Skip to content

Instantly share code, notes, and snippets.

@hiroyuki-sato
Last active December 14, 2015 22:58
Show Gist options
  • Save hiroyuki-sato/5161980 to your computer and use it in GitHub Desktop.
Save hiroyuki-sato/5161980 to your computer and use it in GitHub Desktop.
Netatalk problem

Problem1

  • Owner Privilege change failed When I chagne privileage "read & write" to "read only"
  • "An unexpected error occurred (error -50)" error occured

Log

Mar 14 17:13:38.642730 afpd[20883] {acl.c:111} (E:Default): stat(name, &st) failed: No such file or directory
Mar 14 17:13:38.642839 afpd[20883] {vfs.c:452} (E:Default): remove_acl_vfs(vol->ad_path(path, ADFLAGS_HF)) failed: No such file or directory
Mar 14 17:13:38.642868 afpd[20883] {acls.c:1689} (E:AFPDaemon): afp_setacl: error from remove_acl

Operation

  • Login user1 on OSX.
  • connect netatalk server
  • login as user1
  • put a file (the name is 10m)
  • change privilege from Finder.

afpd -V

# /usr/local/netatalk/sbin/afpd -V
afpd 3.0.3dev - Apple Filing Protocol (AFP) daemon of Netatalk

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.

afpd has been compiled with support for these features:

          AFP versions:    2.2 3.0 3.1 3.2 3.3 
         CNID backends:	dbd last tdb 
      Zeroconf support:	Avahi
  TCP wrappers support:	Yes
         Quota support:	Yes
   Admin group support:	Yes
    Valid shell checks:	Yes
      cracklib support:	Yes
            EA support:	ad | sys
           ACL support:	Yes
          LDAP support:	Yes
         D-Bus support:	Yes
         DTrace probes:	Yes

              afp.conf:	/usr/local/netatalk/etc/afp.conf
           extmap.conf:	/usr/local/netatalk/etc/extmap.conf
       state directory:	/usr/local/netatalk/var/netatalk/
    afp_signature.conf:	/usr/local/netatalk/var/netatalk/afp_signature.conf
      afp_voluuid.conf:	/usr/local/netatalk/var/netatalk/afp_voluuid.conf
       UAM search path:	/usr/local/netatalk/lib/netatalk//
  Server messages path:	/usr/local/netatalk/var/netatalk/msg/

File System

# df .
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup-lv_root
                   7781012   6752868    632880  92% /
# mount
/dev/mapper/VolGroup-lv_root on / type ext4 (rw,user_xattr,acl)
# pwd
/home/netatalktest
# ls -l
total 10244
-rwxrwxr-x 1 user1 netatalk 10485760 Mar 14 16:42 10m

Environment

LDAP Server & AFP client

  • OS: OSX 10.8.2

netatalk server

  • Scientific Linux release 6.1

Build

% git clone https://github.com/franklahm/Netatalk.git
% cd Netatalk
% git checkout -b develop origin/develop

% git log
commit 8813338fe4a13634917fe6426ae97f5b14df54e2
Author: Frank Lahm <franklahm@googlemail.com>
Date:   Mon Mar 11 17:19:28 2013 +0100

    Permissions of ._ AppleDouble rfork after conversion from v2 to ea.
    
    Fixes bug #505.

% ./bootstrap
% ./configure --with-pam-confdir=/etc/pam.d \
            --prefix=/usr/local/netatalk \
            --with-cracklib \
            --with-dtrace \
            --with-init-style=redhat-sysv

% make 
# make install

afp.conf

[Global]
uam list = uams_dhx2.so
ldap auth method = none
ldap server = 192.168.XX.XX
ldap auth dn = uid=diradmin,dc=testserver,dc=example,dc=com
ldap userbase = cn=users,dc=testserver,dc=example,dc=com
ldap userscope = one
ldap groupbase = cn=groups,dc=testserver,dc=example,dc=com
ldap groupscope = one
ldap uuid attr = apple-generateduid
ldap name attr = uid
ldap group attr = cn
log file = /var/log/netatalk.log
log level = default:info

[testvolume]
path = /home/netatalktest
ea = sys
file perm = 0775
directory perm = 0775
search db = yes

OpenDirectory Setup

  • Setup OpenDirectory
  • Create group netatalk
  • Create user user1, user2

LDAP setting

LDAP connection

# set up
Authentication configuration
  User Information
    [*] LDAP
  Authentication
    [*] Use LDAP Authentication
    
LDAP Settings
  [ ] Use TLS
  Server: ldap://192.168.XX.XX
  Base DN: dc=testserver,dc=example,dc=com

User check

# getent passwd | grep user
user1:x:1025:1026:user1:/Network/Servers/testserver.example.com/Users/user1:/bin/bash
user2:x:1026:1026:user2:/Network/Servers/testserver.example.com/Users/user2:


# getent group | grep netatalk
netatalk:*:1026:

afpldaptest

# ./afpldaptest -u user1
Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching user: user1
User: user1 ==> UUID: 4760199C-D680-4A02-8C73-C273F7C5710D


Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching user: user2
User: user2 ==> UUID: F1B075D8-4F4C-44AB-8F4D-27F3B8ABA3CD


# ./afpldaptest -g netatalk
Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching group: netatalk
Group: netatalk ==> UUID: 917ED05B-4EA8-40C0-8D0E-819AC2D5F4E1

Local User(/etc/passwd on netatalk server)

# ./afpldaptest -u hsato2
Start parsing afp.conf
Finished parsing afp.conf
afp.conf is ok. Using anonymous bind.
Searching user: hsato2
User: hsato2 ==> UUID: FFFFEEEE-DDDD-CCCC-BBBB-AAAA000001F5    

Share setting

# mkdir /home/netatalktest
# chown -R user1:netatalk /home/netatalktest 
# chmod 775 /home/netatalktest/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment