Netatalk 4.0 - Future-proofing Apple File Sharing

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
No error. Now to re-enter that all in line by line...

Screenshot at 2024-11-05 20-37-57.png

edit: Launched successfully with command line launch rather than the script. Problem is Fetch still says illegal PORT command from the server, so there must be a problem somewhere.
 
Last edited:

rdmark

Moderator
Staff member
Oct 3, 2021
164
231
43
More updates. Newly compiled 4.0.4 under Mint 22 once again.

No issues with the netatalk file server feature. I compiled for Webmin and got it all set up first, then built & compiled Netatalk. Seems like the Webmin module is still in beta status though:

View attachment 18549View attachment 18550

First image is after doing something simple, like changing the log file location. Simply errors out after saving.
Second image is today. Can't log in to it.

My immediate thought here is that Mint may not include the Perl libraries required by Webmin by default. Or shipping a Perl version that doesn't understand the double dollar sign notation... both seem unlikely though.

Anyhow, both errors are at lines in the codebase with double dollar sign notation, so the dereferencing of the pointer variable to the array data structure representing afp.conf is failing.

What does your afp.conf look like when this error is happening? Perhaps there's something in your afp.conf that when parsed by Perl turns into an invalid data structure. If we can find out what's triggering this, we can improve the error handling.
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
231
43
No error. Now to re-enter that all in line by line...

View attachment 18553

edit: Launched successfully with command line launch rather than the script. Problem is Fetch still says illegal PORT command from the server, so there must be a problem somewhere.
Can you please run macipgw with debug output enabled and share the logs? The debug info was very helpful to me when I was having issues on Debian Testing. It will tell you exactly what is happening in the tunnel, data sent and received, etc.
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
Sure. afp.conf:

Code:
;
; Netatalk 4.x configuration file
;

[Global]
; Global server settings
log level = default:debug
log file = /var/log/netatalk.log
uam list = uams_dhx2.so uams_dhx.so uams_clrtxt.so uams_guest.so
appletalk = yes

[Homes]

basedir regex = /home

; [My AFP Volume]
; path = /path/to/volume

; [My Time Machine Volume]
; path = /path/to/backup
; time machine = yes

[Downloads Folder]
path = /home/flake/Downloads
vol size limit = 2047

Certain clients will hang or crash trying to load ~/. I've seen it before with certain clients, but I can certainly reproduce it with PC MacLAN v9. Hence the extra share directory as a fallback.

Code:
flake@flake-VirtualBox:~$ perl -v

This is perl 5, version 38, subversion 2 (v5.38.2) built for x86_64-linux-gnu-thread-multi

(with 44 registered patches, see perl -V for more detail)

Dunno.

macipgw log. 7.1 with OT 1.3 copying 1 file from a 10.4 Tiger system, tried to FTP to the 10.4 machine, said illegal PORT command rejected, then tried to ftp to ftp.belnet.be. That timed out.

edit: ugh this weird, macipgw-VM from MacIP.net doesn't work either...
 

Attachments

  • macipgwlog1.txt
    400.1 KB · Views: 15
Last edited:

rdmark

Moderator
Staff member
Oct 3, 2021
164
231
43
@Mk.558 I have found a fix for the webmin module bug. This is something I broke in the latest version because I tried to do "clever" path substitution in the build system to present the user with the actual default paths to the UAM libs as well as the afppasswd shadow file. However, this clearly broke the Perl code in insidious ways. Probably because Perl contains healthy amounts of @ symbols, which we also use for substitution in the build system. Not a good combination.

Fix here: https://github.com/Netatalk/netatalk/pull/1736

Regarding macipgw, are you by any chance running it on 64 bit ARM systems right now? I found one bug with aarch64, and there may be more. But if you're running Intel only, then never mind.
 

NJRoadfan

New Tinkerer
Feb 6, 2022
27
6
3
Don't nest shares in afp.conf. This will cause problems down the road, particularly with permissions. I can setup PCMacLan 9.0 to test for problems if needed.

