Attachment | Size |
---|---|
NetInfo.png | 77.84 KB |
Since my household is primarily Mac based, I wanted to setup my Ubuntu server as an AFP/Time Machine backup server for the LAN. Not surprisingly, this proved possible, but not trivial. First I'll provide a summary of the necessary steps, then detailed instructions for the terminal savvy folks.
Now that my server is running Ubuntu 16.04, my setup has changed and I no longer use it as a Time Machine server. I still, however, like to have AFP access to some of my media share points, so I've updated this post to reflect the necessary changes.
Still with me? Good. Here we go!
Depending on the version of Ubuntu you're running, the procedure on the Linux side varies. I've done this under Ubuntu 10.04
and 16.04, so follow the section for the Ubuntu version closest to what you're running.
Follow these instructions to install netatalk under Ubuntu 16.04
For older versions of Ubuntu, follow the instructions below.
$ sudo apt-get build-dep netatalk
Yielded the following error:
Package libcupsys2-dev is a virtual package provided by:
libcups2-dev 1.4.1-5ubuntu2.4
You should explicitly select one to install.
E: Package libcupsys2-dev has no installation candidate
E: Failed to satisfy Build-Depends dependency for netatalk: libcupsys2-dev
$ sudo apt-get install libcups2-dev
After this package was installed manually, I was able to install the netatalk package.
$ sudo apt-get install cracklib2-dev fakeroot libssl-dev
These packages were already installed on my system
$ sudo apt-get source netatalk
I received a warning message that gpg couldn't check the signature (public key not found).
This is a security step which ensures that you're downloading the real source and not
something that's been altered or hacked:
gpgv: Signature made Thu 10 Sep 2009 06:43:14 AM EDT using RSA key ID 21B2133D gpgv: Can't check signature: public key not found dpkg-source: warning: failed to verify signature on ./netatalk_2.0.4~beta2-5ubuntu2.dsc
Note the Key ID in the first line? Download the key with the command:
$ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0x21B2133D
Then verify the signature with the following command:
$ gpg --verify netatalk_2.0.4~beta2-5ubuntu2.dsc
gpg: Signature made Thu 10 Sep 2009 06:43:14 AM EDT using RSA key ID 21B2133D gpg: Good signature from "Steve Langasek" gpg: aka "Steve Langasek " gpg: aka "Steve Langasek " gpg: aka "Steve Langasek " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A740 0F5A 48FB 42B8 CEE8 638B 5759 F350 01AA 4A64 Subkey fingerprint: AC48 3F68 DE72 8F43 F220 2FCA 568D 30F3 21B2 133D
Looks good! Don't worry about the "certified" warning.
Next we need to build netatalk:
$ cd netatalk*
$ sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot
This may take some time and will generate voluminous output. so now is a good time to grab a coffee.
If you dont' see any errors (warning errors about keys & signings may be ignored), proceed:
$ sudo dpkg -i ../netatalk_2*.deb
Unfortunately, this was unsuccessful and generated the following error messages:
$ sudo dpkg -i ../netatalk_2*.deb (Reading database ... 197088 files and directories currently installed.) Preparing to replace netatalk 2.0.4~beta2-5ubuntu2 (using .../netatalk_2.0.4~beta2-5ubuntu2_i386.deb) ... Stopping Netatalk Daemons: afpd cnid_metad papd timelord atalkd. Unpacking replacement netatalk ... Setting up netatalk (2.0.4~beta2-5ubuntu2) ... update-rc.d: warning: netatalk stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1) Starting Netatalk services (this will take a while):
Then after a pause of a minute or two:
nbp_rgstr: Connection timed out Can't register Orpheus:Workstation@* invoke-rc.d: initscript netatalk, action "start" failed. dpkg: error processing netatalk (--install): subprocess installed post-installation script returned error exit status 1 Processing triggers for man-db ... Processing triggers for ureadahead ... Errors were encountered while processing: netatalk
After a little research, I suspected the problem was due to the fact that my machine has multiple interfaces and acts as a router. I only want AFP services on the LAN interface, so I edited /etc/netatalk/atalkd.conf and added the following lines:
eth0 -dontroute
eth1 -seed
This resulted in a more favorable outcome:
Starting Netatalk services (this will take a while): atalkd afpd papd. Processing triggers for man-db ... Processing triggers for ureadahead ...
