How to: Install Netatalk (AFP) on Ubuntu with Encrypted Authentication

Purpose: Install Netatalk (AFP) on Ubuntu with encrypted authentication (using OpenSSL), which is not enabled by default with the Ubuntu netatalk package. By default, the package installed from the Ubuntu universal repositories will transmit your password via clear text (you’ll know this because Mac OS X Tiger will throw a warning and Leopard won’t do anything useful at all).

This is because, apparently, OpenSSL has a license that is incompatible with Debian’s GPL. Regardless: clear text is bad; encryption is good. And since Ubuntu doesn’t package netatalk with the appropriate encryption support, one must do it oneself.

Updated 05.08.09: Just tested this with Jaunty (09.04) and the package in the repositories works with no extra steps. If you are using an older version of Ubuntu, however, you will want to follow these instructions. Tested with Intrepid Ibex (8.10) as well as: 6.06, 7.04, 7.10, and 8.06.

about this guide

When I first found that Ubuntu’s netatalk package didn’t support encrypted authentication, I tried to compile netatalk from the source. I didn’t get very far. Throwing up my hands in frustration, I spent some more time on google and found some ideas at the Ubuntu Forums. Pulling it all together, with ideas and fixes from comments (below), this is what I came up with (which I think is a lot easier than building from source).

steps to follow

NOTE: If you have already installed netatalk you should remove it before proceeding with a sudo aptitude purge netatalk before you get going.

  • sudo aptitude update
  • mkdir -p ~/src/netatalk
  • cd ~/src/netatalk
  • sudo aptitude install cracklib2-dev libssl-dev
  • apt-get source netatalk
  • sudo apt-get build-dep netatalk
  • cd netatalk-2.0.3
  • sudo DEB_BUILD_OPTIONS=ssl dpkg-buildpackage -us -uc
  • sudo debi
  • echo "netatalk hold" | sudo dpkg --set-selections

The basic trend of this set of operations is to: create a directory where all the messy files can be stored, download necessary packages, get the netatalk source, compile the source with the ssl option, install the package, then tell Ubuntu never to update the package (because if it did, it would break).

Settings for the netatalk service can be found on your Ubuntu machine at /etc/netatalk/. There are a couple configuration files in there with instructions. Good luck.

configuration files

One of the first changes I make after installing netatalk is to disable some of the services that I don’t need running (and start those that I do). To do this, I edit: /etc/default/netatalk, changing the daemons that run so that it ends up looking like this (which allows netatlk to restart a lot quicker without the atalkd daemon — which is a holdover from pre-OS X times):

# Set which daemons to run (papd is dependent upon atalkd):

These are the settings I am using since I only need the afp file server — one thing to note, however, is that if you want to use the dbd databashe scheme rather than cdb, you need to set CNID_METAD_RUN to yescdb is supposed to be faster, while dbd is supposed to be “corruption-proof”.  You can read it about in the docs.

After you’ve saved changes to this configuration file, run the following to restart netatalk:

  • sudo /etc/init.d/netatalk restart

other tips and tricks

Here are a couple other thoughts and pointers that I’ve picked up over the years …

multiple afp servers running on the same network

I never thought much of it, but I did notice: if you have two different servers on your network running netatalk, you are unable to login to both of them at the same time. JET posted a solution to this and it works flawlessly. It has changed my life.

multiple network interfaces causing errors

Update (9/24/07 & 10/22/07): I’ve noticed a few people mentioning they get an error when compiling and/or starting netatalk (from as well). Folks with more than one available network adapter (like eth1 and eth2, or virtual adapters created by vmware) seem to run an error when they compile and during runtime . During compile time you might have have an error that ends in:

  • dpkg: error processing netatalk (--install):
  • subprocess post-installation script returned error exit status 1
  • Errors were encountered while processing:
  • netatalk
  • debi: debpkg -i failed

After this, you would probably get an error at runtime that looked like:

  • Starting Netatalk services (this will take a while): nbp_rgstr: Connection timed out

Tim Pope wrote a suggested fix in the comments below that should eliminate the conflict between the multiple adapters. I only have one adapter myself (and don’t use vmware) so I haven’t had a chance to try it yet myself. Let me know if this works for you as well.

153 Comments (newest first)

  1. […] a local network or the Internet. I installed it (with SSL authentication) on my Ubuntu server using this guide and had everything up and running in less than 10 […]

  2. Mattias says:

    Just brilliant. Thanks a million for this.

  3. Nicklas Werneman says:


    I’ve set up netatalk-2.03-9 on my Ubuntu 8.04 machine. It builds and installs fine. When I try to connect from my Leopard machine it rejects my login and says “Your password has expired”.