FTP is not NAT friendly and will fail in many cases behind one. Make sure "PASSIVE" mode is enabled. Some clients may detect a problem and fall back to this mode, but some do not. Connecting to AFP servers via MacIP is a good test and appears NAT friendly. You should be able to connect to the host's afpd via TCP/IP, or one over the Internet like Captain's Quarters.
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
Appreciate the pointers. Can you clarify the nesting of shares?

AFP over TCP works fine, so yeah I'll poke around a bit more over the weekend.

PC MacLAN v9 is really easy to set up in a Windows XP VM. As long as you have it set to Bridged Adapter you shouldn't have any problems. I noticed sluggish performance, particularly with AFP over TCP, but it does work. It has some limitations with OS X, particularly beyond 10.3 Panther.

rdmark: I'm running it on a AMD 3rd generation processor. I can try a Mac mini 6,2 if you desire an Intel host.

The only time I had webmin working properly was with Netatalk 4.0.1. 4.0.3 didn't work either with webmin. However with 4.0.1 I just said "sure ok" with the all the dependencies rather than picking out what I wanted (as earlier with #55).
 

NJRoadfan

New Tinkerer
Feb 6, 2022
27
6
3
Sharing a sub-directory of another folder that is already being shared is nesting.

share1=/home/userfolder
share2=/home/userfolder/anotherfolder

I have PCMacLan 9.1.1 running in a XP VM. It seems to work fine over both AppleTalk and TCP/IP and Netatalk 4.0.4 with user home directory shares enabled. It IDs as an AFP3.1 client and server, but doesn't seem to support the DHX UAM, only RandNum.
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
You have version 9.1.1? nice, I only found 9.0.1 at the latest. Must have missed an updater or something somewhere.

pcmaclan.png

That's what I get trying to mount ~/.

Tried macipgw with NetPresenz 4.1, can log in but can't list files, eventually times out. Logged into macipgw-vm's FTP server, worked briefly, then bombed Fetch. I don't think Fetch specifically supports passive mode FTP? You can send a command to the server, but...idk. The illegal PORT command is, as far as I can tell, native to BSD/OS X's authentication thing. The bottom of the $ man ftpd page talks about it briefly.

HTTP seems to work OK though. I'm trying to think though, what could be done to make it better? Is most of the problems with it NAT related?
 

NJRoadfan

New Tinkerer
Feb 6, 2022
27
6
3
Try directly connecting to the server via TCP/IP under "Miramar AppleTalk Network->AppleShare IP Network->Add a new IP Server". That completely bypasses AppleTalk from the handshake. Note that currently trying to connect via AppleTalk will limit the connection to AFP2.2.

Either way, I'm not seeing this issue at all on my test setup. This would require a network trace to diagnose.
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
I still get the error. rofl

It says ...

\\Appleshare IP [email protected]
The file server's connection has unexpectedly closed down.

Mildly curious though, the AFP version or connection type (i.e. via AppleTalk or IP) shouldn't really matter. I had the same issue with System 3.3/Finder 5.4 on Netatalk 2.1.6.

I'm also unable to get a script going for macipgw, as mentioned earlier, so that's definitely a rocky road to go down.
 

NJRoadfan

New Tinkerer
Feb 6, 2022
27
6
3
The issue with System 3.3/Finder 5.4 was likely due to the AFPGetSrvrInfo packet being too large. That has been fixed with Netatalk 4.0.3.

Something isn't working right here because PCMacLan shouldn't have any trouble connecting as an AFP3.1 compatible client.
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
heh sorry I can't be of further help other than "it doesn't work for me". Do you by chance have 9.0.1 on hand?

Even then it's a relatively minor, but potential issue. There's bigger fish in the water, such as macipgw. As of right now, I don't think I can particularly recommend it. I have full reason to believe that NAT is the culprit not macipgw, because the source code shows it's pretty straightforward (although i understand very little of the source code). I can install wireshark on the Mint box...heck, ... I got enough time, let's see what I get.