Next step is to set the netatalk state to "hold", which means that it will be deactivated (greyed out) in the Software Update dialog:
$ echo "netatalk hold" | sudo dpkg --set-selections
In order to conserve system resources, you should disable any unneeded Netatalk services. To configure netatlk services, edit the file /etc/default/netatalk:
$ sudo vi /etc/default/netatalk
Look for the following lines:
# Set which daemons to run (papd is dependent upon atalkd): ATALKD_RUN=no PAPD_RUN=no CNID_METAD_RUN=yes AFPD_RUN=yes TIMELORD_RUN=no A2BOOT_RUN=no
The ATALKD_RUN line enables the older Appletalk protocol services for Mac OS 9 and earlier systems. You can set ATALKD_RUN=no if you are on an all Mac OS X network. PAPD_RUN enables print sharing services. You should set CNID_METAD_RUN to "yes", and you can leave the rest as shown.
The CNID_METAD_RUN is very important to enable since it handl3es all file metadata (ie., resource fork) which would otherwise get lost. TIMELORD_RUN allows your Linux machine to act as a time server. Lastly, I believe the A2BOOT_RUN allows network booting of old Apple // computers.
$ sudo vi /etc/netatalk/afpd.conf
Ad the following line to the end of the file. There may already be a similar line. If so, replace it with the following:
- -transall -uamlist uams_randnum.so,uams_dhx.so -nosavepassword -advertise_ssh
Shared volumes are configured in the file /etc/netatalk/AppleVolumes.default
$ sudo vi /etc/netatalk/AppleVolumes.default
At the bottom of the file, you may see the following line:
~/ "Home Directory"
You can alter the line to make it more secure by restricting it to specific users:
~/ "$u" allow:<username1>,<username2> cnidscheme:cdb
The usernames above must be actual user names on the Linux system. Unless you're using a directory scheme such as LDAP, I recommend creating a user on your Linux box for each Macintosh or Mac user on your network and sharing the home directory for each user as above.
To use the Linux box as a Time Machine backup server, add the following line:
/home/<username>/TimeMachine TimeMachine allow:<username1> cnidscheme:cdb options:usedots,upriv
Replace <username> with the actual Linux user name which corresponds to the system you want to backup. If the above line wraps, be sure to include it as a single line in the config file.
Note the settings for options. The "usedots" option allows use of hidden files begining with a "." (dot). Next, the upriv option enables support for AFP3 unix privileges. If you are on Mac OS X 10.5 and have no Tiger systems, or if you have a mix of 10.4 and 10.5 systems, use the upriv option. If you are on Tiger only, omit the upriv and just use options:usedots to avoid unexpected behavior.
For increased stability at the cost of speed, you can use the dbd cnidscheme instead of cdb by setting cnidschme:dbd.
Lastly, restart the netatalk daemon:
$ sudo /etc/int.d/netatalk restart
The Avahi daemon will advertise your Apple Sharing services accross the network ala Bonjour. It requires the mDNS library for imitating the Bonjour service. Once configured, this will allow all the Macs on your network to discover the Ubuntu box automagically (ouch, that just cost me a dollar).
sudo apt-get install avahi-daemon
sudo apt-get install libnss-mdns
$ sudo vi /etc/nsswitch.conf
Add "mdns" to the line which begins with "hosts:". It should look like the following:
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 mdns
We need to tell Avahi which services to advertise on the network. This is done by creating an xml file for each service we want to advertise and placing it in /etc/avahi/services. For example, to enable advertising of AFP services, we need to create a file called afpd.services in the /etc/avi/services directory:
$ sudo vi /etc/avahi/services/afpd.services
Add the following text to the file:
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">%h</name> <service> <type>_afpovertcp._tcp</type> <port>548</port> </service> <service> <type>_device-info._tcp</type> <port>0</port> <txt-record>model=Xserve</txt-record> </service> </service-group>
Since Apple wants to sell Time Capsule backup servers, they don't publicize the fact that you can use any AFP volume for Time Machine Backups. But you have to enable it from the Terminal:
$ defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1
Without this step, your Linux AFP share will not appear as a backup option in Time Machine.
In order to use the Linux server as a Time Machine backup, you need to be sure you can mount the AFP share we created earlier. From the Finder menu, select "Go > Connect to Server" (or ⌘K). In the popup window, enter "afp://" followed by the name or IP address of your server. You should see a "Connecting to Server" window, followed by another popup window asking you which volume you want to mount. If you successfully followed the steps above, there should be two volumes listed, "Home Directory", and "Time Machine". Select "Time Machine".
Launch System Preferences and select "Time Machine". Click "Change Disk" and select the Time Machine network volume from above. Quit System Preferences and unmount (eject) the network volume.
At this point, you can try running a backup immediately, but it may fail to create the initial backup. If it succeeds, congratulations, you're done! If it fails, then continue with the next step.
If Time Machine failed to create the initial SparseBundle backup image, you'll have to roll up your sleeves and use the hdiutil command-line utility to do it yourself. The general format for the hdiutil command is:
$ hdiutil create -size <size> -fs "Journaled HFS+" -type SPARSEBUNDLE -volname \
<MachineName>_<MachineID>.sparsebundle <MachineName>_<MachineID>.sparsebundle
You'll need to know a few things before proceeding. First, how big do you want the backup to be? This depends on the amount of data on your Mac drive and the size of your backup drive on the Linux Server. Since I've got plenty of storage on my Linux box, I generally use about 150% of the Mac drive. So let's say you have a 200 GB drive in your Mac. You would substitute "300g" for <size> in the command above.
Next you have to properly name the disk image so that Time Machine will find it. The format for a Time Machine backup volume is "<MachineName>_<MachineID>.sparsebundle". That's a single underscore and a single dot.
The MachineName can be found in System Preferences > Sharing under "Computer Name". The MachineID can be found in System Profiler (Under Apple Menu, Select "About this Mac", then click "More Info"). Next to "Hardware", you should see something called "Hardware UUID", followed by a long list of numbers and dashes. We want the last twelve hexadecimal numbers. I used lowercase letters, although I'm not sure that it matters.
So for example, if your computer is called "Snoopy", and the hardware UUID is "0016CB2A4F1B" and you have a 200GB drive, your command would look like this (under 10.5.8, by the way):
$ hdiutil create -size 300g -fs "Journaled HFS+" -type SPARSEBUNDLE -volname \
Snoopy_0016cb2a4f1b.sparsebundle Snoopy_0016cb2a4f1b.sparsebundle
If the disk image is successfully created, you can copy it to your Linux Server. Be sure to mount the Time Machine volume before copying it:
$ cp Snoopy_0016cb2a4f1b.sparsebundle /Volumes/Time\ Machine
Unmount the Time Machine volume and run Time Machine. Your backup should proceed normally. Depending on the amount of data on your Mac drive, the initial backup can take a long time. I HIGHLY RECOMMEND doing this over wired ethernet connection. There is a substantial difference in speed compared to wireless. Subsequent incremental backups will be relatively short and can typically be done wirelessly.
Feel free to leave me questions or comments, especially if any of the steps are unclear.
Charles
Comments
"the backup disk image could not be created"
If Time Machine fails on the first backup attempt with the above message, you may need to rename the SparseBundle disk image file.
Immediately after the backup fails, open the console utility (Applications > Utilities), and check for error messages near the end of the log relating to time machine. You should see the name of the SparseBundle file which Time Machine is attempting to use. Verify that it matches the name of the file you created. In particular, the Machine ID portion of the name may not match. If it doesn't, simply rename the SparseBundle file to match the name as it appears in the console log.
Resizing a Time Machine Disk Image
If you need to resize your backup disk image, hdiutil will allow that as well. If using a network mount, you'll have to manually mount the drive first. Using the previous example, the syntax would be: