Debian : serveur de fichiers AFP avec gestion LDAP
- Samedi 5 novembre 2011
- Publié dans Administration . AFP . Debian . Linux . Serveur de fichiers . Système
- Par Boris HUISGEN
- Ecrire
Installation et configuration de natatalk
# apt-get build-dep netatalk # apt-get install libcrack2-dev fakeroot libssl-dev # apt-get source netatalk # cd netatalk-2.1.2/ # DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot # dpkg -i netatalk_2.1.2-2_amd64.deb
# nano /etc/netatalk/afpd.conf
- -tcp -ipaddr 192.168.1.166 -noddp -uamlist uams_dhx2.so -nosavepassword
# nano /etc/netatalk/AppleVolumes.default
/home/share/work work allow:@users perm:770
# mkdir /home/work # chown root:users /home/share/work # chmod 770 /home/share/work
Intégration avec Avahi
# apt-get install avahi-daemon libnss-mdns
# touch /etc/avahi/services/afpd.service # nano /etc/avahi/services/afpd.service
<?xml version= "1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards= "yes">%h</name> <service> <type>_afpovertcp._tcp</type> <port>548</port> </service> <service> <type>_device-info._tcp</type> <port>0</port> <txt-record>model=Xserve</txt-record> </service> </service-group>
Intégration LDAP
# apt-get install libnss-ldap libpam-ldap
# nano /etc/libnss-ldap.conf # nano /etc/libpam-ldap.conf
uri ldap://192.168.1.254/ base dc=my,dc=domain ldap_version 3 binddn cn=proxy,dc=my,dc=domain bindpw 123456 ssl start_tls tls_checkpeer no
# nano /etc/pam/common-session
# # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). # # As of pam 1.0.1-6, this file is managed by pam-auth-update by default. # To take advantage of this, it is recommended that you configure any # local modules either before or after the default block, and use # pam-auth-update to manage selection of other modules. See # pam-auth-update(8) for details. # here are the per-package modules (the "Primary" block) session [default=1] pam_permit.so # here's the fallback if no module succeeds session requisite pam_deny.so # prime the stack with a positive return value if there isn't one already; # this avoids us returning an error just because nothing sets a success code # since the modules above will each just jump around session required pam_permit.so # and here are more per-package modules (the "Additional" block) session required pam_unix.so session optional pam_ldap.so # end of pam-auth-update config session required pam_mkhomedir.so skel=/etc/skel umask=0022
Mise à jour 09/11/2011 :
Si le démon afpd refuse de se lancer automatiquement au démarrage de votre machine, il convient de vérifier la sortie de debug du émon en ajoutant l’option -setuplog « default log_maxdebug ».
Dans le cas où la sortie syslog révèle cette erreur :
Nov 9 15:44:27 patty afpd[1505]: "patty"'s signature is 978C0D71D26955DDF9149364E6377FB8 Nov 9 15:44:27 patty afpd[1505]: DSIConfigInit: hostname: patty, ip/port: 192.168.2.200/548, Nov 9 15:44:27 patty afpd[1505]: dsi_tcp_init: bind: Cannot assign requested address Nov 9 15:44:27 patty afpd[1505]: dsi_tcp_init: no suitable network config for TCP socket Nov 9 15:44:27 patty afpd[1505]: main: dsi_init: Cannot assign requested address
il convient d’appliquer ce patch au script de démarrage /etc/init.d/netatalk :
--- netatalk.old 2011-11-09 15:58:00.340749343 +0100 +++ netatalk 2011-11-09 15:48:01.460324452 +0100 @@ -63,6 +63,7 @@ fi if [ x"$AFPD_RUN" = x"yes" ]; then + sleep 4 /usr/sbin/afpd $AFPD_UAMLIST -g $AFPD_GUEST -c $AFPD_MAX_CLIENTS \ -n "$ATALK_NAME$ATALK_ZONE" echo -n " afpd"
Pas encore de commentaires.