by

How to get AFP to work with Netatalk in OS X Leopard.

After I installed OS X 10.5 Leopard on my Mac I was unable to connect to an AFP share I had on a Debian Etch server. Everything had worked like a charm in OS X 10.4 Tiger, but Leopard just refused to connect.

Evidently, the reason for this misbehavior is that Leopard requires the passwords to be encrypted while Tiger didn’t really care. Because of incompatible licenses, the version of Netatalk that comes with both Debian and Ubuntu is compiled without the DHX module needed to encrypt passwords, making it impossible for you to connect to your AFP shares using Leopard.

But fear not, the nerds of the interweb have come up with a way to solve this.

I found three guides (here, here and here), but none of them solved my problem on their own. After dicking around with all three of them for a while, however, I was once again able to connect to my beloved AFP share. Here’s a quick and dirty guide to what I think I did – unfortunately, I didn’t write down the exact steps – so it’s mostly guesswork.

You’ll have to compile a new version of Netatalk with the DHX module. Maybe it’ll work for you, maybe it won’t. If you’re having problems, have a look at the three other guides mentioned above.

First, log in to your Linux box (Debian or Ubuntu) and execute the following commands:

$ su
$ cd /usr/src
$ apt-get source netatalk
$ apt-get install devscripts fakeroot openssl cracklib2 dpkg-dev
$ apt-get install libpam-cracklib cracklib2-dev libssl-dev
$ apt-get build-dep netatalk

You’ve now installed everything that should be necessary to compile a new version of Netatalk. Perhaps you had some of the packages already, perhaps you need to install another few packages to get it to work. If you have to, you will normally see quite clearly what kind of files you’re missing from the compiler’s output when we start the compile (which is the next step below). Use Google to find the name of the missing package, apt-get to install it and restart the compiling process.

Some of the packages above might not be available in the file sources currently scanned by apt-get. If that is the case, you have to edit /etc/apt/sources.list and add the correct sources and run apt-get update before trying to install the missing package. Again, use Google to find the correct sources for your missing packages.

Now that you have (hopefully) installed all the necessary packages, let’s get on with it our Netatalk challenge:

$ cd netatalk-2.0.3
$ DEB_BUILD_OPTIONS=ssl debuild

A lot of text will fly by, when it’s done you might get an error message about missing keys or something similar. Ignore it, install the new package and clean up the source and compiler mess we’ve made:

$ debi
$ rm -dfR netatalk*

The new version of Netatalk should now be installed on your Linux box, but you will not be able to connect to it from Leopard just yet. Let’s poke around in the Netatalk configuration file.

$ vi /etc/netatalk/afpd.conf

If you have not made any changes to this file before, the very last line should say

#- -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword

Remove the # and write-quit vi with :wq, then restart netatalk.

$ /etc/init.d/netatalk restart

You should now be able to connect to the AFP share from Leopard.

The final thing you should do is to prevent apt-get from updating the Netatalk package whenever you run apt-get update. This is done with the following command:

$ echo "netatalk hold" | sudo dpkg --set-selections

Keep in mind, though, that if Netatalk is actually updated by the maintainers, your old version will not be updated with apt-get update. If you’re still having problems, consult the three other guides listed above or use Google. Google is your friend.

Write a Comment

Comment

CAPTCHA ImageChange Image

  1. Thanks for the write-up. Worked like a charm. Afterwards I continued to get the “connection failed” messages in Leopard, but clicking the little “connect as” button and re-entering my password fixed that.

  2. continue to have a problem trying to install libssl-dev:

    The following packages have unmet dependencies:
    libssl-dev: Depends: zlib1g-dev but it is not going to be installed
    E: Broken packages

    but the problem continues to drill down further as you get a similar error when trying to install zlib1g-dev

    anyone else encounter this issue?

  3. I’ve been trying to install Netatalk as instructed but the installation fails.

    After building the package and running debi I get errors about “Unknown host”. Until this everything goes fine.

    “Preparing to replace netatalk 2.0.3-6ubuntu1 (using netatalk2.0.3-6ubuntu1amd64.deb) …
    hostname: Unknown host
    invoke-rc.d: initscript netatalk, action “stop” failed.”

    …and so on.

    When tryint to run netatalk start, restart or stop commands manually, I get the same error about unknown host.

    I haven’t managed to found any solution for this. My box has a hostname in /etc/hostname

    I’m using Ubuntu 7.10 64-bit version.