So, I have been working through building and using netatalk 2.3 on Debian 12 (bookworm) on my Mac mini server. I will share my progress so far and carry on discussions here:
So far I have:
- Successfully cloned out the 2.3 branch, built it and installed it.
- N.B.: if you are a little confused about running
./configureafter cloning or un-tarballing the netatalk source because it doesn’t exist, then you need to first run./bootstrapin the root folder of the netatalk source to bootstrap your build environment. - If you are building for Debian 12 you are best advised to use the
--enable-systemdflag. This should add the daemons to systemd and enable them for you. - For proper system user integration, it is highly advisable to install
libpam0g-devheaders and configure your netatalk build with flag--with-pam
- N.B.: if you are a little confused about running
- I have setup the config files needed for
afpdandatalkd- N.B.:
netatalk.confis not used if you use systemd, so don’t worry about configuring that.
- N.B.:
- Setup both ‘default’ (via AppleVolumes.default) and user-based shares (via AppleVolumes in a user directory)
- After working through a few wrinkles with rdmark, I have authentication working on OS9 and late macOS (v12) using
uam_clrtxt,uam_randnumanduam_dhx2which offers the best breadth of compatibility at the cost of some security (clrtxt and randnum are probably not suitable for production environments without additional precautions!).- N.B.: DHX (distinct from DHX2 which is unaffected) encryption is the preferred strong encryption for late versions of Mac OS Classic and also early OSX, but it is incompatible with OpenSSL 3.x as used in Debian 12, so will fail if enabled. It can be removed from the uamlist in
afpd.conf
"MyServer" -transall -uamlist uams_clrtxt.so,uams_dhx.so,uams_dhx2.so
Removeuams_dhx.sopart if it is present to leave:
"MyServer" -transall -uamlist uams_clrtxt.so,so,uams_dhx2.so - If you are using randnum you will need to manually curate the user/password list using
afppasswd(see man pages andafppasswd -hfor details)
- N.B.: DHX (distinct from DHX2 which is unaffected) encryption is the preferred strong encryption for late versions of Mac OS Classic and also early OSX, but it is incompatible with OpenSSL 3.x as used in Debian 12, so will fail if enabled. It can be removed from the uamlist in
- I have discovered that some OSX/macOS version (I am using Monterey / v12 to test) seem to auto-authenticate by some mechanism if the usernames match. I am unsure if the passwords need to match also, maybe @rdmark can shed some light on this
TO DO:
I still need to get AFP over DDP (classic Appletalk sharing) to work but I have some ideas to try.- Work out why AppleTalk authentication isn't working right atm in OS 9.2.2 (via randnum)
- When viewing the shares I am seeing
._Filename.extfiles, It’d be neat if these could be hidden and copied seamlessly, but not critical - If work out the wrinkles and I’m feeling brave I might try to reproduce this on my TrueNAS SCALE NAS box (also Debian based)
Last edited:
