NetaTalk Server on RaspberryPi

라즈베리파이, VMware GuestOS와 OpenVPN1https://openvpn.net/community-downloads/으로 연결 한 상태에서, 사용중인 내 맥북에서 서버쪽 파일관리를 쉽게하려고 설치한 서비스다. DebianOS 에는 약간 철지난 버전밖에 없어서 최근 버전으로 직접 설치하였다.  VPN 연결인 경우 네트워크 드라이버가 tap0 임에 유의. 

 

 NetaTalk 서버 컴파일 & 설치


# 컴파일에 필요한 라이브러리/헤더 설치  (Debian Buster: libmysqlclient-dev --> default-libmysqlclient-dev)
$ apt-get install build-essential libevent-dev libssl-dev libgcrypt-dev libkrb5-dev libpam0g-dev  libwrap0-dev libdb-dev libtdb-dev libmysqlclient-dev libavahi-client-dev libacl1-dev libldap2-dev libcrack2-dev systemtap-sdt-dev libdbus-1-dev libdbus-glib-1-dev libglib2.0-dev libio-socket-inet6-perl libtracker-sparql-2.0-dev libtracker-miner-2.0-dev

# netatalk 소스 직접 다운로드 from http://netatalk.sourceforge.net/

$ tar xvfz netatalk-X.Y.tar.gz
$ cd netatalk-X.Y
$ ./configure --prefix=/opt/netatalk \
        --with-init-style=systemd \
        --without-libevent \
        --with-cracklib=/opt/netatalk/etc/cracklib_dict \
        --disable-shell-check \
        --enable-largefile \
        --without-ldap \
        --with-pam-confdir=/etc/pam.d \
        --with-dbus-daemon=/usr/bin/dbus-daemon \
        --with-dbus-sysconf-dir=/etc/dbus-1/system.d

# bin/afppasswd/afppasswd.c 줄번호 58, 비밀번호 길이 제한을 8자 이상으로 수정할 것 !!

$ make
$ make install

# loader 설정 업데이트
$ echo "/opt/netatalk/lib" > /etc/ld.so.conf.d/netatalk.conf

 

 단순 비번을 방지하는 Cracklib 설치


$ cd /usr/share/dict/
$ create-cracklib-dict -o cracklib_dict  /usr/share/dict/words
86644 86644

$ ls -la
total 1832
drwxr-xr-x   2 root root   4096 Oct  5 16:40 .
drwxr-xr-x 164 root root   4096 Oct  5 16:02 ..
-rw-r--r--   1 root root 971578 Oct 20  2017 american-english
-rw-r--r--   1 root root 477238 Aug  4  2017 cracklib-small
-rw-r--r--   1 root root   1024 Oct  5 16:40 cracklib_dict.hwm
-rw-r--r--   1 root root 383896 Oct  5 16:40 cracklib_dict.pwd
-rw-r--r--   1 root root  21676 Oct  5 16:40 cracklib_dict.pwi
lrwxrwxrwx   1 root root     16 Oct 20  2017 words -> american-english
$ mv cracklib_dict.* /opt/netatalk/etc

 

 systemd service 파일


[Unit]
Description=Netatalk AFP fileserver for Macintosh clients
Documentation=man:afp.conf(5) man:netatalk(8) man:afpd(8) man:cnid_metad(8) man:cnid_dbd(8)
Documentation=http://netatalk.sourceforge.net/
After=syslog.target network.target avahi-daemon.service

[Service]
Type=forking
GuessMainPID=no
ExecStart=/opt/netatalk/sbin/netatalk
PIDFile=/var/lock/netatalk
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
RestartSec=1

[Install]
WantedBy=multi-user.target서빗

 

 afp.conf – /opt/netatalk/etc/


;
; Netatalk 3.x configuration file
;

[Global]
; Global server settings
  log file = /var/log/afpd.log
  log level = default:warn
  spotlight = no
  hide files = /.DS_Store/Network Trash Folder/TheFindByContentFolder/TheVolumeSettingsFolder/Temporary Items/.TemporaryItems/.VolumeIcon.icns/Icon?/.FBCIndex/.FBCLockFolder/
  read only = No
  admin auth user = www-data
  force user = www-data
  force group = www-data
  save password = yes
  asswd minlen = 5
  set password = no
  passwd file = /opt/netatalk/etc/afppasswd
  uam list = uams_clrtxt.so uams_guest.so uams_dhx.so uams_dhx2.so
  unix charset = UTF8
  afp interfaces = eth0 tap0
  afp listen = 192.168.137.137
  cnid listen = 127.0.0.1
  host allow = 192.168.137.0/24 127.0.0.1
  hostname = WP
  zeroconf = yes
  file perm = 0644
  directory perm = 0755
  login message = 'WP/AFP File Server'
  mimic model = MacBookPro

; Max length of UTF8-MAC volume name for Mac OS X. Note that Hangul is especially sensitive to this.
  volnamelen = 255

; Enables or disables the ability of clients to change their passwords via chooser or the "connect to server" dialog.
  set password = yes
  guest account = "www-data"

[Homes]
basedir regex = /home

[wp-content]
path = /var/www/andrwj.com/htdocs/wp-content
directory perm = 0755
file perm = 0644
time machine = no
follow symlinks = yes
valid users = www-data

 

 사용자 및 비밀번호 설정


# 패스워드 파일 생성 
/opt/netatalk/bin/afppasswd -c

# www-data 사용자 추가 (비번 생성시 간단하고 추측가능한 단어는 거부된다. -n 옵션을 쓰면 cracklib를 사용하지 않는다)
/opt/netatalk/bin/afppasswd -n -a www-data

 

 서비스 시작


systemctl daemon-reload
systemctl enable netatalk
systemctl start netatalk

 

 맥에서 접근: CMDK 키를 눌러 연결.  사용자 ID: www-data  

 

 

References   [ + ]

1. https://openvpn.net/community-downloads/