Netatalk Time Machine backups to Ubuntu Linux 10.04 Lucid AFP Network Share Configuration Guide 2

Well… not much of a guide really.  Just a very quick how-to on what I did to get Time Machine on my Macbook Pro with OSX Lion 10.7 to save the backup data to my Linux server network share using AFP, rather than SMB (Windows Share), a Time Capsule, or and Apple Server.  I will attach my working config files for your reference as well.  Note that, 1) I am using the source code for Netatalk, compiled and installed, not the Ubuntu or Debian package, and 2) I am assuming you are comfortable with installing software from source.  Last note, I owe a HUGE THANK YOU to post I found on the basic’s of this configuration. (located here: http://www.trollop.org/2011/07/23/os-x-10-7-lion-time-machine-netatalk-2-2/)  I had a hard time getting anything working otherwise, and that post mostly got things working for me.

I really love this setup, because:

A) I am running a tiny ITX case with a 1.5TB ZFS mirror in it for data integrity. (back when drives were cheap, this makes a powerful and inexpensive NAS)  (oh and I am running this using the zfs-native package on Ubuntu Lucid! Love it!)

B) I love having the network-based Time Machine running, because it just runs whenever I am on my home network. I don’t have to think about, “Well, should I plug in my USB drive and backup tonight?”  It just runs all the time.

C) I also have Crashplan running on that ZFS pool, to save all my local machines here as well.

None of that has anything to do with getting an AFP share running, so, moving on.  The instructions below don’t cover the creation of your sparce file for the AFP share, which Time Machine uses.  Once you get to the Sixth step below, you’ll need to create that sparce bundle and copy it to your share. I used the script located on this post to generate my sparce bundle and copy it over to my server share. Anyway, to get your Mac talking to your Linux box, setup Netatalk like below. :)

FIRST:

Go get the latest Netatalk source code from Sourceforge.  http://netatalk.sourceforge.com/

Download and un-tar that code into a directory of your choice. But before we configure and compile this…  we need some supporting software.

SECOND:

Get the supporting software packages for Avahi and other items.  We need Avahi for zeroconf and other libs for authentication purposes.

I ran this apt-get command:

apt-get install avahi-daemon mdns-scan \
 avahi-utils libavahi-common-dev \
 libavahi-compat-libdnssd1 libavahi-compat-libdnssd-dev \
 libssl-dev libacl1-dev libwrap0-dev libgcrypt11-dev libdb4.8 libdb4.8-dev

Install the above items, then we can move on to the compile and install of afpd/Netatalk.

THIRD:

Now, “cd” to the directory where you un-tar’d the netatalk download code.  For example, mine was in this folder:

cd /mpool/Shares/Shared/netatalk-2.2.1

Assuming all the above packages installed successfully, let’s run ./compile. Here’s my command line:

./configure --enable-debian --with-acls --enable-ddp  --enable-zeroconf

Then, if that ran successfully, you should end up with some summary information as follows:  (may not be exact)

Using libraries:
    LIBS = -lpthread  -L$(top_srcdir)/libatalk
    CFLAGS = -I$(top_srcdir)/include -D_U_="__attribute__((unused))" -g -O2 -I$(top_srcdir)/sys
    SSL:
        LIBS   =  -L/usr/lib64 -lcrypto
        CFLAGS =  -I/usr/include/openssl
    LIBGCRYPT:
        LIBS   = -lgcrypt
        CFLAGS =
    BDB:
        LIBS   =  -L/usr/lib64 -ldb-4.8
        CFLAGS =
Configure summary:
    Install style:
         debian
    AFP:
         Large file support (>2GB) for AFP3: yes
         Extended Attributes: ad | sys
    CNID:
         backends:  dbd last tdb
    UAMS:
         DHX     ( SHADOW)
         DHX2    ( SHADOW)
         RANDNUM ( SHADOW)
         passwd  ( SHADOW)
         guest
    Options:
         DDP (AppleTalk) support: yes
         CUPS support:            no
         Apple 2 boot support:    no
         SLP support:             no
         Zeroconf support:        yes
         tcp wrapper support:     yes
         quota support:           yes
         admin group support:     yes
         valid shell check:       yes
         cracklib support:        no
         dropbox kludge:          no
         force volume uid/gid:    no
         ACL support:             yes
         LDAP support:            no

