Apple File Sharing

From Secure Computing Wiki
Revision as of 17:35, 26 November 2010 by Ecrist (Talk | contribs) (Reverted edits by Ijakigyzi (talk) to last revision by Ecrist)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

This document will explain how to get Apple File Sharing (AFP) working on a FreeBSD file server, for Mac OS X clients. The setup for this document includes a MacBook Pro running OS X 10.5.6 (Leopard) on the client workstation and FreeBSD 7.1 on the server.

Software Installation

The following pieces of software need to be installed on the FreeBSD file server, via the ports tree:

  1. net/netatalk *
  2. net/howl

*Our file server uses LDAP authentication via PAM modules. In our case, we enabled PAM support for netatalk.

Next, add the following lines to /etc/rc.conf:

netatalk_enable="YES"
afpd_enable="YES"
mdnsresponder_enable="YES"
mdnsresponder_flags="-f /usr/local/etc/mDNSResponder.conf"

AFPd Configuration

Edit the last line of /usr/local/etc/AppleVolumes.default to read:

~ options:noadouble,usedot,nohex

mDNSResponder

Create /usr/local/etc/mDNSResponder.conf, with the following content:

HOSTNAME		_afpovertcp._tcp	local.		548

Up and Running

At this point, you should be able to run the following startup commands and have a browsable network share:

# /usr/local/etc/rc.d/netatalk start
# /usr/local/etc/rc.d/mdnsresponder.sh start

Extra

On my company network, we use Pluggable Authentication Module (PAM) to authenticate our services against our LDAP directory. To enable this support, on port build, above, instead of make install, run make WITH_PAM=yes install. Also, create a valid pam config file for netatalk in /usr/local/etc/pam.d. See OpenLDAP for more information on configuring an OpenLDAP server.