After I installed OS X 10.5 Leopard on my Mac I was unable to connect to an AFP share I had on a Debian Etch server. Everything had worked like a charm in OS X 10.4 Tiger, but Leopard just refused to connect.
Evidently, the reason for this misbehavior is that Leopard requires the passwords to be encrypted while Tiger didn’t really care. Because of incompatible licenses, the version of Netatalk that comes with both Debian and Ubuntu is compiled without the DHX module needed to encrypt passwords, making it impossible for you to connect to your AFP shares using Leopard.
But fear not, the nerds of the interweb have come up with a way to solve this.
I found three guides (here, here and here), but none of them solved my problem on their own. After dicking around with all three of them for a while, however, I was once again able to connect to my beloved AFP share. Here’s a quick and dirty guide to what I think I did – unfortunately, I didn’t write down the exact steps – so it’s mostly guesswork.
You’ll have to compile a new version of Netatalk with the DHX module. Maybe it’ll work for you, maybe it won’t. If you’re having problems, have a look at the three other guides mentioned above.
First, log in to your Linux box (Debian or Ubuntu) and execute the following commands:
$ su $ cd /usr/src $ apt-get source netatalk $ apt-get install devscripts fakeroot openssl cracklib2 dpkg-dev $ apt-get install libpam-cracklib cracklib2-dev libssl-dev $ apt-get build-dep netatalk
You’ve now installed everything that should be necessary to compile a new version of Netatalk. Perhaps you had some of the packages already, perhaps you need to install another few packages to get it to work. If you have to, you will normally see quite clearly what kind of files you’re missing from the compiler’s output when we start the compile (which is the next step below). Use Google to find the name of the missing package, apt-get to install it and restart the compiling process.
Some of the packages above might not be available in the file sources currently scanned by apt-get. If that is the case, you have to edit /etc/apt/sources.list and add the correct sources and run apt-get update before trying to install the missing package. Again, use Google to find the correct sources for your missing packages.
Now that you have (hopefully) installed all the necessary packages, let’s get on with it our Netatalk challenge:
$ cd netatalk-2.0.3 $ DEB_BUILD_OPTIONS=ssl debuild
A lot of text will fly by, when it’s done you might get an error message about missing keys or something similar. Ignore it, install the new package and clean up the source and compiler mess we’ve made:
$ debi $ rm -dfR netatalk*
The new version of Netatalk should now be installed on your Linux box, but you will not be able to connect to it from Leopard just yet. Let’s poke around in the Netatalk configuration file.
$ vi /etc/netatalk/afpd.conf
If you have not made any changes to this file before, the very last line should say
#- -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword
Remove the # and write-quit vi with :wq, then restart netatalk.
$ /etc/init.d/netatalk restart
You should now be able to connect to the AFP share from Leopard.
The final thing you should do is to prevent apt-get from updating the Netatalk package whenever you run apt-get update. This is done with the following command:
$ echo "netatalk hold" | sudo dpkg --set-selections
Keep in mind, though, that if Netatalk is actually updated by the maintainers, your old version will not be updated with apt-get update. If you’re still having problems, consult the three other guides listed above or use Google. Google is your friend.