Ubuntu Feisty 7.04 manual page repository

Ubuntu is a free computer operating system based on the Linux kernel. Many IT companies, like DeployIS is using it to provide an up-to-date, stable operating system.

afpd(8) to determine the setup of its file sharing services

DESCRIPTION

        /etc/netatalk/afpd.conf is the  configuration  file  used  by  afpd  to
        determine  the behavior and configuration of the different virtual file
        servers that it provides.
 
        Any line not prefixed with # is interpreted.  The  configuration  lines
        are  composed like: server name [ options ] If a - is used instead of a
        server name, the default server is  specified.  Server  names  must  be
        quoted  if  they contain spaces. They must not contain ":" or "@".  The
        path name must be a fully qualified path name, or  a  path  name  using
        either  the  ~  shell  shorthand  or any of the substitution variables,
        which are listed below.
 
               Note
 
               Each server has to be configured on a single line.
 
        The possible options and their meanings are:
        -defaultvol [path]
               Specifies  path  to  AppleVolumes.default   file   (default   is
               /etc/netatalk/AppleVolumes.default).
 
        -systemvol [path]
               Specifies   path   to   AppleVolumes.system   file  (default  is
               /etc/netatalk/AppleVolumes.system).
 
        -[no]uservol
               Enables or disables reading of  the  users’  individual  volumes
               file entirely.
 
        -[no]uservolfirst
               Enables  or  disables  reading  of the users’ individual volumes
               file before processing the global AppleVolumes.default file.
        -uamlist [uams list]
               Comma   separated   list    of    UAMs.    (The    default    is
               uams_clrtxt.so,uams_dhx.so).
 
               The most commonly used UAMs are:
 
               uams_guest.so
                      allows guest logins
 
               uams_clrtxt.so
                      (uams_pam.so  or  uams_passwd.so) Allow logins with pass‐
                      words transmitted in the clear.
 
               uams_randum.so
                      allows Random Number and Two-Way Random  Number  Exchange
                      for  authentication  (requires a separate file containing
                      the passwords, either /etc/netatalk/afppasswd file or the
afppasswd(1)  for
                      details
 
               uams_dhx.so
                      (uams_dhx_pam.so     or     uams_dhx_passwd.so)     Allow
                      Diffie-Hellman eXchange (DHX) for authentication.
 
               uam_gss.so
                      Allow Kerberos V for authentication (optional)
 
        -uampath [path]
               Sets  the  default  path  for  UAMs  for this server (default is
               /etc/netatalk/uams).
 
        -k5keytab [path], -k5service [service], -k5realm [realm]
               These are required if the server supports the Kerberos 5 authen‐
               tication UAM.
        With  OS  X  Apple introduced the AFP3 protocol. One of the big changes
        was, that AFP3 uses Unicode names encoded as UTF-8 decomposed. Previous
        AFP/OS versions used codepages like MacRoman, MacCentralEurope, etc.
 
        To be able to serve AFP3 and older clients at the same time, afpd needs
        to be able to convert between  UTF-8  and  Mac  codepages.  Even  OS  X
        clients  partly  still  rely  on codepages. As there’s no way, afpd can
        detect the codepage a pre AFP3 client uses,  you  have  to  specify  it
        using the -maccodepage option. The default is MacRoman, which should be
        fine for most western users.
 
        As afpd needs to interact with unix operating system as well, it need’s
        to  be  able to convert from UTF-8/MacCodepage to the unix codepage. By
        default afpd uses the systems LOCALE, or ASCII if your  system  doesn’t
        support  locales. You can set the unix codepage using the -unixcodepage
        option. If you’re using extended characters in the configuration  files
        for afpd, make sure your terminal matches the -unixcodepage.
 
        -unixcodepage [CODEPAGE]
               Specifies  the  servers  unix  codepage,  e.g.  "ISO-8859-15" or
               "UTF8". This is used to  convert  strings  to/from  the  systems
               locale,  e.g.  for  authenthication,  server messages and volume
               names. Defaults to LOCALE if your system supports it,  otherwise
               ASCII will be used.
 
        -maccodepage [CODEPAGE]
               Specifies  the  mac  clients codepage, e.g. "MAC_ROMAN". This is
               used to convert strings and filenames to  the  clients  codepage
               for  OS9  and  Classic, i.e. for authentication and AFP messages
               (SIGUSR2 messaging). This will also be the default for the  vol‐
               umes maccharset. Defaults to MAC_ROMAN.
        -loginmaxfail [number]
               Sets  the  maximum  number of failed logins, if supported by the
               UAM (currently none)
 
        -passwdfile [path]
               Sets the path to the Randnum UAM passwd  file  for  this  server
               (default is /etc/netatalk/afppasswd).
 
        -passwdminlen [number]
               Sets the minimum password length, if supported by the UAM
 
        -[no]savepassword
               Enables  or  disables  the  ability of clients to save passwords
               locally
 
        -[no]setpassword
               Enables or disables the ability of clients to change their pass‐
               words via chooser or the "connect to server" dialog
        -[no]ddp
               Enables  or disables AFP-over-Appletalk. If -proxy is specified,
               you must instead use -uamlist "" to prevent DDP connections from
               working.
 
        -[no]tcp
               Enables or disables AFP-over-TCP
 
        -transall
               Make both available (default)
        -advertise_ssh
               Allows  Mac  OS  X  clients  (10.3.3  or above) to automagically
               establish a tunneled AFP connection through SSH. If this  option
               is  set, the server’s answers to client’s FPGetSrvrInfo requests
               contain an additional entry. It depends on  both  client’s  set‐
sshd(8) on the
               server to let things work.
               Note
 
               Setting this option is not recommended since globally encrypting
               AFP connections via SSH will increase the server’s load signifi‐
               cantly. On the other hand, Apple’s client side implementation of
               this  feature  in  MacOS  X versions prior to 10.3.4 contained a
               security flaw.
 
        -ddpaddr [ddp address]
               Specifies the DDP address of  the  server.  The  default  is  to
               auto-assign  an  address  (0.0).  This is only useful if you are
               running AppleTalk on more than one interface.
 
        -fqdn [name:port]
               Specifies a fully-qualified domain name, with an optional  port.
               This  is  discarded if the server cannot resolve it. This option
               is not honored by AppleShare clients <= 3.8.3.  This  option  is
               disabled  by  default.  Use  with caution as this will involve a
               second name resolution step on the client side. Also  note  that
               afpd will advertise this name:port combination but not automati‐
               cally listen to it.
 
        -ipaddr [ip address]
               Specifies the IP address that the server  should  advertise  and
               listens  to (the default is the first IP address of the system).
               This option also allows to use  one  machine  to  advertise  the
               AFP-over-TCP/IP  settings  of  another machine via NBP when used
               together with the -proxy option.
 
        -port [port number]
               Allows a different TCP port to be  used  for  AFP-over-TCP.  The
               default is 548.
 
        -proxy Runs  an  AppleTalk  proxy server for the specified AFP-over-TCP
               server. If the address and port aren’t given, then the first  IP
               address  of  the  system and port 548 will be used. If you don’t
               want the proxy server to act as a DDP server as well, set  -uam     
               list "".
 
        -server_quantum [number]
               This  specifies  the  DSI  server  quantum. The minimum value is
               303840 (0x4A2E0). The maximum value is 0xFFFFFFFFF. If you spec‐
               ify  a value that is out of range, the default value will be set
               (which is the minimum). Do not change this value  unless  you’re
               absolutely sure, what you’re doing
 
        -noslp Do  not register this server using the Service Location Protocol
               (if SLP support was compiled in). This is useful if you are run‐
               ning multiple servers and want one to be hidden, perhaps because
               it is advertised elsewhere, ie. by a SLP Directory Agent.
        -admingroup [group]
               Allows users of a certain group to be seen as the superuser when
               they log in. This option is disabled by default.
 
        -authprintdir [path]
               Specifies  the  path  to be used (per server) to store the files
               required to do CAP-style print authentication  which  papd  will
               examine  to  determine  if  a print job should be allowed. These
               files are created at login  and  if  they  are  to  be  properly
               removed, this directory probably needs to be umode 1777.
               Note
 
               -authprintdir  will  only  work  for clients connecting via DDP.
               Almost all modern Clients will use TCP.
 
        -client_polling
               With this switch enabled, afpd won’t advertise that it is  capa‐
               ble  of server notifications, so that connected clients poll the
               server every 10 seconds to detect changes in opened server  win‐
               dows.  Note: Depending on the number of simultaneously connected
               clients and the network’s speed, this can lead to a  significant
               higher load on your network!
               Note
 
               Do not use this option any longer as Netatalk 2.0 correctly sup‐
               ports server notifications, allowing connected clients to update
               folder listings in case another client changed the contents.
 
        -cnidserver [ipaddress:port]
               Specifies  the  IP  address  and  port  of  a cnid_metad server,
               required for CNID dbd backend. Defaults to localhost:4700.
 