    I’ve checked my user at the ubuntu machine, and it’s password and account is set to never expire. I even tried to set it to 2030-something, but I get the same error.

    System time on both machines are the same and correct.

    Any Ideas?

    • Nicklas Werneman says:

      Anyone having any ideas why I get “Your password has expired”?

      See earlier post for details.


      • Damon says:

        @ Nick: sorry you are still having this problem, it isn’t something I have seen before — and I looked on google, as well, and couldn’t come up with a single thing. I haven’t the foggiest what the issue is. Have you tried emailing the developers of netatalk ? They have a mailing list you could try. I have asked them for help in the past and they are pretty prompt. Sorry!

        • Nicklas Werneman says:

          @Damon: Yeah, I’ve tried posting at their mailing list, but no replies :(

          • KB1IBT says:

            @Nick: I ran into the same problem. For some reason it was trying to read the /etc/netatalk/afppasswd file, which in this setup doesn’t exist. It turns out I hadn’t compiler the copy from Ben’s post exactly and it was falling back to needing instead of dhx After fixing that error everything worked right. You need to totally remove the before text and replace it with the after (and fix the slight formatting error that this page has)

  4. ben says:


    Thanks for the guide. Maybe someone here can help – still having trouble connecting to my shares; I think the openssl is still not getting built in properly. Mac is running 10.4, ubuntu is 8.04. On the Mac I enter the address of my server (afp://, and I get one of two problems.

    1: I get the authorization dialog, enter my username and password (on the server). It tells me that the server does not support openssl and so it will try to send the password in cleartext. Next, “An Error Occurred,” and that’s it.

    2: this just showed up, first time i’ve seen it actually, when I try to connect to the server:
    “The operation cannot be completed because one or more required items cannot be found. (Error code -35)”

    It’s weird, everytime I do a new linux install I go through this process and it never gets any easier. :)

    • Damon says:

      @ Ben: what type of Ubuntu install are you doing: 64-bit AMD ? i386 ? PPC ?

      I have never had the problem you describe myself; have you tried to connect via AFP from another Ubuntu machine using afpfs-ng ? Or tried a different Mac ?

      Using afpfs-ng you can get some more verbose debugging information if the problem persists.

      Sorry I don’t have more suggestions.

      • Ben says:

        @Damon: I’m using the i386 install (though the machine is an AMD64). No other computers handy right now … I’ve made this work many times in the past, can’t figure out what i’ve forgotten this time.

        from the autoconf – are these options right? i notice it doesn’t say anywhere in there whether the SSL support was in fact compiled in; and is it a problem if it doesn’t compile with cracklib?

        Install style:
        AFP 3.x calls activated: yes
        Large file support (>2GB) for AFP3: yes
        DDP enabled: yes
        backends: cdb dbd last
        Kerberos V
        Kerberos IV
        passwd (PAM SHADOW)
        CUPS support: yes
        SLP support: no
        Zeroconf support: no
        tcp wrapper support: yes
        quota support: yes
        admin group support: yes
        valid shell check: yes
        cracklib support: no
        dropbox kludge: no
        force volume uid/gid: no
        Apple 2 boot support: no

      • Ben says:

        ok, so more details.

        in the logs i see that it can’t load, the Diffie-Hellman key exchange. is in fact missing from /usr/lib/netatalk. i guess this is precisely the thing that is supposed to be built with OpenSSL, isn’t it? so no wonder it doesn’t work. :)

        hm, now off to figure out why it’s still not building properly … will try damon timm’s instructions again …

      • Ben says:

        [Solved] ! I think.

        Perhaps this will help others, as well. And it’ll help remind ME the next time :)

        1. for debugging: tail -f /var/log/syslog. The errors on the Mac side are pretty useless, as per the Apple Human Interface Guidelines. This will show better information.

        2. for some reason, just doing


        wasn’t enough – it still wasn’t building with ssl support. Elsewhere I found another suggestion, to edit the debian/rules file. In there, the ‘ssl’ option expands to a few things, including setting the configure option


        but actually that config flag wants the LOCATION of the ssl directory. (see ./configure –help).


        should work better. Actually, for me again it didn’t – the original DEB_BUILD_OPTIONS flag wasn’t even tripping the necessary clause! there’s an if/else to only include SSL if you set that flag. unnecessary, since the whole point of this is to get SSL, really.