PM sent to NJRoadfan and rdmark with log and wireshark capture.
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
231
43
@Mk.558 May I suggest we move this troubleshooting thread to GitHub Discussions?


This would help to keep the various talking points organized, and easily converted to issue tickets if needed.
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
231
43
@JDW The website landing page has been updated a bit, using some of your suggestions and verbiage.

Please let me know if you agree that this makes it a bit clearer what the purpose and use case for Netatalk is. I deliberately kept some technical jargon to appeal to the sysadmin crowd. Further down the page there are a few paragraphs on how to configure and connect to a file server.

The one big improvement area right now is what do to about the Feature matrix. To your point, someone who doesn't already know what all of those Apple technologies are, will have very little context or motivation to understand the selling point. At the same time, I want to have a clean feature list for reference somewhere. But maybe not the landing page. I will keep noodling on this for a while.

Thanks again for the feedback!

1731849810461.png
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
That's great: I assume it's updated dynamically?

squints...Arch Linux...pacman...where is it...

Suggestions: "Below is an overview of the capabilities and bundled utilities that Netatalk provides. " should have a "with the latest version" because some of the package managers are providing older versions, not compatible with current 4.0 capabilities.

When it says "Arrange a C compiler" -- I'm confused about meson and gcc. Is it built by gcc or meson?
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
231
43
That's great: I assume it's updated dynamically?

I'm pulling in badges from repology.org that will automatically update when a new version gets packaged.

squints...Arch Linux...pacman...where is it...

Suggestions: "Below is an overview of the capabilities and bundled utilities that Netatalk provides. " should have a "with the latest version" because some of the package managers are providing older versions, not compatible with current 4.0 capabilities.

Will do. Or, I might bring back the version comparison table again. This is what I originally had there.

When it says "Arrange a C compiler" -- I'm confused about meson and gcc. Is it built by gcc or meson?

Ah, pardon, gcc is the compiler, and Meson is the build system. A build system basically orchestrates the compiler.
 

JDW

Administrator
Staff member
Founder
Sep 2, 2021
1,658
1,416
113
53
Japan
youtube.com
@JDW The website landing page has been updated a bit, using some of your suggestions and verbiage.
Please let me know if you agree that this makes it a bit clearer what the purpose and use case for Netatalk is.
Much clearer. An excellent textual improvement, to be sure. Great job!

Please note the spelling error here:
1731889881914.png


Should be spelled: specification
(Not trying to be overly critical but instead helpful, pointing out the obvious.)


My new suggestion pertains to helping newbies understand the following:

1) why there are 3 ways to install the software, and

2) what the advantages/disadvantages are to each of the 3 methods

I suggest adding text to explain that because I myself have no idea and am quite curious.
 

Mk.558

New Tinkerer
Nov 11, 2023
60
11
8
There's 3 ways of installing it because there's 3 ways of installing it.

From repository, that's fine as long as what they specify in the build specs matches what you want. For example, in Netatalk 2.1 era days, not all the repositories would have it built with AppleTalk enabled. If it wasn't, you'd have to build from source.

The container image thing is for Docker. I don't know anything about Docker other than I don't need it.

Building from source isn't really that hard, and makes sure you get what you want.
 
  • Like
Reactions: JDW

JDW

Administrator
Staff member
Founder
Sep 2, 2021
1,658
1,416
113
53
Japan
youtube.com
...in Netatalk 2.1 era days, not all the repositories would have it built with AppleTalk enabled. If it wasn't, you'd have to build from source.
Thank you.
That is the kind of concise info I was suggesting be added for clarity.
"Why build from the source? So you can enable AppleTalk, which isn't enabled in pre-built packages."

If it is not added, it's perfectly fine. I am just making a suggestion for newbies like myself who tend to get lost easily without a little extra helpful info inline with multiple downloads.