• Updated 2023-07-12: Hello, Guest! Welcome back, and be sure to check out this follow-up post about our outage a week or so ago.

Yet Another Netatalk 2.2 Fork

slipperygrey

Well-known member
- -transall -hostname RETRO -uamslst unams_guest.so,/uams_clrtxt.so,uams_randnum.so,uams_dhx.so,uams_dhx2.so
This might not be representative of your actual configuration, but I just wanted to point out that you have a typo in the guest authentication module. It should say uams_guest.so (and not 'unams').
 

slipperygrey

Well-known member
MacIPRPi has a contemporary disto.
Raspbian GNU/Linux 10 (buster) 5.10.17-v7+
My apologies, I misread your comment. So I assume you also use the openssl 1.0 legacy packages?
I'm curious if you never ran into the error described in this Ubuntu bug ticket?
This was actually the triggering factor that led to my fork, since it kept erroring out with 2.2.6 in my Raspbian Buster environment.
 

elvis

Member
This might not be representative of your actual configuration, but I just wanted to point out that you have a typo in the guest authentication module. It should say uams_guest.so (and not 'unams').
Definitely a few typos above, although they were spotted and corrected shortly after posting. I can't edit the posts to reflect what I tested for some reason.

However it's all good, I found the specific combination that got it working.

Many thanks for all of your efforts to keep Netatalk2.X.X alive!

Old clients like the IIgs only support cleartext and randnum authentication. A2SERVER's scripts set up the randnum password for you.
I knew about "randnum" being required (my client seems to reject uams_clrtxt.so entirely), but the part that appeared to make things work better was the modifications to atalkd.conf, in particular the "-phase 2 -net 1" combination.

Leaving atalkd.conf blank generates a "-net 0-65534" entry soon after the service restart, which seems to cause problems with the client I'm using. Forcing that "-net 1" seems to help things dramatically, as does having a zone specified (without either of these options, it seems to not get a response from the server when attempting to connect to the share. A different error to the "authentication methods" one it gets if randnum isn't the authentication specified).

This could all be coincidence or something unrelated, I'm not sure yet. I've got the weekend set aside for testing on a virtual IIGS setup together with real hardware OS9 and G5 OSX setups simultaneously, and I'll see if I can find the magic combination to make them all share the same storage at the same time.
 

cheesestraws

Well-known member
but the part that appeared to make things work better was the modifications to atalkd.conf, in particular the "-phase 2 -net 1" combination.

This sounds like a localtalk to ethernet bridge fighting with netatalk trying to do things the "right" way to me.
 

NJRoadfan

Well-known member
Two regressions found.

-a2boot daemon entries are not being added to /etc/init.d/netatalk when compiled with --enable-a2boot and --enable-debian
-This patch is crashing the GS/OS LaserWriter driver to monitor, MacOS is fine: https://github.com/rdmark/Netatalk/commit/e9dc6aa87caf314ffa5450dc13ea27a3191752c7

Commenting out everything in the added spoolreply() function in files.c fixes the problem. Something may be overflowing in the GS/OS driver due to the repeated status updates.
 

NJRoadfan

Well-known member
Regarding the a2boot daemon entries in /etc/init.d/netatalk, the A2SERVER scripts added this by doing a search/replace on the existing timelord entries....eck! So if you want both using A2SERVER, you need to edit the file manually.
 

slipperygrey

Well-known member
Two regressions found.

-a2boot daemon entries are not being added to /etc/init.d/netatalk when compiled with --enable-a2boot and --enable-debian
-This patch is crashing the GS/OS LaserWriter driver to monitor, MacOS is fine: https://github.com/rdmark/Netatalk/commit/e9dc6aa87caf314ffa5450dc13ea27a3191752c7

Commenting out everything in the added spoolreply() function in files.c fixes the problem. Something may be overflowing in the GS/OS driver due to the repeated status updates.
Regarding spoolreply(), this is from a very recent (Sep 2021) NetBSD patch. The commit messages say:
Send a reply when more data required by papd server.
As required by appletalk 58.
Introdtuce spoolreply() for sending a response back to the client.

Required to request more data for printing.
XXX: AFAICT this should work in all cases.

There's no further context provided in the patchset. I can try to contact the author to get insights into what particular AppleTalk requirement they were working against. For now, we should definitely revert these code changes:
 

slipperygrey

Well-known member
Regarding the a2boot daemon entries in /etc/init.d/netatalk, the A2SERVER scripts added this by doing a search/replace on the existing timelord entries....eck! So if you want both using A2SERVER, you need to edit the file manually.
Ah, that is a good insight. Since I have been touching the initscripts Makefile for the systemd work, I can see what I can do.

But anyhow, do I understand this correctly that this wasn't actually a regression with the systemd initscript changes that I made?
 

NJRoadfan

Well-known member
Nope, not a regression. Just didn't realize Ivan was patching /etc/init.d/netatalk to get a2boot working. Submitted a pull request to update the init files.

I don't know why the spoolreply() function was added either. I don't think LaserWriter drivers actually check to see what's going on with the PAPStatus, its more for the user to see if their remote printer is having issues (offline, out of paper, etc.)

Edit: Fixed the problem, its in the same pull request as the init files (oops)
 
Last edited:

mactjaap

Well-known member
My apologies, I misread your comment. So I assume you also use the openssl 1.0 legacy packages?
I'm curious if you never ran into the error described in this Ubuntu bug ticket?
This was actually the triggering factor that led to my fork, since it kept erroring out with 2.2.6 in my Raspbian Buster environment.
Netatalk works without any problem on the MacIPRpi. The whole idea behind the MacIPRpi is that a user can download an image, put it on SD, insert it into the Rpi (3B+ pr 4), boot it and ........you are in business. MacIP over LocalTalk and AppleTalk (DDP) file sharing (and more).
No fuss about configuration. The blinking red led wil tell you that you have Netatalk running, so even no need to login.
If you are more a power user or developer yourself, so can start logging in and test new things. See main page op https://www.macip.net for more details.

Did a check to be sure….
For now the MacIPRpi is equipped with Netatalk 2.2.5 (so not 2.2.6) from the Stretch packages. It is the most recent concept of MacIP.net. Also the older ones like the VM, orangepi or tiny iso will do the job. But they can use an update.


For future updates of MacIPRpi I will definitely try your version of 2.2.6 (2.27...) and I'm happy that there is a future for Apple File sharing over DDP. Also macipgw for MacIP over LocalTalk, TimeLord relies on Netatalk..so yes...it is important work you do!
 

slipperygrey

Well-known member
Nope, not a regression. Just didn't realize Ivan was patching /etc/init.d/netatalk to get a2boot working. Submitted a pull request to update the init files.

I don't know why the spoolreply() function was added either. I don't think LaserWriter drivers actually check to see what's going on with the PAPStatus, its more for the user to see if their remote printer is having issues (offline, out of paper, etc.)

Edit: Fixed the problem, its in the same pull request as the init files (oops)
One weird thing that I spotted is that the A2BOOT_RUN option is altogether commented out in the canonical init script template (distrib/initscripts/rc.atalk.debian.tmpl) -- wouldn't it be enough to uncomment this, and then turn on A2BOOT in /etc/default/netatalk after installing?

ATALKD_RUN=no PAPD_RUN=no TIMELORD_RUN=no #A2BOOT_RUN=no ATALK_ZONE= ATALK_BGROUND=no

BTW, I've reverted the spoolreply() code in the 2.2.x branch now, together with the "disable session tickles" feature that was part of the same patchset and by the same author for now. I'll keep trying to get in touch with the author to understand the background to those changes a bit better before considering putting them back.

Please have a look again when you have a moment to spare! Hopefully printing in GS/OS should work again...
 
Last edited:

slipperygrey

Well-known member
Ah, that would be problematic yes. Thanks for the comprehensive PR to get a2boot init scripts fixed for all the platforms! I've merged it into the 2.2.x branch.
 

slipperygrey

Well-known member
You may need to force netatalk 3.x to use less secure login handshakes. Maybe create a share with no login security. I think 3.x still supports AFP2.2 clients (first TCP/IP revision).
I was able to figure out what to put in afp.conf to get Netatalk 3.1 to authenticate with cleartext password. And, I could confirm that out of the box, the afpd crashbug does *not* reproduce on an HFS file system. However, an observation is that Netatalk 3 has a different method and format for storing file metadata (resource fork). Gone are the .AppleDouble dirs, and now there are binary files that start with '._' that contains resource fork data. I have a suspicion that this is related. The troubleshooting continues!
 

NJRoadfan

Well-known member
Netatalk 3.x switched to OS X style '._' AppleDouble metadata storage. This was to be consistent with Samba and OS X systems. Somewhere along the way the bug might have been fixed.
 

slipperygrey

Well-known member
One weird thing is that using the options 'noadouble' or 'ea:none' in AppleVolumes.default which IINM are supposed to suppress AppleDouble meta data creation, Netatalk still creates an AppleDouble file for every single file, including empty files created by a Linux 'touch' command. That in itself seems buggy... or maybe there's another factor that's overriding these options for me.
 
Top