        -guestname [name]
               Specifies the user that guests should use (default is "nobody").
               The name should be quoted.
 
        -icon  Use the platform-specific icon
 
        -loginmesg [message]
               Sets a message to be displayed when clients logon to the server.
               The message should be in  unixcodepage  and  should  be  quoted.
               Extended characters are allowed.
 
        -nodebug
               Disables debugging.
 
        -sleep [number]
               AFP 3.x waits number hours before disconnecting clients in sleep
               mode. Default is 10 hours.
 
        -signature { user:<text> | host }
               Specify a server signature. This option is useful while  running
               multiple  independent  instances of afpd on one machine (eg.  in
               clustered environments, to provide fault isolation etc.). "host"
               signature  type  allows  afpd generating signature automatically
               (based on machine primary IP  address).  "user"  signature  type
               allows  administrator to set up a signature string manually. The
               maximum length is 16 characters
 
               Three server definitions using 2 different server signatures
 
               first -signature user:USERS
               second -signature user:USERS
               third -signature user:ADMINS
 
               First two servers will appear as one logical AFP service to  the
               clients - if user logs in to first one and then connects to sec‐
               ond one, session will be automatically redirected to  the  first
               one.  But if client connects to first and then to third, will be
               asked for password twice and will see resources of both servers.
               Traditional  method  of signature generation causes two indepen‐
               dent afpd instances to have the same signature  and  thus  cause
               clients to be redirected automatically to server (s)he logged in
               first.
               Note
 
               Extended logging capabilities are only available if Netatalk was
               built  using  --with-logfile. As of Netatalk 2.0, the default is
               --without-logfile since the logger code is partially broken  and
               needs a complete rewrite (the -setuplog option might not work as
               expected). If Netatalk was built without logger support then the
               daemons log to syslog.
 
        -[un]setuplog "<logtype> <loglevel> [<filename>]"
               Specify  that  the  given loglevel should be applied to log mes‐
               sages of the given logtype and that  these  messages  should  be
               logged  to  the  given  file.  If  the  filename  is ommited the
               loglevel applies to messages passed to syslog. Each logtype  may
               have  a  loglevel  applied to syslog and a loglevel applied to a
               single file.  Latter -setuplog settings  will  override  earlier
               ones of the same logtype (file or syslog).
 
               logtypes: Default, Core, Logger, CNID, AFP
 
               Daemon  loglevels:  LOG_SEVERE,  LOG_ERROR,  LOG_WARN, LOG_NOTE,
               LOG_INFO,   LOG_DEBUG,   LOG_DEBUG6,   LOG_DEBUG7,   LOG_DEBUG8,
               LOG_DEBUG9, LOG_MAXDEBUG
 
               Some ways to change afpd     s logging behaviour via -[un]setuplog
 
               Example:
 
               -setuplog "logger log_maxdebug /var/log/netatalk-logger.log"
               -setuplog "afpdaemon log_maxdebug /var/log/netatalk-afp.log"
               -unsetuplog "default level file"
               -setuplog "default log_maxdebug"
        These options are useful for debugging only.
 
        -tickleval [number]
               Sets the tickle timeout interval (in seconds). Defaults to 30.
 
        -timeout [number]
               Specify  the  number of tickles to send before timing out a con‐
               nection. The default is 4, therefore a connection  will  timeout
               after 2 minutes.
 

EXAMPLES

        afpd.conf default configuration
 
        - -transall -uamlist uams_clrtxt.so,uams_dhx.so
 
        afpd.conf MacCyrillic setup / UTF8 unix locale
 
        - -transall -maccodepage mac_cyrillic -unixcodepage utf8
 
        afpd.conf setup for Kerberos V auth
 
        - -transall -uamlist uams_clrtxt.so,uams_dhx.so,uams_guest.so,uams_gss.so \
        -k5service afpserver -k5keytab /path/to/afpserver.keytab \
        -k5realm YOUR.REALM -fqdn your.fqdn.namel:548
 
        afpd.conf letting afpd appear as three servers on the net
 
        "Guest Server" -uamlist uams_guest.so -loginmesg "Welcome guest!"
        "User Server" -uamlist uams_dhx.so -port 12000
        "special" -notcp -defaultvol <path> -systemvol <path>
AppleVolumes.default(5)
 

Sections

What does Ubuntu mean?
Ubuntu is an African word meaning 'Humanity to others', or 'I am what I am because of who we all are'. The Ubuntu distribution brings the spirit of Ubuntu to the software world.