How to get AFP to work with Netatalk in OS X Leopard

After I installed OS X 10.5 Leopard on my Mac I was unable to connect to an AFP share I had on a Debian Etch server. Everything had worked like a charm in OS X 10.4 Tiger, but Leopard just refused to connect.

Evidently, the reason for this misbehavior is that Leopard requires the passwords to be encrypted while Tiger didn’t really care. Because of incompatible licenses, the version of Netatalk that comes with both Debian and Ubuntu is compiled without the DHX module needed to encrypt passwords, making it impossible for you to connect to your AFP shares using Leopard.

But fear not, the nerds of the interweb have come up with a way to solve this.

I found three guides (here, here and here), but none of them solved my problem on their own. After dicking around with all three of them for a while, however, I was once again able to connect to my beloved AFP share. Here’s a quick and dirty guide to what I think I did - unfortunately, I didn’t write down the exact steps - so it’s mostly guesswork.

You’ll have to compile a new version of Netatalk with the DHX module. Maybe it’ll work for you, maybe it won’t. If you’re having problems, have a look at the three other guides mentioned above.

First, log in to your Linux box (Debian or Ubuntu) and execute the following commands:

cd /usr/src
apt-get source netatalk
apt-get install devscripts fakeroot openssl cracklib2 dpkg-dev
apt-get install libpam-cracklib cracklib2-dev libssl-dev
apt-get build-dep netatalk

You’ve now installed everything that should be necessary to compile a new version of Netatalk. Perhaps you had some of the packages already, perhaps you need to install another few packages to get it to work. If you have to, you will normally see quite clearly what kind of files you’re missing from the compiler’s output when we start the compile (which is the next step below). Use Google to find the name of the missing package, apt-get to install it and restart the compiling process.

Some of the packages above might not be available in the file sources currently scanned by apt-get. If that is the case, you have to edit /etc/apt/sources.list and add the correct sources and run apt-get update before trying to install the missing package. Again, use Google to find the correct sources for your missing packages.

Now that you have (hopefully) installed all the necessary packages, let’s get on with it our Netatalk challenge:

cd netatalk-2.0.3

A lot of text will fly by, when it’s done you might get an error message about missing keys or something similar. Ignore it, install the new package and clean up the source and compiler mess we’ve made:

rm -dfR netatalk*

The new version of Netatalk should now be installed on your Linux box, but you will not be able to connect to it from Leopard just yet. Let’s poke around in the Netatalk configuration file.

vi /etc/netatalk/afpd.conf

If you have not made any changes to this file before, the very last line should say

#- -transall -uamlist, -nosavepassword

Remove the # and write-quit vi with :wq, then restart netatalk.

/etc/init.d/netatalk restart

You should now be able to connect to the AFP share from Leopard.

The final thing you should do is to prevent apt-get from updating the Netatalk package whenever you run apt-get update. This is done with the following command:

echo "netatalk hold" | sudo dpkg --set-selections

Keep in mind, though, that if Netatalk is actually updated by the maintainers, your old version will not be updated with apt-get update. If you’re still having problems, consult the three other guides listed above or use Google. Google is your friend.


Do you have any thoughts you want to share? A question, maybe? Or is something in this post just plainly wrong? Then please send an e-mail to vegard at vegard dot net with your input. You can also use any of the other points of contact listed on the About page.


It looks like you're using Google's Chrome browser, which records everything you do on the internet. Personally identifiable and sensitive information about you is then sold to the highest bidder, making you a part of surveillance capitalism.

The Contra Chrome comic explains why this is bad, and why you should use another browser.