• Updated 2023-07-12: Hello, Guest! Welcome back, and be sure to check out this follow-up post about our outage a week or so ago.

Presenting -- Classic Mac Networking Guide 3.0!

bbraun

Well-known member
I use netatalk (2.2 series) extensively, so if you have any questions I'd be glad to try to help out. It's about the only thing that will work from system 3.3 through to the latest OSX.

To allow guest access, you need to enable the guest UAM module in afpd.conf. I use the following line in afpd.conf:

Code:
- -transall -uamlist uams_guest.so -guestname bbraun
That allows guest (and only guest) access, and guests will have the privileges associated with the local user 'bbraun'.

The -transall just means both TCP and DDP (appletalk) access is allowed.

 

Mk.558

Well-known member
I would appreciate your input on this matter:

The Raspberry Pi can be used as an Apple IIGS boot device/file server with A2SERVER project. It is indicated that they use Netatalk 2.2.4 for this purpose, which was the last release of the version 2 binary until just about a week or two ago they released 2.2.5. Anyways, I couldn't get ddp to work with it. I used a ./configure string just like in the Guide and after following the same steps, still wouldn't work with Systems earlier than 7.5.3 & OT 1.3 OR MacTCP systems.

Could you possibly investigate why? The A2BOOT server uses DDP as well, no idea what's going on. I sent him an email and got zilch back.

RE: Guests -- ahh, you see, but it's a little more complicated than that. You can't share out the home directory to a Guest user because of permissions. Here's the section from the Guide:

To permit Guest access, run something like sudo mkdir /media/GuestF, then run sudo chmod 777 /media/GuestF so that the folder permissions (which will be owned by root) will permit read/write/execute operations for everybody, otherwise it won't work (user directories or any path of the File System cannot be shared without editing permissions, which is not advisable). Add the share path to /etc/netatalk/AppleVolumes.default like as shown earlier. Then edit the afpd.conf file so that the line at the bottom looks like the following (log feature not required, just for demonstration purposes) with the uams_guest.so, tacked on:

Code:
- -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so,uams_dhx2.so -nosavepassword -setuplog "default log_info /var/log/afpd.log"
Finally, restart the service with sudo /etc/init.d/netatalk restart to apply the changes, if it was already running. Note: Only use Guest accounts for special purposes because of the fairly serious security weakness. Logging is useful during troublesome times: look to sudo gedit /etc/netatalk/afpd.conf for two examples, one being the standard log and the much more verbose debug log. The log feature can also be enabled during the ./configure step.
As I was wrangling with this issue, I found that using the -guestname flag didn't seem to make a difference. Maybe there is if you can use something like this, if the user is "floe": -guestname floe

I'm not sure if that would work, I doubt it. Maybe if you didn't allow the dhx and dhx2 uams, which is kind of stupid, but oh well. I also tried using the options: limitsize to limit the volume reporting to 2GB, didn't seem to work either.

 

bbraun

Well-known member
On my raspbian system, appletalk isn't configured. It's not compiled in, and not available as a module. netatalk uses the kernel's appletalk implementation, which in an "embedded" system like rpi could be seen as extraneous and left out. That'd probably require a kernel rebuild, or at the very least a module.

For the home directory issue, if you're using '~/ "Home Directory"' in your AppleVolumes.default file, then there might be an issue with guest access. However, if you create a share with the path to the home directory, and the -guestname the same as the owner of the home directory, there shouldn't be an issue. Something like:

AppleVolumes.default:

Code:
/home/floe "floe's Home Directory"
afpd.conf:

Code:
- -transall -uamlist uams_guest.so -guestname floe
 

insaneboy

Well-known member
Well, I doubt it'll work, but someone has to give it a shot...Some things just have to be tried, nothing else can be done.
Never know until you try it. I'd have done it that night, but the plus is upstairs in the attic the door to which is in my son's bedroom.. he was asleep.

and yeah some things just need to be tried. if for no other reason than to see if it can be done. Like I know for a fact that you can run two Mac Pluses off a single SuperMac XP/20 |) Just don't boot them or try to access the drive at the same time. You will get an error and the drive will make some not nice sounds if you do. :lol:

 

Mk.558

Well-known member
On my raspbian system, appletalk isn't configured. It's not compiled in, and not available as a module. netatalk uses the kernel's appletalk implementation, which in an "embedded" system like rpi could be seen as extraneous and left out. That'd probably require a kernel rebuild, or at the very least a module.
For the home directory issue, if you're using '~/ "Home Directory"' in your AppleVolumes.default file, then there might be an issue with guest access. However, if you create a share with the path to the home directory, and the -guestname the same as the owner of the home directory, there shouldn't be an issue. Something like:

AppleVolumes.default:

Code:
/home/floe "floe's Home Directory"
afpd.conf:

Code:
- -transall -uamlist uams_guest.so -guestname floe
Noted. I'll consider whether I should add it to the Guide or not (do you think I ought to?). Of course sharing ~/ out to *Anybody* is rather risky.

For the A2SERVER, they meant to use it with an AFP bridge like one of those Asanté series boxen. Believe it or not I actually got faster throughtput through one of those than LocalTalk direct.

 

bbraun

Well-known member
The security of it is entirely situationally dependent, I think. Personally, my appletalk network is considered insecure to begin with, and the distinction between guest access and cleartext or twoway random for legacy access isn't enough to bother (and arguably less secure than guest), so I just give guest full privs and away I go. A school is probably different, corporate networks are different still. So, it's all up to the end user. I would argue that discussion about the security of legacy protocols and authentication mechanisms like this within the context of modern computing is splitting hairs, but ultimately everyone has to take responsibility for their own systems.

 

NJRoadfan

Well-known member
Now that I got the configurations for both a Fastpath 4 and 5 down to a science, I'm going to give A2SERVER a run in a virtual machine. DDP and the rest of the Appletalk stack should be supported as the IIgs doesn't support Appleshare IP at all!

 

NJRoadfan

Well-known member
OK, I got A2SERVER working fine on a Powerbook 180c running System 7.1 via my Fastpath. By default Appletalk/DDP wasn't running out of the box for some reason. I had to type "a2server-setup" and go through the prompts to install stuff. I then typed "netatalk-router-off" and Appletalk/DDP sprung to life! If you already have a router on your network, try that and see what happens.

Disconnecting the Fastpath, I can type "netatalk-router-on" and Appletalk comes up, so I'm guessing out of the box it conflicts with the Fastpath bridging.

 

Mk.558

Well-known member
I sent him an email last week or two ago asking what was his ./configure string and setup stuff. As I mentioned earlier, no response. xx(

I have no problem using Netatalk 2.1.6, although if I could use 2.2.4/2.2.5 I would. One exceedingly interesting point is a line from my speed test:

Mac mini Netatalk 2.1.6 | Duo 2300cTB 7.6.1 | AFP over Ethernet | 437.7KB/sec, 3.50Mbps | 37.8KB/sec, 0.302Mbps Slow! |

If you look at the other speeds for AFP over Ethernet in the Data Transfer Rates section, it is abnormal to a rather high degree.

 

insaneboy

Well-known member
SO it looks like it is possible to get appletalk functionality out of sheepshaver, but it is unreliable and a mega PITA to set up.

I tried A2server on the intel mini. connected fine with the PB180 and Dayna Etherprint-T. But it seems the OS I had set up with the plus is not 100% ready for apple talk, I can see 'a2server' but get an error when I try to connect(says appletalk was not installed properly). However I have not been able to connect to that server via any modern mac that I own which definitely limits the usability at this point.

 

NJRoadfan

Well-known member
How modern? MacOS X 10.4 (or was it 10.5?) and later dropped Appletalk support for file sharing. SMB/CIFS is the preferred method nowadays. A2SERVER has Samba installed for that reason.

OS 9 and older should work with A2SERVER without a problem.

 

Mk.558

Well-known member
The Chart basically tells us that that 10.6 is the last to work with OS 9.2.

Does anybody want to try out this? http://support.apple.com/kb/HT4700

I'd be interested to hear of the results. Pretty simple really, test if 10.7/10.8 can mount a OS 7.5.5 w/OT 1.3, 9, 9.1, and 9.2 system (each one in turn) and then test if OS 7.5.5 w/OT 1.3, 9, 9.1, and 9.2 can then mount the 10.7/10.8 share.

 

insaneboy

Well-known member
actually, that will be very handy at work! Nice find. I'll try it this week, we have an older LaCie(7TB NAS) we store old files on, but LaCie dropped support for it under 10.7+ been using SMB, but there are file name issues that way, if I can get AFP access back that'll be perfect. (one of the reasons I've kept 10.6 on my workstation...)

 

Mk.558

Well-known member
Great. Anybody else would like to do a test run for me on that? The Guide only mentions it for reference, but I'm interested to know how it actually works. I can make a little table in AppleWorks later that I can use to help y'all understand what has to be done a little easier. :approve:

EDIT: Here it is:

osxoldshareenable.png

All you have to do is fill in yes or no for each appropriate field, and report any anomalies or unusuals. Shouldn't be that hard. I would do it but I don't have the hardware to do the OS 9.0/9.1 share, and I don't have 10.6, 10.7 or 10.8. (The Intel Mac mini I have maxes out at 10.6.)

Whosoever can do this will get credit for the new subsection for AFP for 10.7/10.8 :) . I may also need screenshots (like what I have up there already) on how to get the networking with AFP set up, so that all the steps are covered. Ideally we'd also verify that it works with Windows Server 2000/2003 Services for Macintosh but I have faith that it will work regardless, although three cool points, a bonus widget and a cookie are available to those who go that far. :b&w: Windows 2000 Server with SFM is actually fairly good, based on my testing. (2000 Server also has a unique feature to splice a file together from a separate resource fork and data fork into one file. Not sure if other Windows versions have this feature -- its done in the command line.)

 

insaneboy

Well-known member
Well I can tell you it does not work on the SE/30 at work with OS 7.5.3. :p we'll see if I have time to play on my 180 when I get home.

*note: The 180 is running 7.6.1, OT 1.3, AppleShare 3.8.3, this was the minimum required to connect to 10.5.8 server.

 

Mk.558

Well-known member
Well I can tell you it does not work on the SE/30 at work with OS 7.5.3. :p we'll see if I have time to play on my 180 when I get home.
7.5.3 with OT 1.3 or MacTCP? Nobody can mount each other?

 

insaneboy

Well-known member
MacTCP on the SE/30 no mounting in either direction(that sounds moderately dirty). SE/30 does not 'see' the LaCie either... I recall my Plus with 6.0.8 and MacTCP(same setup that sees a2server now, but somehow my appletalk is messed up after a few years sitting in storage) could 'see' and mount the LaCie I had at home, but it was a different model, at home I once had a 'd2 Network drive,' the one at work is a '5big storage server'.

actually, the SE/30 doesn't see the older LaCie network disk either... hummm. maybe the settings are wrong. going to check that again right now, since I'm waiting for some other work to come in right now. :)

 

insaneboy

Well-known member
Yup... forgot, no PRAM battery = automatic resetting of appletalk to the printer port :p

changed that and it does see the older LaCie drive no problem, getting stuck at the point it shows the available sharepoints, but that drive has like 25-30 separate share points so that may be the issue.

it does NOT see the newer LaCie drive nor my macbook. also after waiting for a few moments my macbook says it can't find a server running on the SE/30's IP address.

Appletalk version is 7.2 (as noted in the bottom left corner of the chooser)

 
Top