Due to the recent abandonment of OpenSolaris by Oracle, I moved my ZFS pools to a Nexenta Core 3.0 installation. In the process, I had lost the netatalk (AFP support) that I had hacked into my OpenSolaris installation. That AFP support was done using the hints at Nathan Fielder’s blog, both for installation of netatalk on OpenSolaris, as well as making the services browseable via the Mac’s Bonjour capabilities.
I’ve done this reinstall of AFP a couple of times on a few OpenSolaris installations, and want to make sure I have it all down in one place in case Nathan decides to erase his notes. I also want to capture a couple of other details that make Nexenta a little different than installing on OpenSolaris.
The list of tasks and commands one needs to run on a bare-metal Nexenta Core 3.0 installation differs slightly from OpenSolaris, based on the fact that Nexenta Core has fewer packages installed and fewer services enabled by default.
With appropriate homage paid to Nathan (thanks!), here’s what I did (in summary format) to get things going. I’m documenting it here so I don’t forget, should I choose to do it again on another Nexenta system. While it’s bad form, I did everything as root so you will have to insert your own escalation of privileges where necessary
Install Berkeley DB
- Download Berkeley DB 4.8 from Oracle (be sure to look for Previous Versions, don’t struggle with the 5.x version)
- untar the downloaded file and cd to the directory
- cd build_unix
- ../dist/configure –prefix=/usr/local
- make install
Add the appropriate OpenLDAP and OpenSSL development libraries so the netatalk configure script will complete correctly. Without libssl-dev, your working AFPD won’t respond to Diffie-Hillman encrypted passwords.
- apt-get install libldap2-dev
- apt-get install libssl-dev
Next you will need to download and untar netatalk from freshmeat. Go to the resulting folder, and make and install netatalk:
- ./configure –without-pam
- make install
Finally, configure netatalk (again borrowed from Nathan Fielder’s blog):
- Edit /usr/local/etc/netatalk/afpd.conf, using the following line that enables encrypted password (that’s the “dhx” part) across all transports:
- -transall -uamlist uams_dhx.so -nosavepassword
- Finally edit the share points. Open /usr/local/etc/netatalk/AppleVolumes.default in your favorite editor. I have disabled home directory sharing by remarking out the line starting with ~ (please excuse the formatting and line wrap: If you copy and paste this snippet, it should properly paste as three lines of code, one is remmed out, the two others starting with “cnidscheme”)
#~ cnidscheme:dbd options:usedots,invisibledots,upriv perm:0770 /volumes/greenpool/shared “Shared” allow:bill cnidscheme:dbd options:usedots,invisibledots,upriv perm:0770 /volumes/data/tm-bill “tm-bill” allow:bill cnidscheme:dbd options:usedots,invisibledots,upriv perm:0770
Restart the service with
You should now be able to connect to the service via Finder, via the “Go” menu, choose “Connect to Server” and use the format “afp://servername”. Note that the username you chose to put into the AppleVolumes.default for each share must exist as a Nexenta OS user.
In a follow-on blog post, I’ll update this with the installation of DNS Service Discovery (the Open Source standard behind Apple’s Bonjour discovery service) so your other Macs can see the server in Finder. Again, that will borrow heavily from Nathan’s blog.Comments or corrections are welcome! Comment below!