How to make Nethserver Mac OS X Friendly

Subtitle: How to install Avahi
Version and revision: V1.2 / R 0.9.

For Nethserver 6.6 and above.
Accessible to: Novice / Beginner
Date of presentation: Released on 2015-09-20
Date of the latest revision: Revision: 2015-10-23
Author: Jim
Contact: @Jim

Until now, I was searching how to make Nethserver more Mac OS X friendly.
Because, I want to make my Nethserver instance to be a Time Capsule, to make backup of my Mac Mini.

My Nethserver has tree NiCs, one RED and two GREEN,
I have define two firewall rules to enable all services between the two GREEN subnets but my Mac on the 2nd subnet GREEN was unable to see the Time Capsule on the 1st subnet GREEN.
So one evidence come to me : I have to install avahi to the Nethserver to my Mac have the ability to browse all the local network.
Avahi is the equivalent of the Apple Bonjour service.

In the Netsethserver repositories, strangely, the avahi package is available in the webgui only installing CUPS!?!
So I went to the CLI way, connecting in ssh on the Nethserver and made:

#yum install avahi

After installation, we must edit avahi-daemon.conf

#vi /etc/avahi/avahi-daemon.conf

.

[server]
host-name=microserver               # the server name
domain-name=xxxxxx-online.lan  # the domain name for Zeroconf       
browse-domains=local                 # to restrict to the local search
use-ipv4=yes                                # to enable ipv4 only
use-ipv6=no
allow-interfaces=eth1, eth2          # to listen to the two green subnet
deny-interfaces=eth0                    # to disable listen on the RED 

[wide-area]
enable-wide-area=yes

[publish]
disable-publishing=no
disable-user-service-publishing=no
add-service-cookie=no
publish-addresses=yes
publish-hinfo=yes
publish-workstation=yes
publish-domain=yes
publish-dns-servers=192.168.1.70, 192.168.2.70  # the 2 DNS servers on each green subnet
publish-resolv-conf-dns-servers=yes

All these options are well documented here: http://linux.die.net/man/5/avahi-daemon.conf
It’s recommended not to used a domain name .local :information_source:

Let enable and start the service

# chkconfig avahi-daemon on
# service avahi-daemon start

Only after this configuration, the Airport utility was able to detect the Time Capsule on the network, and the Time Machine backup was possible.

Edit: update February 2016

A package nethserver-avahi exist and it’s a dependency of the nethserver-cups package.
we can install by the CLI way

#yum install nethserver-avahi

It will install avahi and configure the daemon on Nethserver to listen all the LANs except the Red one.

In the second part, we will see how to install and configure the Apple Filing Protocol to make the Time Machine backup. How to make Nethserver Mac OS X Friendly

2 Likes

If it works smoothly as you said that’s a great shot! Is there anyone else who’d like to test this howto?
@dz00te @fasttech @JOduMonT

no, you should create the templates, once you found how to make it work… many values are variables subject to change if you (re)configure your server…

please take a look at developer’s documentation and improve your knowledge about NS’ paradigm, db/templates/events

Why you don 't agree?
Everyone must adapt the avahi-daemon.conf for it’s own need.

Without, it can go wrong, ie in my case, by default, the daemon listen to the 1st NIC

I think @zamboni suggested you to don’t modify files directly but through a template, check if there is a template for the .conf

The nethserver-avahi package doesn’t contain a template for the configuration file, thus a template is not strictly required.

By the way, I would like to gather some feedback on this howto. And, if this implementation can be useful to other uses, we can create a template and maybe a web ui with all the proper templates!

2 Likes

I’ll be glad to test it when AFP will be supported but I have no interest into avahi.

Rhalalâ :smile:
A quoi ça sert que je me décarcasse? :smiley: (French private joke )

If I trust the Netatalk documentation:
Netatalk can use the following third party software to enhance it’s functionality.
-mDNSresponderPOSIX or Avahi for Bonjour (aka Zeroconf)Mac OS X 10.2 and later use Bonjour (aka Zeroconf) for service discovery.

I found the reference :wink:

but still don’t get it, maybe because I’m French Canadian.

I’m glad you did a AVAHI MacOs more friendly
I’ll obviously test it when the part #2 will be ready!!

As @JOduMonT said this part is needed if we make this howto useful, at the moment it’s just a draft.
Please move forward and configure the latter part, if it will work we can move on a standalone configuration removing cups dependencies and so on.

you can follow this how to:

http://www.itnotebook.info/topic314.html

just remember:

  • enabling centosplus repo can be harmfull
  • all conf files must be templatized (search the web for e-smith-appletalk src rpm… you’d find something usefull to start)
  • there will be no web GUI, so all config parameters must reside into configuration db and all involved configuration files must be templatized.
  • centosplus kernel is unsupported, so, if anything goes wrong, you are on your own
  • RH/centos officially dropped appletalk support, so be aware you are installing rpms from external repo

Yesterday, I suffer an electricity outage … My UPS didn’t support all the time and all the network was down.

Two littles things occur.
1- The service Avahi was no set to start automatically at boot time.

chkconfig avahi-daemon on

2 - Even start the service, the airport utility wasn’t able to see the Time Capsule… I was forced to restart the time capsule to see it again.

Edit: After several reboot, I can confirm that the second point don’t occur anymore… only need the avahi automatic startup

Subtitle: How to install Netatalk
Version and revision: V1.2 / R 0.8.

For Nethserver 6.6 and above.
Accessible to: Novice / Beginner
Date of presentation: Released on 2015-09-20
Date of the latest revision: Revision: 2015-10-23
Author: Jim
Contact: @Jim

In the precedent topic, we have seen how to install and configure correctly Avahi, the Apple Bonjour service equivalent.

Now that Avahi is installed, we will install Netatalk to provide that Apple Filing protocol (AFP ).
Netatalk is an OpenSource software package, that can be used to turn a *NIX machine into an extremely high-performance and reliable file server for Macintosh computers.

Nowadays, the Time Machine backup need the AFP to work and the Netatalk is in the version 3.1.7

I’ve got a 1 tb drive mount in /opt/timemachine
here my fstab

# vi fstab

#------------------------------------------------------------
# BE CAREFUL WHEN MODIFYING THIS FILE! It is updated automatically
# by the NethServer software. A few entries are updated during
# the template processing of the file and white space is removed,
# but otherwise changes to the file are preserved.
#------------------------------------------------------------
/dev/mapper/vg_microserver-lv_root      /       ext4    defaults        1 1
UUID=6aa634e2-6cb9-4044-91d2-5f1dc258b718       /boot   ext4    defaults        1 2
/dev/mapper/vg_microserver-home /home   ext4    defaults        1 2
/dev/mapper/vg_microserver-backup       /opt/timemachine        ext4    defaults        1 2
/dev/mapper/vg_microserver-lv_swap      swap    swap    defaults        0 0
tmpfs   /dev/shm        tmpfs   defaults        0 0
devpts  /dev/pts        devpts  gid=5,mode=620  0 0
sysfs   /sys    sysfs   defaults        0 0
proc    /proc   proc    defaults        0 0

I want a specific user tmbackup to connect to the server for making the backup.

All this how to is inspired from http://netatalk.sourceforge.net/wiki/index.php/Netatalk_3.1.7_SRPM_for_Fedora_and_CentOS

First, we download the source:

# wget http://www003.upp.so-net.ne.jp/hat/files/netatalk-3.1.7-1.2.fc24.src.rpm

To build Netatalk we need at least “rpm-build”, “gcc” and “make” packages.

 # yum install rpm-build gcc make

And install the SRPM

# rpm -ivh netatalk-3.1.7-1.2.fc24.src.rpm

The following messages don’t have a problem.
warning: group hat does not exist - using root
warning: user hat does not exist - using root

Build by using “rpmbuild” command.

 # cd ~/rpmbuild/SPECS/
 # rpmbuild -bb netatalk.spec

If “error: Failed build dependencies: zzz” is displayed, execute “#yum install zzz”

All this stuff was installed:
Installed: bison-2.4.1-5.el6.x86_64
Installed: cracklib-devel-2.8.16-4.el6.x86_64
Installed: 1:dbus-devel-1.2.24-8.el6_6.x86_64
Installed: glib2-devel-2.28.8-4.el6.x86_64
Installed: dbus-glib-devel-0.86-6.el6.x86_64
Installed: flex-2.5.35-9.el6.x86_64
Installed: xml-common-0.6.3-33.el6.noarch
Installed: sgml-common-0.6.3-33.el6.noarch
Installed: docbook-dtds-1.0-51.el6.noarch
Installed: docbook-style-xsl-1.75.2-6.el6.noarch
Installed: libattr-devel-2.4.44-7.el6.x86_64
Installed: db4-cxx-4.7.25-19.el6_6.x86_64
Installed: db4-devel-4.7.25-19.el6_6.x86_64
Installed: libacl-devel-2.2.49-6.el6.x86_64
Installed: libgpg-error-devel-1.7-4.el6.x86_64
Installed: libcom_err-devel-1.41.12-21.el6.x86_64
Installed: zlib-devel-1.2.3-29.el6.x86_64
Installed: cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64
Installed: mysql-5.1.73-5.el6_6.x86_64
Installed: libsepol-devel-2.0.41-4.el6.x86_64
Installed: libselinux-devel-2.0.94-5.8.el6.x86_64
Installed: keyutils-libs-devel-1.4-5.el6.x86_64
Installed: krb5-devel-1.10.3-37.el6_6.x86_64
Installed: openssl-devel-1.0.1e-30.el6.11.x86_64
Installed: tcp_wrappers-7.6-57.el6.x86_64
Installed: 1:quota-3.17-21.el6_5.x86_64
Installed: 1:quota-devel-3.17-21.el6_5.x86_64
Installed: mysql-devel-5.1.73-5.el6_6.x86_64
Installed: openldap-devel-2.4.39-8.el6.x86_64
Installed: libgcrypt-devel-1.4.5-11.el6_4.x86_64
Installed: pam-devel-1.1.1-20.el6.x86_64
Installed: systemtap-sdt-devel-2.5-5.el6.x86_64
Installed: libtdb-devel-1.2.10-1.el6.x86_64
Installed: tcp_wrappers-devel-7.6-57.el6.x86_64

