Gentoo Wiki


This article is part of the HOWTO series.
Installation Kernel & Hardware Networks Portage Software System X Server Gaming Non-x86 Emulators Misc



This HOWTO is mainly geared towards iBook, Mac Mini or MacBook/Pro users or users who need to share files between Linux and Tiger 10.4. This is an alternative to SMB that's both easier and provides faster file transfers under OS X's native file transport protocol, AFP (Apple File Protocol).

Kernel Support

At present, this HOWTO only covers AFP-over-TCP. In the near future, it may be expanded to cover AFP-over-AppleTalk. Since this only covers AFP-over-TCP, the only kernel-level support you'll need is a working and configured ethernet card and a working TCP/IP stack.

It also only covers running the linux host as a AFP server to allow Mac OS X clients to connect to it.

To mount an AFP volume as a client, check out afpfs-ng, which is a FUSE-based AFP client for Linux. Check out

Emerging netatalk

It's as simple as

emerge netatalk

Configuring netatalk


Change the appropriate lines in the config file (/etc/netatalk/netatalk.conf) to run afpd:


The above example will run afpd and cnid_metad (this might be a good idea to run at the same time). CNID stands for Catalog Node ID, and somehow works with afpd to provide ID numbers for files and directories. I don't think it's necessary to run it, but you probably should anyway.

None of the following services are started: atalkd (appletalk over TCP), papd (printer sharing), timelord (used before NTP), a2boot (no idea what this is).

NOTE: CNID_METAD is only necessary if using the cnidscheme 'dbd' (optionally configured in AppleVolumes.default). The CNID scheme 'cdb' uses Berkeley DB and doesn't require this process. See CNID-backends. -- 23:21, 28 February 2007 (UTC)

Configuring AFP

afpd relies on two main configuration files to work properly--afpd.conf & AppleVolumes.default and they're both located in /etc/netatalk/ by default.


For a very basic configuration to get us started, let's edit afpd.conf and add the following single line:

File: /etc/netatalk/afpd.conf
- -noddp -advertise_ssh

This tells the AFP daemon to share over TCP instead of AppleTalk, and to disable sending clear text passwords.

Note that specifying -noddp merely disallows AppleTalk, and that AFP-over-TCP works even when leaving out this option, so if you have Classic MacOS machines on the network and would like to browse your fileserver via Chooser, leave out -noddp.


AppleVolumes.default tells the daemon what we want to share and who can access those shares. The format of the file is very simple. The format is as follows:

~                                              #This shares each users home directory
/opt/storage/Music OPT_MUSIC allow:tosk,@wheel #This shares /opt/storage/Music, with the Chooser name OPT_MUSIC and allows access to tosk and group wheel
/var/tmp TemporaryFiles allow:root             #This shares /var/tmp, with the Chooser name TemporaryFiles and is only available to root

So by default, AppleVolumes.default will share the home directories of all users. Add any other share points you'd like and then save and close the file.

File: Example: /etc/netatalk/AppleVolumes.default
/opt/music MUSIC allow:tosk,@audio
/opt/emu EMU_GAMES allow:@games
/usr/share/sounds SOUNDS allow:@users,@audio

Starting the AFP daemon

If you chose to use an initscript:

/etc/init.d/atalk start

If you're not using an initscript and will be calling the daemon as it is needed:


After afp startup, check /var/log/messages for errors.

Setting afpd to run on startup

To set afpd to run at boot time, use rc-update as root:

rc-update add atalk default

Advertising Shares

At this point the share(s) should be accessible via command-k on the OSX desktops. If you want the shared volumes to appear automatically in the Finder under Network:My Network, you will need to emerge and configure a Bonjour-like zeroconf service.


Avahi is now the prefered zeroconf implementation for gentoo. To install it first ensure that you have the 'dbus' USE flag in your /etc/make.conf. Then

emerge avahi

Remeber to set eth0 in promiscous mode

ifconfig eth0 promisc

and to change following statements in /etc/sysctl.conf

# Enables source route verification
net.ipv4.conf.default.rp_filter = 0
# Enable reverse path
net.ipv4.conf.all.rp_filter = 0

Now, you can either patch netatalk to make avahi autodetect your configuration and advertise your AFP server, or you can define the AFP service manually.

Patching netatalk

You will then need to patch netatalk using the patch contained in Bug #133575 and rebuild netatalk using the new ebuild contained within that bug report. (For more information about how to do this look at HOWTO Installing 3rd Party Ebuilds )

Manual declaration

If you decide not to patch netatalk, you can just manually add a service declaration to avahi. Add the following file to your system (make sure it has 644 permissions):

File: /etc/avahi/services/afpd.service
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> 
  <name replace-wildcards="yes">%h</name>

This file should not be needed if you patch netatalk, because it will automatically register the service with avahi when you start afpd.

Howl (old method)

Howl previously provided the Zeroconf network services under Linux. It is however no longer maintained and has been deprecated in favour of Avahi.

emerge howl

After the emerge completes, if the /etc/howl directory is not present, create it.

mkdir /etc/howl

We then need to provide a simple configuration file for the howl daemon.

File: /etc/howl/mDNSResponder.conf
MyServersShortDNSNameHere    _afpovertcp._tcp     local.     548

Now, start the mDNSResponder service.

/etc/init.d/mDNSResponder start

And set it to start at boot.

rc-update add mDNSResponder default


If you get an error like this in /var/log/messages when trying to connect to an AFP share:

Jul  5 19:05:17 linuxbox afpd[1648]: Setting uid/gid to 1000/1000
Jul  5 19:05:17 linuxbox afpd[1648]: cnid_open: dbenv->open (rw) of /home/myuser/data/.AppleDB failed: DB_VERSION_MISMATCH: Database environment version mismatch
Jul  5 19:05:17 linuxbox afpd[1648]: cnid_open: dbenv->open of /home/myuser/data/.AppleDB failed: DB_VERSION_MISMATCH: Database environment version mismatch
Jul  5 19:05:17 linuxbox afpd[1648]: Cannot open CNID db at [/home/myuser/data].
Jul  5 19:05:17 linuxbox afpd[1648]: Fatal error: cannot open CNID or invalid CNID backend for /home/myuser/data: cdb

Then your .AppleDB directory has been corrupted. All you need to do is delete it:

rm -rf /home/myuser/data/.AppleDB

And it should work again.

See also

Netatalk Home Page Avahi Home Page Howl Home Page Zeroconf Home Page

Retrieved from ""

Last modified: Sat, 16 Aug 2008 08:57:00 +0000 Hits: 35,907