~ Tea & Strumpets

With the release of Apple’s Mac OS X 10.7 Lion, many people will notice that Time Machine fails to play nicely with their current Netatalk servers. There is a relatively simple solution for those of us who run Netatalk servers on Linux servers and NAS devices. However, if you’re relying on a NAS-vendor such as FreeNSD, you may need to wait for them to offer an update to ensure compatibility with Mac OS X 10.7. Apparently the major reason for this break in compatibility is a lack of a “replay cache”, which was introduced in AFP 3.3.

Anyhow, below I’ve created a simple guide on how to setup Netatalk 2.2 from source on most any Linux system. I am using Gentoo in this guide, but the basics should be the same on any other system. Currently Gentoo has not merged Netatalk 2.2 into portage, so we’ll have to download the source from Netatalk itself.

Download Netatalk 2.2 (Unstable): http://netatalk.sourceforge.net

Extract the contents of the file and cd to the directory:

# tar xvf ./netatalk-2.2-beta4.tar.bz2
# cd netatalk-2.2-beta4/

To build the binaries, first run the program ./configure in the source directory. This should automatically configure Netatalk for your operating system. If you have unusual needs, then you may wish to run:

# ./configure --help

to see what special options you can enable. The most used configure options are:
The most used configure options are:

• –enable-[redhat/suse/cobalt/netbsd/fhs]
  This option helps netatalk to determine where to install the start scripts.
• –with-bdb=/path/to/bdb/installation/
  In case you installed Berkeley DB in a non-standard location, you will have to give the install location to netatalk, using this switch.

Now run configure with any options you need. For Gentoo we’ll use the following configure options:

# ./configure --enable-gentoo --enable-zeroconf

Read more

I recently installed the developer preview of Mac OS X 10.7 Lion and have been quite pleased with the update. However, apart from the AFP issue, which was quickly fixed, and the Time Machine issue, which remains unsolved, it appears that Safari 5.1 does not like self-signed certificates!

The certificate for this server is invalid. (NSURLErrorDomain:-1202)

Fortunately, there is a way to force Safari 5.1 to accept self-signed certificates. Now I know one could dump the certificate via openssl and the command line, but this method did not work for me since I am accessing my sites on an internal network and it would always dump the certificate for my default Apache virtual host. As such, the instructions below use a sort of round about method to import these certificates, but it works.

Basically these instructions show you how to use Firefox to export a self-signed SSL certificate and import it into Keychain Access. Hopefully it helps a few people out.

Read more

Upon installing Mac OS X 10.7 Lion I discovered one niggling issue. I was unable to connect to my Gentoo Netatalk AFP server. Any connection attempts would result in the following error:

After some Googling, I discovered a quick fix to the problem. Basically, if you haven’t updated your Netatalk config file for some time, you wouldn’t have UAMS DHX2 enabled by default. To enable UAMS DHX2 support, do the following:

Edit afpd.conf:

# vi /etc/netatalk/afpd.conf

Make sure “uams_dhx2.so” is in the “-uamlist” options at the end of the file. For instance, mine looks like this:

- -noddp -transall -uamlist uams_randnum.so,uams_dhx.so,uams_dhx2.so -nosavepassword -advertise_ssh -udp

Then restart the Netatalk server. Please note that the init script may be different depending on your distribution.

# /etc/init.d/atalk restart

Now you should be able to connect your OS X 10.7 Lion installation to a Linux AFP server. It should be noted, however, that despite AFP working in this setup, I have been unable to get Time Machine to work with these settings. If you’ve managed to get Time Machine to work with Netatalk, post a comment!