        in debian/rules


        # Conditionally avoid or include ssl-related options
        ifneq (,$(findstring ssl,$(DEB_BUILD_OPTIONS)))
        DEB_CONFIGURE_EXTRA_FLAGS += –with-ssl-dir \
        –with-cracklib=/var/cache/cracklib/cracklib_dict \
        DEB_DH_GENCONTROL_ARGS := — -Vssl:Recommends=”, cracklib-runtime, libpam-cracklib”
        uamlist =,,
        pamfile = netatalk.pam-ssl
        DEB_CONFIGURE_EXTRA_FLAGS += –without-ssl-dir
        uamlist =,
        pamfile = netatalk.pam


        # SSL options
        DEB_CONFIGURE_EXTRA_FLAGS += –with-ssl-dir=/usr/include/openssl \
        –with-cracklib=/var/cache/cracklib/cracklib_dict \
        DEB_DH_GENCONTROL_ARGS := — -Vssl:Recommends=”, cracklib-runtime, libpam-cracklib”
        uamlist =,,
        pamfile = netatalk.pam-ssl

        after that, the package build and install process worked, I got the openssl included. hoorah!

        4. even so, still couldn’t connect from the mac. looking in the server logs showed a bad CNID error, whatever that is, from the .AppleDB directory. This was left over from previous linux versions when I had netatalk set up before. So I deleted that, plus the .AppleDesktop and .AppleDouble directories for good measure. And now it works! phew.

        thanks Damon!

  5. […] I’ve spent my entire evening fixing my appletalk set up after I accidentally ‘upgraded’ my handcrafted netatalk with the stock ubuntu one. I crafted my own because the stock package doesn’t support encrypted passwords. […]

  6. Moss says:

    @Damon: thanks for compiling alle that. Thanks to you I could access my Ubuntu fileserver from my all new shiny MacOS X Leopard in an instant after having installed the latter. Very helpful!

  7. order says:

    I have had Netatalk working for a long time on a Ubuntu box that I use as my Music Server. I recently updated both Mac to 10.5 and Ubuntu 8.04 I now get the message ‘home directory could not be mounted’ when connecting via the Mac. Netatalk is running and I have success connecting this way to another laptop running Ubuntu 8.04.

    Any ideas

    • Damon says:

      @ order: when you say you have success connecting this way to another laptop do you mean that you can connect from the Mac 10.5 to the laptop but not to your music server (both of which are running Ubuntu 8.04) and both of which have netatalk installed via the instructions above ? Did you do an in-place upgrade of Ubuntu on the Music Server ? I don’t know if I can help, but a little more information might let someone else chime in as well.

      • order says:

        You may have a good point with that. I did a in place upgrade on the Music Server and a clean install on the Laptop. Maybe a backup of the data and a clean install would be the best way to handle this. I’m a Mac support man by trade and have always taken the time to zero and do a clean build to get the best results. I don’t know if their is a command line on Linux to clean out unwanted crufted. On Mac 10.4 I used Applejack to fix permissions and fix low level problems. In Ubuntu I’m a newbie who likes just likes to learn.

        • Damon says:

          @ order: I don’t know of a command line way to clean up any of the brokenness of an in-place upgrade either. I prefer a clean slate myself, however, I have done one in-place upgrade from 6.06.1 to 8.04 and my netatalk didn’t break — so I am 1 for 1. Though I hesitate to try it again.

  8. Jay says:

    Thank you very much, Damon!

    It works on my Ubuntu 8.04 Hardy Heron. But I still can not access my extra mount HD, For example, I have another HD, it’s mounted on /media/disk. I have this line:

    /media/disk/ShareFiles “ShareFiles”

    in the file of AppleVolumes.default. I can not access this “ShareFiles”

    Could you please help me? Thanks again!

    • Damon says:

      @ Jay: did your default configuration work ? That is, were you able to visit your “Home Directory” as it is so cleverly called ?

      If you were able to mount this directory, before making changes to the file, then I can think of only: [a] did you restart all the netatalk services after the change ? [b] are you even getting an option of “ShareFiles” when you mount (alongside “Home Directory”) or is that mount point absent ? [c] does your user have the correct permissions to view “ShareFiles” on the server ?

      That’s all I can think of — you could also make sure that the “Home Directory” options match that of your “ShareFiles” options.


      • Jay says:

        Hi Damon,

        Thank you very much!

        I hope I can give you more and clear explanations about what I did as the following.

        1. After I install Netatalk, I modified my AppleVolumes.default file with these two lines:

        ~/ “Home Directory”
        /media/disk/ShareFiles “ShareFiles”

        2. I restart my Ubuntu, after log-in my Ubunt, I mount the second HD @ /media/disk, I have correct permission on the folder of ShareFiles, no any problem.

        3. Then, I start my netatalk server on Ubuntu, then connect to Ubuntu from Mac, connect as the same user name and password on Ubuntu.