After build the rpm and install it

 # cd ~/rpmbuild/RPMS/x86_64/
 # rpm -ivh netatalk-3.1.7-1.2.el6.x86_64.rpm

If “error: Failed dependencies: xxx is needed by…” is displayed, execute “yum install xxx”
In my case it complain about dbus-python

# yum install dbus-python

Check features and paths, using “afpd -V”.

# afpd -V
afpd 3.1.7 - Apple Filing Protocol (AFP) daemon of Netatalk

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.

afpd has been compiled with support for these features:

          AFP versions:	2.2 3.0 3.1 3.2 3.3 3.4 
         CNID backends:	dbd last tdb mysql 
      Zeroconf support:	Avahi
  TCP wrappers support:	Yes
         Quota support:	Yes
   Admin group support:	Yes
    Valid shell checks:	Yes
      cracklib support:	Yes
            EA support:	ad | sys
           ACL support:	Yes
          LDAP support:	Yes
         D-Bus support:	Yes
     Spotlight support:	No
         DTrace probes:	Yes

              afp.conf:	/etc/netatalk//afp.conf
           extmap.conf:	/etc/netatalk//extmap.conf
       state directory:	/var/lib/netatalk/
    afp_signature.conf:	/var/lib/netatalk/afp_signature.conf
      afp_voluuid.conf:	/var/lib/netatalk/afp_voluuid.conf
       UAM search path:	/usr/lib64/netatalk//
  Server messages path:	/var/lib/netatalk/msg/

Now let’s go setup up the service, editing the “/etc/netatalk/afp.conf”.

Here’s mine:

# vi afp.conf

;
; Netatalk 3.x configuration file
;

[Global]
; Global server settings
uam list = uams_guest.so , uams_randnum.so , uams_dhx.so , uams_dhx2.so
mimic model = Xserve
log level = default:warn
log file = /var/log/afpd.log
afp interfaces = eth1, eth2
afp listen = 192.168.1.0/24 , 192.168.2.0 /24

; [Homes]
; basedir regex = /home

; [My AFP Volume]
; path = /path/to/volume

[TimeMachine]
path = /opt/timemachine
valid users = tmbackup
time machine = yes

To configure this file, I’ve needed this link:
http://netatalk.sourceforge.net/3.1/htmldocs/configuration.html#authentication

We need to adjust the firewall

config set fw_netatalk service status enabled TCPPorts 548 access private
signal-event firewall-adjust
signal-event runlevel-adjust

we need to add the user tmbackup, and set a password

# useradd tmbackup
# passwd tmbackup

This user need all right on the /opt/timemachine directory

# cd /opt
# chown tmbackup timemachine

And finally enable the service att startup and start the service

# chkconfig netatalk on
# service netatalk start

At this point on the Mac, we can see the server in the finder, and configure the Time Machine Backup


Until now SElinux not complain :smiley:

2 Likes

I’m sure that @xmechanic @JOduMonT and @andrea might be happy to help you to test it out!

I would like to improve this how to.

@zamboni notice me in other thread, with reason, that install develloper tools on the Nethserver instance is not a so good idea… question of security.
I agree.

I would like to make this in a VM, in another computer. … Build this rpm in another Nethserver developer instance.

But when the netatalk-3.1.7-1.2.el6.x86_64.rpm is done in the VM,
How I put it in the Nethserver instance? by scp with SSH ?

Make a Nethserver-netatalk package for the Nethforge :heart_eyes:

Yeah

scp yourfile root@nsip:/root

This week-end, I changed my Mac Mini HDD by a SSD.

It was a really good opportunity to test my backup plan and make different type of restauration.
All worked perfectly as expected.

With the new SSD in the Mac, I was able to boot the Mac pressing “option+R”, and I as seeing my Microserver, Connected to the Microserver and made my Time Machine Restauration.

Finally, the unique problem I encountered was a screwdriver problem… I was hard to find the Torx T6 and T8 :laughing:

You know what… My Mac is really fast to boot now, the backup plan is okay… I’m really HAPPY :smiley:

1 Like

I cannot back to hard drive now, SSD is the way to go.

Awesome! :monkey_face: thanks for sharing! You have to pay a drink to everyone :tropical_drink:

Already done:

:stuck_out_tongue_winking_eye:

1 Like