Archives pour la catégorie ‘AFP’

Debian : serveur NFS avec ports statiques

# apt-get install nfs-common nfs-kernel-server portmap
# vim /etc/default/nfs-common
STATDOPTS="--port 32765 --outgoing-port 32766"
# vim /etc/default/nfs-kernel-server
RPCMOUNTDOPTS="-p 32767"
# vim /etc/default/quota
RPCRQUOTADOPTS="-p 32769"
# vim /etc/modprobe.d/nfs.conf 
options lockd nlm_udpport=32768 nlm_tcpport=32768
options nfs callback_tcpport=32764
# shutdown -r now

Règles Iptables :

-A INPUT -i eth0 -p tcp -m state --state NEW -m multiport --dports 111,2049,32764:32769 -j ACCEPT
-A INPUT -i eth0 -p udp -m state --state NEW -m multiport --dports 111,2049,32764:32769 -j ACCEPT

Debian : serveur de fichiers AFP avec gestion LDAP

Installation et configuration de natatalk

# apt-get build-dep netatalk
# apt-get install libcrack2-dev fakeroot libssl-dev
# apt-get source netatalk
# cd netatalk-2.1.2/
# DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -rfakeroot
# dpkg -i netatalk_2.1.2-2_amd64.deb
# nano /etc/netatalk/afpd.conf
- -tcp -ipaddr 192.168.1.166 -noddp -uamlist uams_dhx2.so -nosavepassword
# nano /etc/netatalk/AppleVolumes.default
/home/share/work work allow:@users perm:770
# mkdir /home/work
# chown root:users /home/share/work
# chmod 770 /home/share/work

Intégration avec Avahi

# apt-get install avahi-daemon libnss-mdns
# touch /etc/avahi/services/afpd.service
# nano /etc/avahi/services/afpd.service
<?xml version= "1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards= "yes">%h</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=Xserve</txt-record>
</service>
</service-group>

Intégration LDAP

# apt-get install libnss-ldap libpam-ldap
# nano /etc/libnss-ldap.conf
# nano /etc/libpam-ldap.conf
uri ldap://192.168.1.254/
base dc=my,dc=domain
ldap_version 3
binddn cn=proxy,dc=my,dc=domain
bindpw 123456
ssl start_tls
tls_checkpeer no
# nano /etc/pam/common-session
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session    [default=1]            pam_permit.so
# here's the fallback if no module succeeds
session    requisite            pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session    required            pam_permit.so
# and here are more per-package modules (the "Additional" block)
session    required    pam_unix.so
session    optional            pam_ldap.so
# end of pam-auth-update config

session required pam_mkhomedir.so skel=/etc/skel umask=0022

Mise à jour 09/11/2011 :

Si le démon afpd refuse de se lancer automatiquement au démarrage de votre machine, il convient de vérifier la sortie de debug du émon en ajoutant l’option -setuplog « default log_maxdebug ».

Dans le cas où la sortie syslog révèle cette  erreur :

Nov  9 15:44:27 patty afpd[1505]:  "patty"'s signature is  978C0D71D26955DDF9149364E6377FB8
Nov  9 15:44:27 patty afpd[1505]: DSIConfigInit: hostname: patty, ip/port: 192.168.2.200/548,
Nov  9 15:44:27 patty afpd[1505]: dsi_tcp_init: bind: Cannot assign requested address
Nov  9 15:44:27 patty afpd[1505]: dsi_tcp_init: no suitable network config for TCP socket
Nov  9 15:44:27 patty afpd[1505]: main: dsi_init: Cannot assign requested address

il convient d’appliquer ce patch au script de démarrage /etc/init.d/netatalk :

--- netatalk.old    2011-11-09 15:58:00.340749343 +0100
+++ netatalk    2011-11-09 15:48:01.460324452 +0100
@@ -63,6 +63,7 @@
fi

if [ x"$AFPD_RUN" = x"yes" ]; then
+    sleep 4
/usr/sbin/afpd $AFPD_UAMLIST -g $AFPD_GUEST -c $AFPD_MAX_CLIENTS \
-n "$ATALK_NAME$ATALK_ZONE"
echo -n " afpd"
Haut de page