Netatalk 4.0 - Future-proofing Apple File Sharing

rdmark

Moderator
Staff member
Oct 3, 2021
164
230
43
Heads-up that netatalk 4.0.0 is available now as a Debian Sid package. If you add the unstable repo to your package manager you can install it. Although I haven’t tested if all dependencies can be resolved on stable Bookworm or not. At the very least it works great on the latest Testing snapshot (the future Debian Trixie).

Since the netatalk suite is massively sprawling, I created this atomic package structure:

- netatalk — the AFP file server
- netatalk-tools — the various sysadmin tools and scripts
- netatalk-doc — the html manual
- libatalk — the shared library (used by all binaries)
- libatalk-dev — development headers
- atalkd — the AppleTalk controller daemon + sundry AppleTalk network tools
- papd — printer daemon and LocalTalk printing tools
- timelord — time server daemon
- a2boot — Apple II netboot daemon
- macipgw —MacIP gateway daemon

The dependency and recommends should be set up properly so that apt will pull the packages that you need and want.

One neat thing about this structure is that you can install only the AFP server or only the AppleTalk networking suite if you only want, say, the papd print server and nothing else. They all depend on the libatalk shared library but that’s it.

If you run into a dependency bug please let me know!
 

Mk.558

New Tinkerer
Nov 11, 2023
56
10
8
I plan on testing Netatalk 4.0 in a VM instance in the near future. I hope I don't have to make my own NAT table for macipgw.
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
230
43
If you have a NAS device from a major vendor (Synology, etc.), chances are you've used Netatalk without even realizing it.
In fact, up until about 2 years ago Synology was still contributing patches for security bugs. Many of the commercial solutions have dropped AFP / Netatalk from their firmwares in recent years, unfortunately. If you are a NAS user, please try to convince the vendor to add it back. :)
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
230
43
I plan on testing Netatalk 4.0 in a VM instance in the near future. I hope I don't have to make my own NAT table for macipgw.
It is likely that you will have to configure your own NAT table.

I started drafting a wiki page with guidance here: https://github.com/Netatalk/netatalk/wiki/MacIP-Gateway

Still in early stages…

Step one is to make sure you are using a Linux kernel without known AppleTalk bugs. Particularly the pesky DDP packet filtering “feature”. Version 6.9 or later is recommended.
 

KennyPowers

Active Tinkerer
Jun 27, 2022
281
319
63
In fact, up until about 2 years ago Synology was still contributing patches for security bugs. Many of the commercial solutions have dropped AFP / Netatalk from their firmwares in recent years, unfortunately. If you are a NAS user, please try to convince the vendor to add it back. :)

I have a Synology DS220+ NAS that was running Netatalk 3 out of the box, but it doesn't play nice with some of my older macs (system 9.2.2 can see it, but system 7 can't). I recently decided to try turning off the built in AFP support (Netatalk 3) and install Netatalk 4 using the docker image. However, I'm getting the socket: Address family not supported by protocol error when starting a container, suggesting that this Synology NAS doesn't have AppleTalk support in the kernel. Indeed:

Bash:
user@NAS:~$ lsmod | grep appletalk
user@NAS:~$

I guess that means it's probably not going to be feasible to get DDP support on this Synology device?
 

Mk.558

New Tinkerer
Nov 11, 2023
56
10
8
It is likely that you will have to configure your own NAT table.

I started drafting a wiki page with guidance here: https://github.com/Netatalk/netatalk/wiki/MacIP-Gateway

Still in early stages…

Step one is to make sure you are using a Linux kernel without known AppleTalk bugs. Particularly the pesky DDP packet filtering “feature”. Version 6.9 or later is recommended.

Ahhh much thanks, I'll try to remember this when I try again soon this week. Those heroes who dumped all those Apple TIL/KB articles know how to keep me busy :)

Made a post about Netatalk 4.0 on 68kmla.
 
  • Love
Reactions: rdmark

rdmark

Moderator
Staff member
Oct 3, 2021
164
230
43
I have a Synology DS220+ NAS that was running Netatalk 3 out of the box, but it doesn't play nice with some of my older macs (system 9.2.2 can see it, but system 7 can't). I recently decided to try turning off the built in AFP support (Netatalk 3) and install Netatalk 4 using the docker image. However, I'm getting the socket: Address family not supported by protocol error when starting a container, suggesting that this Synology NAS doesn't have AppleTalk support in the kernel. Indeed:

Bash:
user@NAS:~$ lsmod | grep appletalk
user@NAS:~$

I guess that means it's probably not going to be feasible to get DDP support on this Synology device?
Is the device running a Linux based operating system? You could always attempt to compile your own kernel for it.
 

KennyPowers

Active Tinkerer
Jun 27, 2022
281
319
63
Is the device running a Linux based operating system? You could always attempt to compile your own kernel for it.
It is, but what little info I've been able to find on compiling your own kernel for it makes it sound like more trouble than it's worth. Maybe I'll just run Netatalk on a Pi and have the Pi mount the NAS storage via NFS 🤔
 

reasonsandreasons

New Tinkerer
Nov 26, 2023
5
0
1
If your Synology supports VMM you could also run a compatible Linux (or BSD) in a VM. Pi's probably easier if you have one already, but if you have the performance to spare the VM's cheaper.
 

V.Yakob

Tinkerer
Sep 6, 2023
63
26
18
I went this route and it's working beautifully. All of my Macs back to System 7.1 can now access my Synology NAS using a Pi running Netatalk4 as a bridge (y)
What is written in your uam list and what version of the AppleShare extension is used? :unsure:

I have never been able to connect to the AFP directory from older versions of AppleShare due to problems with authentication, even Mac OS 8.6, without updating the extension from 9.2.2 does not allow to connect.

I have it written like this:
Code:
uam list = uams_dhx.so uams_dhx2.so
 

KennyPowers

Active Tinkerer
Jun 27, 2022
281
319
63
What is written in your uam list and what version of the AppleShare extension is used? :unsure:

I have never been able to connect to the AFP directory from older versions of AppleShare due to problems with authentication, even Mac OS 8.6, without updating the extension from 9.2.2 does not allow to connect.

I have it written like this:
Code:
uam list = uams_dhx.so uams_dhx2.so
I used the Netatalk Docker image and didn't enable the "INSECURE_AUTH" environment variable. So, looking at the Docker image's entrypoint script:

1729868621240.png


it looks like my uam list is:
Code:
uams_dhx.so uams_dhx2.so uams_randnum.so

Where would I check the version of the AppleShare extension? Is this what you mean?

1729868796994.png
 
  • Like
Reactions: V.Yakob

rdmark

Moderator
Staff member
Oct 3, 2021
164
230
43
@KennyPowers, Yes, that's what was meant.
I will try "uams_randnum.so" soon, thanx.
Yes, the Random Number UAM works great with any AppleShare client on System Software 7.1 (and 6.0.x too I think). The only caveat is that you have to use the "afppasswd" tool to create a special AFP password for your user. The Docker image takes care of that automatically, but if you're managing your own Netatalk installation you have to take care of it yourself. See the manual page for "afppasswd" for more info. It's a few simple commands and you should be golden.
 
  • Like
Reactions: V.Yakob

V.Yakob

Tinkerer
Sep 6, 2023
63
26
18
@rdmark, Should AppleTalk work on macOS?

The assembly was performed with the keys from the instructions,

Code:
meson setup build \
  -Dbuildtype=release \
  -Dwith-appletalk=true \
  -Dwith-tests=true \
  -Dwith-testsuite=true

But it seems that editing the /opt/homebrew/etc/atalkd.conf file does not affect in any way. Moreover, after adding to /opt/homebrew/etc/afp.conf, a message appears in the log:
Code:
Oct 26 22:19:50.083287 afpd[41234] {afp_config.c:215} (note:AFPDaemon): AppleTalk support disabled. Is atalkd running?

If you try to run it manually, it's also a failure

Code:
% sudo atalkd -f /opt/homebrew/etc/atalkd.conf  
socket: Address family not supported by protocol family
socket: Address family not supported by protocol family
atalkd: can't get interfaces, exiting.
 

V.Yakob

Tinkerer
Sep 6, 2023
63
26
18
@rdmark It turns out that you can assemble the package on macOS without this key (-Dwith-appletalk=true), because it doesn't make sense?
 

rdmark

Moderator
Staff member
Oct 3, 2021
164
230
43
@rdmark It turns out that you can assemble the package on macOS without this key (-Dwith-appletalk=true), because it doesn't make sense?
It's a fair point, I can see how it's misleading. Those instructions double as our continuous integration scripts, and building the AppleTalk code on macOS has value as a smoke test even though we cannot actually run it there. I hold up hope that someone will launch a full-featured userspace AppleTalk driver for macOS one of these days. :)
 

KennyPowers

Active Tinkerer
Jun 27, 2022
281
319
63