Debian : serveur de fichiers AFP avec gestion LDAP


Installation et configuration de netatalk

# apt-get build-dep netatalk
# apt-get install libcrack2-dev fakeroot libssl-dev
# apt-get source netatalk
# cd netatalk-2.1.2/
# DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot
# dpkg -i netatalk_2.1.2-2_amd64.deb

# vim /etc/netatalk/afpd.conf

- -tcp -ipaddr -noddp -uamlist -nosavepassword

# vim /etc/netatalk/AppleVolumes.default

/home/share/work work allow:@users perm:770

# mkdir /home/work
# chown root:users /home/share/work
# chmod 770 /home/share/work

Intégration avec Avahi

# apt-get install avahi-daemon libnss-mdns

# touch /etc/avahi/services/afpd.service
# vim /etc/avahi/services/afpd.service

<?xml version= "1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<name replace-wildcards= "yes">%h</name>

Intégration LDAP

# apt-get install libnss-ldap libpam-ldap

# vim /etc/libnss-ldap.conf
# vim /etc/libpam-ldap.conf

uri ldap://
base dc=my,dc=domain
ldap_version 3
binddn cn=proxy,dc=my,dc=domain
bindpw 123456
ssl start_tls
tls_checkpeer no

# vim /etc/pam/common-session

# /etc/pam.d/common-session - session-related modules common to all services
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session    [default=1]  
# here's the fallback if no module succeeds
session    requisite  
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session    required  
# and here are more per-package modules (the "Additional" block)
session    required
session    optional  
# end of pam-auth-update config

session required skel=/etc/skel umask=0022


Si le démon afpd refuse de se lancer automatiquement au démarrage de votre machine, il convient de vérifier la sortie de debug du démon en ajoutant l’option _-setuplog “default logmaxdebug”.

Dans le cas où la sortie syslog révèle cette erreur :

Nov  9 15:44:27 patty afpd[1505]:  "patty"'s signature is  978C0D71D26955DDF9149364E6377FB8
Nov  9 15:44:27 patty afpd[1505]: DSIConfigInit: hostslug: patty, ip/port:,
Nov  9 15:44:27 patty afpd[1505]: dsi_tcp_init: bind: Cannot assign requested address
Nov  9 15:44:27 patty afpd[1505]: dsi_tcp_init: no suitable network config for TCP socket
Nov  9 15:44:27 patty afpd[1505]: main: dsi_init: Cannot assign requested address

il convient d’appliquer ce patch au script de démarrage /etc/init.d/netatalk :

--- netatalk.old    2011-11-09 15:58:00.340749343 +0100
+++ netatalk    2011-11-09 15:48:01.460324452 +0100
@@ -63,6 +63,7 @@

if [ x"$AFPD_RUN" = x"yes" ]; then
+    sleep 4
echo -n " afpd"
Blog owner
  • #linux
  • #debian
  • #afp
  • #ldap
  • #netatalk
  • #avahi