumes.default file to create files without them.

  • Avoiding certain characters in your file and directory names can make it easier for you to share those items among different types of clients. When possible, avoid characters such as slash (/), backslash (\) and colon (:) when naming files. Also, wildcard characters such as asterisks (*) and pound signs (#) can cause problems.

  • The veto option for Samba (in smb.conf) can be used to hide Mac files (such as .AppleDouble directories) from Samba users.

Here's an example of a veto line you might want to add to your /etc/samba/smb.conf file. It prevents Samba users from accessing hidden netatalk-specific directories:

veto files = /.AppleDouble/.AppleDesktop/Network Trash
Folder/TheVolume/SettingsFolder

Here's a veto line you can add to your /etc/atalk/atalkd.conf file to keep netatalk users from getting at directories used by Samba:

veto: recycled/desktop.ini/Folder.htt/Folder Settings/

Here are a few issues related to veto options:

  • Get the upper- and lowercase letters right (the option is case-sensitive).

  • Type veto names completely. The veto feature doesn't support asterisks (*), brackets ([) and other wildcard characters to match multiple file names.

Printer Sharing

You can set up printer sharing using netatalk so that Mac clients using the standard AppleTalk print service (called Printer Access Protocol, or PAP) can print to your Linux computer. To do that, you must:

  • Configure a local Linux printer (see Chapter 17).

  • Set up the /etc/atalk/papd.conf file to point to that printer.

  • Restart the atalk service (or, more specifically, the papd daemon).

When a Mac client prints to a Linux printer configured in this way, the print job is handed to the standard Linux lpd daemon and put into a spool file for printing, along with Linux print jobs for the printer.

Note?

Mac OS X computers can print directly to Linux print services (CUPS or LPRng) without requiring netalk printing. Older Mac OS/9 clients, however, might need to see an AppleTalk printer that you set up in this way with netatalk.

The papd.conf file follows the same basic format as the /etc/printcap file (traditionally used for Linux printing). Here's an example of a printer configured in the papd.conf file:

LaserJet 2100M:\
              :pr=| /usr/bin/lpr -P hp01:\
              :pd=/etc/atalk/laserjet.ppd:\
              :op=root:\
              :am:uams_guest.so:

The printer in this example is named LaserJet2100M. To print the file from the Mac client, it takes the output file and pipes it to the lpr -P hp01 command (hp01 is the name of the local printer). The ppd file is /etc/atalk/laserjet.ppd. The root user is the operator, and guests are allowed to print to the printer (no password is needed).

The printer definition file (ppd) must be installed on both the netatalk server (at the location noted in the papd.conf file) and on the Mac client.

To test that the interface to your AppleTalk printer is working, use the pap command:

# pap -p LaserJet2100M /etc/hosts

The -p option identifies your netatalk printer. It this example, it prints a copy of your /etc/hosts file. Or, you can just check the status of the printer:

# papstatus -p LaserJet2100M

Troubleshooting netatalk

Several tools are available that enable you to see the status of your AppleTalk network. The aecho command can test whether a particular AppleTalk host computer is alive. The nbplkup command can be used to check out the services that are currently available on your AppleTalk network.

Note?

In general, AppleTalk should be used on trusted networks. If you are running a firewall on your netatalk server, however, you must open access to several ports for netatalk to work. In particular, you may need to open ports 548 (AFP over TCP/IP), 201 (AppleTalk routing), 202 (AppleTalk name binding), 204 (AppleTalk echo), and 206 (AppleTalk zones).

Use the aecho command (similar to the TCP/IP ping command) to check whether an AppleTalk host computer is alive. The aecho command sends an Apple Echo Protocol (aep) packet to the host you want to check. Here's an example:

# aecho toys
14 bytes from 65280.115: aep_seq=0. time=0, ms
14 bytes from 65280.115: aep_seq=1. time=0, ms
   
----65280.115 AEP Statistics----
2 packets sent, 2 packets received, 0% packet loss
round-trip (ms)  min/avg/max = 0/0/0

If the AppleTalk server is up and running, you can use the nbplkup command to see what printers and volumes are currently available. For large networks, you can limit the output of nbplkup by adding a share name or printer name (such as :hpjet), or by entering a host name (for example, toys). Here's an example:

# nbplkup :AFPServer
duck:AFPServer              65280.115:130
User Volume:AFPServer       65280.21:129
Guest Volume:AFPServer      65280.21:130

By querying for :AFPServer, nbplkup listed all AppleTalk file servers on the local network. The first one shown is from the host named duck. The second and third line were from the same computer (at address 65280.21), but were registered as separate servers.

After restarting your netatalk server, you can check that the daemons all started properly. The following are lines from the /var/log/messages file.

Mar 14 17:44:23 toys atalkd[2013]: zip_getnetinfo for eth0
Mar 14 17:44:33 toys atalkd[2013]: zip_getnetinfo for eth0
Mar 14 17:44:43 toys atalkd[2013]: config for no router
Mar 14 17:44:44 toys atalkd[2013]: ready 0/0/0
Mar 14 17:44:44 toys atalk: atalkd startup succeeded
Mar 14 17:44:57 toys atalk: papd startup succeeded
Mar 14 17:44:57 toys papd[2070]: restart (1.5.5)
Mar 14 17:44:57 toys atalk: afpd startup succeeded
Mar 14 17:45:03 toys afpd[2074]: toys:AFPServer@* started on
65280.96:128 (1.5.5)
Mar 14 17:45:03 toys afpd[2074]: ASIP started on 10.0.0.100:548(1)
(1.5.5)
Mar 14 17:45:03 toys afpd[2074]: uam: uams_clrtxt.so loaded
Mar 14 17:45:03 toys afpd[2074]: uam: uams_dhx.so loaded
Mar 14 17:45:03 toys afpd[2074]: uam: "DHCAST128" available
Mar 14 17:45:03 toys afpd[2074]: uam: "Cleartxt Passwrd" available

In the previous example, you can see that the atalk start-up script successfully started up the atalkd, papd, and afpd daemons. The atalkd daemon looks for AppleTalk network information on the first Ethernet interface (eth0). The papd daemon started, but had no printers to register. The afpd daemon started an AppleTalk file server on the server (toys:AFPServer). It then identified the user authentication methods (uams) that are available (both clear-text and encrypted passwords are available here).




Part IV: Red Hat Linux Network and Server Setup