        4. I can view two icons of “Home Directory” and “ShareFiles” on Mac, after I hit the icon of “ShareFiles”, a warning message pop-up, xxx can not find out…, but no any problem for the Icon of “Home Directory”;

        It worked for my old Ubuntu 7.10 before. I hope you can help me, thank you very much again, Damon!


      • Jay says:

        Hi Damon,

        I tried it again. If I change /media/disk/ShareFiles “ShareFiles” to /media/disk “ShareDisk”, I can access this mounted disk. I don’t understand why?

        Anyway, I can use this Netatalk service now.

        Thank you very much!


  9. CB says:

    Got it!

    Installed again with synaptic and it works.

    Thanks for help, got my head round it now

  10. CB says:

    Got in a bit of a pickle as I have installed avahi-daemon and seem to have various Netatalk folders in my Home directory, but can’t see it in /etc.

    MacBookPro see’s the share in side bar (10.5) but fails to connect even after clear text enabled.

    How do I uninstall and start a fresh

  11. CB says:

    When running
    DEB_BUILD_OPTIONS=ssl sudo dpkg-buildpackage -us -uc
    In Hardy I get
    Found 736 different copyright and licensing combinations.
    ERROR: The following new or changed copyright notices discovered:

    UNKNOWN [1998 Owen TaylorPermission to use, copy, modify, and distribute this software and / notice appear in all copies and that / notice and this permission notice appear in supporting]: doc/htmldocs/netatalkconfig.1.html

    To fix the situation please do the following:
    1) Investigate the above changes and update debian/copyright as needed
    2) Replace debian/copyright_hints with debian/copyright_newhints
    make: *** [debian/stamp-copyright-check] Error 1
    dpkg-buildpackage: failure: debian/rules build gave error exit status 2

    Any idea’s

    • Damon says:

      @ CB: check out the comment above yours – I haven’t had a chance to update this “how to”, hope to do so soon. I’m not running a fresh version of Hardy yet … However, in the mean time, check out the pingback above. Hope you have good luck.

  12. […] Damon Timm has a great post on installing netatalk on Ubuntu with SSL support.  I won’t go through the licensing issues again (I feel like enough people have done that already).  Suffice to say, Ubuntu doesn’t ship netatalk with SSL enabled, and Leopard requires SSL support to connect to AFP shares out of the box.  It’s easy enough to allow Leopard to use plaintext passwords with the following command: […]

  13. Rachel says:

    This workaround appears to no longer work in Ubuntu Hardy. The dhx module is not built. If debian/rules is altered to point ssl to where it actually is, that makes no difference either. Given up and gone back to gentoo, which builds a fully-functional netatalk out of the ebuild.

    • Dan Walker says:

      @ rachel: I have struggled to get this to build with the proper DHX support on Hardy and above, but I finally got it working last night. I’m not certain which of these steps did it, but it might be worth a try.

      1) Completely remove netatalk, cracklib2-dev and libssl-dev:

      sudo aptitude purge netatalk cracklib2-dev libssl-dev

      2) Use a slightly different syntax for setting the build options (as per this page):

      After downloading the netatalk source, edit ~/src/netatalk/netatalk-2.0.3/debian/rules. Find the line which says:

      DEB_UPDATE_RCD_PARAMS := defaults 50

      Add this line directly beneath it, then save the file:


      3) I used a different command to build:


      4) Then installed with:

      dpkg -i ~/src/netatalk/netatalk_2.0.3-9_i386.deb

      After sorting the multiple ethernet issue (VMware), the modules are all in place and everything works perfectly (including the avahi daemon)!

      What is strange is that I *thought* I had got this working when I first set things up over a year ago, because Tiger had stopped warning about cleartext passwords. It seems that wasn’t the case after all! Thanks to everyone who has contributed, it has really been helpful.

  14. Andrew says:

    Anyone having the

    “subprocess post-installation script returned error exit status 1”

    problem who has not been able to get everything installed given the other suggestions here, I found this bug which adds one more step which cleared it up for me. Not sure if you need to do this in conjunction with the other fix or not, I did both and I am now up and running.

    Fixed by changing two files:
    1) /etc/default/netatalk
    FROM: ATALK_NAME=`/bin/hostname –short`
    TO: ATALK_NAME=`/bin/hostname`

    2) /etc/init.d/netatalk
    FROM: ATALK_NAME=`/bin/hostname –short`
    TO: ATALK_NAME=`/bin/hostname`


    • Damon says:

      @ Andrew: What version of Ubuntu (if you are using Ubuntu) are you using ? Just curious …

      • Andrew says:

        When I had to do that I was using Ubuntu 7.10, now after upgrading to Ubuntu 8.04 I only need to put the dontroute flag into the config file.


  15. francine says:

    Worked flawlessly, many thanks, excellent

  16. Heather says:

    Very nice. Worked perfectly for even a newbie like me. I am using Ubuntu Server 6.06 LAMP install and Leopard.

  17. […] Well it turns out netatalk on Debian based systems is not linked to openssl and hence can’t do the DHX password encryption. Initially I was ticked off at this but after reading the bug and Debian legal’s position, I get why this is the case. I went about the process of rebuilding netatalk with the very helpful howto here and with additional help from this article. […]

  18. Fred says:

    Great Thanks from France !!! This run out of the box…

  19. Damon.

    Well done. As long as I followed your advice exactly it worked great with Gutsy Gibbon and Leopard!

    Great and useful blog.


  20. […] So I got the Apple to talk Ubuntu. Well it was so cool. […]

  21. Rajkumar says:

    Well have tried almost everything.
    u will have to deinstall vmware fully “purge”
    apt-get autoremove netatalk –purge
    remove the src dir in ~
    deinstall vmware software only. not the winxp dir/or any other os dir.
    follow instructions above.

    reinstall an be happy ” I mean vmware”

  22. billy code says:

    I’ve got two netatalk servers (ubuntu 7.10 server) running on the same subnet. I can connect to either server from the same client from an OS X client, but not both (at the same time).

    If I connect to one server as user “A”, then try to connect to the other server as user “B”, .. the Volume (user “B”) doesn’t appear. Rather, an unselectable “A” volume appears in the Connect to Server dialog (OS X client).

    Any ideas?

    • Damon says:

      @ billy code: When you say “User A” do you mean “User A – Mac Client” or “User A – Server Client” ? I know I have had strange results when trying to mount multiple AFP servers from a single Mac; however, I haven’t had a problem having multiple users from a single Mac Client connect to different shares of a server.

      Visit this comment for an answer…

  23. Alex says:

    Worked a treat on 64bit Ubuntu… Many thanks…

  24. […] Install netatalk with ssh enabled on your Linux box (instructions for doing this on Ubuntu are found here). […]

  25. Sukkelkind says:


    just wanna say thankx; it work for me @ once :-D I,m using a Imac G5 with tiger 10.4.10 and ubuntu desktop 7.10 and it all worked.

    so thankx for this tutorial

  26. casey says:

    I, too, am having problems. I added eth0 -noroute, eth1 -noroute, and even tried adding irda0 -noroute, and am still not getting the final step to work.

    Anyone have any ideas?

    casey@casey-laptop:~/src/netatalk/netatalk-2.0.3$ sudo debi
    (Reading database ... 104274 files and directories currently installed.)
    Preparing to replace netatalk 2.0.3-6ubuntu1 (using netatalk_2.0.3-6ubuntu1_i386.deb) ...
    Stopping Netatalk Daemons: afpd cnid_metad papd timelord atalkd.
    Unpacking replacement netatalk ...
    Setting up netatalk (2.0.3-6ubuntu1) ...
    Installing new version of config file /etc/default/netatalk ...
    Installing new version of config file /etc/init.d/netatalk ...
    Installing new version of config file /etc/pam.d/netatalk ...
    Starting Netatalk services (this will take a while): noroute: attribute not found.
    eth1: disabled.
    atalkd: zero interfaces, exiting.
    invoke-rc.d: initscript netatalk, action "start" failed.
    dpkg: error processing netatalk (--install):
     subprocess post-installation script returned error exit status 1
    Errors were encountered while processing:
    debi: debpkg -i failed
    • Silviu says:

      @casey: I had the same error. Read atalkd.conf again – it looks like they changed the -noroute option to -dontroute. I’m running netatalk 2.0.3 – if you’re running the same version, it’s very likely that this is your problem.

      So add:

      eth0 -dontroute
      eth1 -dontroute
  27. […] This is obviously because the new Finder only shows SMB- and AFP-shares in the sidebar. I won’t use SMB, that’s for sure. So I installed netatalk (with encryption support) using one of the many good and easy to follow instructions and it does a very good job. I liked NFS a lot (and I’d still be able to mount it manually, btw.), but for my setup AFP suites much better. It (at least feels) much faster and snappier, does authentication and automatically shows the user’s home directory. […]

  28. Mike Beck says:

    that worked well. Unfortunately the netatalk-server does only connect to lo0. my atalkd.conf looks like this:

    eth0 -router -phase 2 -net 1-1000 -addr 1000.142 -zone "Macs"
    i copied the - script to my mac and checked from there it tells me:
    Network address: (TCP/IP address)
    Network address: 1000.142 (ddp address)

    i saw some other references to problems like this while googling (which is how i found out about but i could not find a solution. Do you happen to have an idea?

    • Damon says:

      @ Mike Beck: Geez, am not sure what’s wrong there. I don’t have any configuration variables in my /etc/netatalk/atalkd.conf file. After the default installation you aren’t getting any connections? I would suggest contacting the mailing list. I have the link a few comments above this. Sorry!

  29. Glass says:


    I’ve troubles login in to my netatalk. I tried this guide out, but the problem still remain. I can set everything up and get it running. But after I enter my login and password I get this error:
    Connection Failed.

    Please help me!

    PS. I run debian on the server and leopard on the macbook.

    • Damon says:

      Hi there, sorry you are having trouble. Are you able to ping your server or make other types of connections ? (such as through ssh or apache?) Do you have firewall (iptables) running on the server ? portmap ? The first thing I would suggest is determining if you requests for a connection are even reaching the server. If they are, and netatalk isn’t responding … then can go from there ? Have you tried a port scan of the server to see if the ports are open and available for netatalk ?

      • Glass says:

        @ Damon: First, thanks for you reply.

        I can connect to my server with ssh, apache, smb, vnc etc etc. I can also connect to netatalk, but not login. If I stop the netatalk service, I don’t get the login screen. I have also tried to change the port without success. I still get the login screen, but I can’t login (says it fails error “-5002”).

        • Damon says:

          @ Glass: I’ll be honest, I don’t know what’s going on. Sorry. I am not really a netatalk guru. Just browsed enough web pages to put together this “how to”. Smile. Try their mailing list (mentioned above). They have been very helpful to me.

  30. […] I found two posts by Damon Timm and Durk Hellinga (on Vivaldi Street in Leeuwarden, Netherlands, no less) that describe the general process. However, as my comment on Durk’s blog says, I had some problems with circular dependencies. When you try to build the package with dpkg-buildpackage, it complains about some dependencies: % DEB_BUILD_OPTIONS=ssl dpkg-buildpackage dpkg-checkbuilddeps: Unmet build dependencies: cdbs (>= 0.4.6) debhelper (>= 4.1.46) dh-buildinfo d-shlibs (>> 0.19) libdb4.2-dev libwrap0-dev libpam0g-dev libslp-dev libcupsys2-dev heimdal-dev (>= 0.7.1-3) debuild: fatal error at line 993: You do not appear to have all build dependencies properly met, aborting. (Use -d flag to override.) If you have the pbuilder package installed you can run /usr/lib/pbuilder/pbuilder-satisfydepends as root to install the required packages, or you can do it manually using dpkg or apt using the error messages just above this message. […]

  31. JR says:

    Hi Damon,

    Hope you can shed some light here.. I have ubuntu 7.10 running netatalk, with a USB2.0 HFS+ (non-journaled) drive hooked up. It works fine, however the permissions are a mess.

    IE, I can’t even mount the drive in netatalk (samba works fine), MacOS just gives me some weird Finder error when I try to mount it.

    My AppleVolumes.default is set to
    /mnt/mac “Network Mac” allow:username

    I’m not sure if I’m doing something wrong, but there aren’t any recent “docs” on netatalk to properly setup something like this. The reason I’m using HFS is because I need to move the drive back and forth between ubuntu and a mac at work and I need to keep it consistent.

    Any help you could offer would be great

    • Damon says:

      @ JR: Sounds like maybe you are on the right track with the permissions being an issue — though I don’t know exactly what the problem is. Sorry. Maybe without journaling setup netatalk can’t store the required information for each file or something … I’m really not sure.

      My recommendation is join the Netatalk Admin Mailing List:

      You can post your question there. I have asked some questions in the past and get quick answers. Sorry I can’t help more. Let me know if you find an answer.

  32. Ramirop says:

    everything worked fine on the ubuntu side, but when I try to connect a Mac to the server I get an error indicating that I am using a wrong user or password. The dialog box on the mac does’nt let me login as guest, and the username and password I am using are the ones I use to login to the server.
    Do I have to specify a different set of passwords? what could be wrong?

    • Damon says:

      @ Ramirop: hi there. You should be able to use the same username and password as the ~/home directory you are attempting to mount … at least, that is the default setting that I got.

      You should view the contents of: /etc/netatalk/ on the server; there are a couple configurations files and some of them set which directories you can mount and which ones you want to allow guest access for. Guest access is not available by default — you need to select a mount point (and I would recommend it not be your home folder).

      Take a look there — are instructions in the configurations files. Be sure to save a backup of each file before you change it.

      Hope that helps.


  33. tricky says:

    Im getting the following error after using the sudo debi command,

    Selecting previously deselected package netatalk.
    (Reading database ... 122889 files and directories currently installed.)
    Unpacking netatalk (from netatalk_2.0.3-5_i386.deb) ...
    Setting up netatalk (2.0.3-5) ...
    Starting Netatalk services (this will take a while): nbp_rgstr: Connection timed out
    Can't register milton-desktop:Workstation@*
    invoke-rc.d: initscript netatalk, action "start" failed.
    dpkg: error processing netatalk (--install):
    subprocess post-installation script returned error exit status 1
    Errors were encountered while processing:
    debi: debpkg -i failed

    can’t work out what I’ve done wrong, any idea’s?

    • Damon says:

      @ tricky: hmm … I am not sure, off hand, what could be causing this problem … unless you have VMWare installed? Check out this post at the Ubuntu Forums. Otherwise, my only suggestion would be to make sure you followed the steps letter-for-letter … sorry I can’t be more help. Let me know if that fixes it.

    • @ tricky:

      I’m having your same problem. But I DO use VMware player 2.0 to develop with visual Studio 2005 . ( Work for the university )….

      Any ideas about how to get rid of that problem without having to UNINSTALL VMware ???

      Here’s my thread in ubuntu forums

      • Damon says:

        @ Nicolas Goles:

        I don’t have a solution, sorry, and don’t have a way to test it since I am not using VMWare — though I would like to try and use it in the future.

        My suggestion would be to try the netatalk-admins mailing list … the folks there might have an answer (have helped me with some fairly interesting problems personally).

        If you do find a solution would love to include it here and at the forum because as VMWare gains popularity I’m sure others will have the same issue.

    • Tim Pope says:

      Hi if you get the error

      dpkg: error processing netatalk (--install):
      subprocess post-installation script returned error exit status 1
      Errors were encountered while processing:
      debi: debpkg -i failed

      this is normally due to having more than one network interface (i have 2 and get this issue) the reason its also a vmware issue is they create a virtual network for communication.

      the fix for me was simple

      navigate to /etc/netatalk and open up atalkd.conf in your preferred text editor (you’ll have to sudo).

      if you know all your network adapters then skip this paragraph… otherwise open up a terminal and run the command ‘ifconfig -a’ this will list your adapters… in my case i have ‘eth0’, ‘eth1’ and ‘lo’ (ignore lo as its a loopback device but remember the others)

      in atalkd.conf add the lines

      eth0 -noroute
      eth1 -noroute

      (or whatever the eth you have)

      save do the debi and it should all work fine :-)

      • Damon says:

        @ Tim Pope: Thanks for those suggestions — great! I only have eth0 currently but was considering a system upgrade which would bring me to two or more ethernet adapters (and maybe use of vmware as well) so it’s nice to know there is a work around. I am going to link to your comment in the main post so people can find it easily enough.


        • SizzLo says:

          I followed the instructions. It didn’t solve the problem as such. Otherwise good, but the text should be:

          eth0 -dontroute
          eth1 -dontroute

          Luckily the comments in the atalkd.conf were helpful in this. However, thanks a lot guys!

  34. Shaun says:

    Thanks Damon, worked like a charm..

  35. […] (Big thanks to Damon Timm for putting together the quickest way to set up AFP with SSL using just those commands above) […]

  36. Even says:

    Hey, great work man, I appreciate it.

    I adapted some of it for a guide I did on creating an AFP file server with some other features in Ubuntu, hope you don´t mind. You can check out the guide here:


  37. Brian says:

    I ran into a couple of issues on 6.10. For one thing, the SSL directory is not set correctly in netatalk*/debian/rules. Going on information I found on Ubuntu forums post ” Netatalk – No encrypted authentication” I modified it to include the correct directory. Also, for some reason it was defaulting to no ssl support for me even though I had it set in $DEB_BUILD_OPTIONS. Once more I ventured into the debian/rules file and just forced it to compile with ssl support. That fixed it.

    • Brian says:

      Update: Whoops, just realized I’m actually on 6.06 right now. Made the change a while back and forgot about it :).

  38. Simone says:

    Works perfectly on Debian etch via SSH.

  39. girish says:

    please consider it adding to the installation Ubuntu/Debian guide.

  40. Chris Phillips says:

    I tried building netatalk with SSL and got the following errors. Can you help?

    Thank you!


    pheed@IBM-Linux:~/src/netatalk/netatalk-2.0.3$ DEB_BUILD_OPTIONS=ssl sudo dpkg-buildpackage -us -uc
    dpkg-buildpackage: source package is netatalk
    dpkg-buildpackage: source version is 2.0.3-5
    dpkg-buildpackage: source changed by Jonas Smedegaard
    dpkg-buildpackage: host architecture i386
    dpkg-buildpackage: source version without epoch 2.0.3-5
    dpkg-checkbuilddeps: Unmet build dependencies: cdbs (>= 0.4.23-1.1) autotools-dev debhelper (>= 4.2.0) quilt patchutils (>= 0.2.25) cdbs (>= 0.4.27-1) dh-buildinfo d-shlibs (>> 0.19) libdb4.2-dev libwrap0-dev libpam0g-dev libslp-dev libcupsys2-dev heimdal-dev
    dpkg-buildpackage: Build dependencies/conflicts unsatisfied; aborting.
    dpkg-buildpackage: (Use -d flag to override.)

    • Damon says:

      Sounds like you don’t have all the dependencies ready for the installation … are you sure you ran these three lines:

      $ sudo aptitude install devscripts cracklib2-dev dpkg-dev libssl-dev
      $ apt-get source netatalk
      $ sudo apt-get build-dep netatalk

      If you did, and you still get these errors … maybe try installing each of “Ummet build dependencies” using apt-get or aptitude? Let me know what happens.

      • Chris Phillips says:

        Damon, thanks for your help. I must have mistyped one of the earlier commands. I tried a second time and it worked perfectly. Thanks again!

  41. majikins says:


    did this on Ubuntu and it worked perfectly with instructions. Ubuntu said it updates for netatalk and I updated – now it does not allow connections. Services start up normally upon reboot of pc but when I restart the services I get the following:

    nbp_rgstr: Connection timed out
    Can't register dhashen-desktop:Workstation@*

    What can I do?

    • Magnus says:

      $ echo "netatalk hold" | sudo dpkg --set-selections

      should do the trick and hold back netatalk when performing updates

      • Damon says:

        thanks for the suggestion. I will add it to the end of the “How To:” — want to test it out myself as well, because, although I haven’t upgraded since I did the install, would like to avoid that problem. Appreciate it!

  42. Eric says:

    this command:

    • $ sudo aptitude install devscripts cracklib2-dev dpkg-dev libssl-dev

    did this:

    E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable)
    E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    Initializing package states... Done
    Building tag database... Done
    E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable)
    E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

    That’s as far as I got.

    • Damon says:

      I usually get that error when another process is using apt at the same time I try to run aptitude … so, do you have you Package Manager software open at the same time or are you trying to install packages or software with anything else running?

      If you try a clean reboot, and run this first, and still get this error … well, let me know. I don’t think you should though.

  43. John says:

    Thanks so much! It worked perfectly, no questions asked!

    I know this is outside the scope of your howto, but do you know what to edit to change the name of the networked drive? netatalk tells my Mac it’s “Home Directory” but I would like to give it a different name.

    Thanks again!

    • Damon says:

      You can edit the settings file by going to:

      $ sudo nano /etc/netatalk/AppleVolumes.default

      Then, at the very bottom, you will see “Home Directory” in quotes. You can change it to whatever you want. I set mine to “$u” so it shows the username.


    • John says:

      Sorry, I spoke too soon. To all curious, it’s in

      You can add/edit/rename volumes there with a really easy syntax. It’s just

      /volume’s/path “Volume Name”
      /another/volume “Second Volume’s Name”

  44. chillin says:

    This works great, until I upgrade netatalk, and then it stops working. In thread you linked here from, a poster mentions a conflict with VMWare, but I’m not running any. Reinstalling makes it work again, but it Ubuntu will again see an upgrade for netatalk. Any suggestions/solutions to this are appreaciated.

    • Damon says:

      You wrote:

      This works great, until I upgrade netatalk, and then it stops working.

      You should now be sure to use: echo "netatalk hold" | sudo dpkg --set-selections to hold the auto-upgrade.

      Hmm … these steps will install the latest version of netatalk, which is 2.0.3. So you shouldn’t have to upgrade. I assume that you are using a Ubuntu Desktop edition ? Perhaps the Update Manager doesn’t see the correct version that you have already installed ?

      To be honest, I am not sure how to fix the Update Manager if that is what is causing the problem. Have you tried re-installing netatalk and then running an aptitude upgrade or apt-get upgrade to see if that also messes up your install? I believe that on my system, when I have upgraded, it has held back the netatalk package — but I run a server edition.

      In short though: you don’t need to upgrade. Go back to the directory you downloaded and compiled everything to and run sudo debi again … this should re-install it. (You have may have to remove it first.)

      Let me know if that works.

  45. Sven says:

    Really. Thanks.

  46. George Calm says:

    Thank you. That was very helpful.