Notice the section on “UAMS” containing “DHX” and “DHX2”?  You must have those listed, or your Mac OSx Lion system wont work on it.  It needs the encrypted authentication.  If you don’t see those listed, you are missing some libraries on your system.

FOURTH:

Now if all is well…  run make.

make

make install

Run the above command, while still in that source directory.

Netatalk will install binaries for you under: /usr/local/sbin  and config under: /usr/local/etc/netatalk.
It also installs a basic startup script under your /etc/init.d directory called, easy enough, “netatalk.”

FIFTH:

Setup your config.  I’ll attach my configs for your reference, but here’s a couple basics.

1. afpd.conf  – comment out anything else, and add this line:

- -udp -noddp -uamlist uams_randnum.so,uams_dhx.so,uams_dhx2.so -nosavepassword

2. AppleVolumes.default – also comment out others, and add these.
These are just an example, based on my config. You’ll need to adjust the names and paths.
(NOTICE the “tm” at the end of the time machine share below, you must have that for TM to work.)  

/dapool/bu/tm TimeMachine allow:greg cnidscheme:dbd options:usedots,upriv,tm
/mpool/Shares/AppleShare AppleShare allow:greg cnidscheme:dbd options:usedots,upriv

3. netatalk.conf – I didn’t have this file on one system, so I just created it and added the config below:

#### machine's AFPserver/AppleTalk name.
ATALK_NAME=`echo ${HOSTNAME}|cut -d. -f1`

#### server (unix) and legacy client (<= Mac OS 9) charsets
ATALK_UNIX_CHARSET='LOCALE'
ATALK_MAC_CHARSET='MAC_ROMAN'

#### Don't Edit. export the charsets, read form ENV by apps
export ATALK_UNIX_CHARSET
export ATALK_MAC_CHARSET

#########################################################################
# AFP specific configuration
#########################################################################

#### Set which daemons to run.
#### If you use AFP file server, run both cnid_metad and afpd.
CNID_METAD_RUN=yes
AFPD_RUN=yes

#### maximum number of clients that can connect:
AFPD_MAX_CLIENTS=20

#### UAMs (User Authentication Modules)
#### available options: uams_dhx.so, uams_dhx2.so, uams_guest.so,
####                    uams_clrtxt.so(legacy), uams_randnum.so(legacy)
AFPD_UAMLIST="-U uams_dhx.so,uams_dhx2.so"

#### Set the id of the guest user when using uams_guest.so
AFPD_GUEST=nobody

#### config for cnid_metad. Default log config:
CNID_CONFIG="-l log_note"

#########################################################################
# AppleTalk specific configuration (legacy)
#########################################################################

#### Set which legacy daemons to run.
#### If you need AppleTalk, run atalkd.
#### papd, timelord and a2boot are dependent upon atalkd.
ATALKD_RUN=no
PAPD_RUN=no
TIMELORD_RUN=no
A2BOOT_RUN=no

#### Control whether the daemons are started in the background.
#### If it is dissatisfied that legacy atalkd starts slowly, set "yes".
ATALK_BGROUND=no

#### Set the AppleTalk Zone name.
#### NOTE: if your zone has spaces in it, you're better off specifying
####       it in afpd.conf
ATALK_ZONE=@AFP

SIXTH:

Start ’em up!

/etc/init.d/netatalk start

That should start up the services. I did a quick check using “netstat -tapn” and if you see these below, you should be running:

tcp        0      0 0.0.0.0:548             0.0.0.0:*               LISTEN      22146/afpd
tcp6       0      0 ::1:4700                :::*                    LISTEN      22144/cnid_metad

Again, may look a bit different on your system, but you should at minimum see the afpd process on port 548 and soemthing listed for “cnid_metad” on its default port of 4700.  I don’t know why mine says tcp6, but it works, so I am not complaining.

I should note, I set this up on two systems.  One worked right away, the other wouldn’t start cnid_metad.  Your startup should respond with:

..Starting Netatalk services (this will take a while):  cnid_metad afpd.

See that “cnid_metad” listed in the services starting?  My problem system wouldn’t show this, it only showed afpd.  As a result, Time Machine and Finder on my Mac would give me an error about CNID DB not working and “using temporary” or something like that.  Time Machine failed everytime.

What I did to fix it, was a cheesy hack.  I just found the lines below in my /etc/init.d/netatalk script:

# prepare startup of file services
if [ "x$CNID_METAD_RUN" = "xyes" -a -x /usr/local/sbin/cnid_metad ] ; then
   echo -n " cnid_metad"
   /usr/local/sbin/cnid_metad $CNID_CONFIG
fi

I changed the above to look like this:

# prepare startup of file services
if [ -x /usr/local/sbin/cnid_metad ] ; then
   echo -n " cnid_metad"
   /usr/local/sbin/cnid_metad $CNID_CONFIG
fi

I don’t care if CNID_METAD is “yes” or not, I just want it to run!  Everytime!  So I just check if that binary is executable and launch it.  This worked!!  And Time Machine connected to my AFP share (which was this: afp://draygon/TimeMachine ) and started backing up!

I won’t go into the Time Machine config on your Mac here. All you really need to do is in the “Select Disk” button, it will list your available disks, just select the one on your server.  I did make sure I could connect to it first.  In Finder, go to “Go” on the menu and select “Connect to Server”.  Type in the server path or browse to it.  ( afp://YOUR_SERVER_NAME/YOUR_SHARE_NAME  )  If that opens, and you can create files in there in Finder, you should be good to go!

It should be obvious, as well, that on your Linux system you need a user account created with a matching password (which Finder on your Mac may ask for).  You should also have file system permissions configured on your Linux system accordingly.  If not, you will have trouble connection and/or creating files.  Therefore, Time Machine won’t work either.  So make sure the “sharing” stuff works.

My Config Files:

Located in /usr/local/etc/netatalk, the links below will open up at pastebin.com.

afpd.conf  - http://pastebin.com/3kvHLLph  

AppleVolumes.default - http://pastebin.com/Z0L7pzGi

netatalk.conf - http://pastebin.com/agVs4RW0

Extra Note:

I wanted to mention this link:  http://lifehacker.com/5691649/an-easier-way-to-set-up-time-machine-to-back-up-to-a-networked-windows-computer 

In order to get Time Machine to use that AFP share, you need to create a Sparse bundle file which saves your data.  The link above has some great instructions on that.  And they link you to this script for your Mac to create the file and copy it, makes it easy!

 EDIT 12/02/11:

On OSX Lion, you apparently DO NOT need to manually create that sparse file.  I had to remove my backup data and recreate it, and when I did, I did not create the sparse file.  I simply opened Time Machine, clicked Select Disk, and there was my network share. I selected that network share and it created a new sparse file and started to backup automatically. Nice!!

Maybe that’s a Lion thing, I don’t know. BUT YOU DO NEED to tweak your Mac to allow backup to an unsupported network share.  The articles listed above mention using the “secrets pref pane” in OSX and a checkbox to allow the unsupported backup location. PrefPane can be downloaded from this site:
http://secrets.blacktree.com/ 

(you can really BREAK your Mac with that program with some of those settings, so use at your own risk!  I only used it to set my Time Machine to use Linux.)

Its a quick-n-easy install.  Open that program once installed, go to the Time Machine section and check the box to allow unsupported backup locations.  There is a manual, command line way to do this as  well.