Topic: AFPD / NetATalk suite (with timemachine and authentication support)
There's been many people trying to get afpd to work properly on openWRT and I haven't seen so many success stories. Here's how to get netatalk to work with authentication and how to get timemachine support to work as well.
To complete this you will need to build your own netatalk package, until patch I've provided gets integrated.
First of all, currently openwrt ships with outdated netatalk, we need to fix this. Secondly, to make authentications work, we need support for shadow. Follow the guides how to build your own image and packages to get started and
then patch netatalk in packages with this https://dev.openwrt.org/attachment/tick … lk222.diff.
Compile fresh 2.2.2 netatalk with --with-shadow flag and install package on to your router. In this guide I am not going to guide you through partitioning, you'll do your own choices about that, but I decided to use HFSPLUS on my external harddisk as filesystem format, reason for this is that then it's compatible with Mac as well. To get fsck with HFS/hfsplus support you need diskdev_cmds - I've sent a patch to trac ages ago, but it's not been integrated yet for some reason, anyway, if you decide to use hfsplus as well, fsck might be handy, and while we are compiling packages, compile and install this package as well: https://dev.openwrt.org/attachment/tick … _cmds.diff
Okay. You should also install atleast shadow support for your router, I installed everything related: adduser, moduser, deluser, addgroup, modgroup, delgroup, shadow.. These are included in normal packages..
I also would install avahi. For convenience also I would install uuidgen.
My setup is WNDR3700 that has 1 USB port which I have connected to powered 7-port usb-hub. There I have connected my external harddisk (has it's own power source), and a 4gb usb stick and a 3g dongle.
I have made my 4gb usb stick to be my extroot (overlay). Because sometimes my system had hanged and hd was corrupted pretty easily I chose to keep AppleDouble database on the usb stick. See my configs. You keep them where you want but I decided to do this setup. I'll recommend it to you too.
How does authentication work and what about afppasswd? Yes, afpd comes with afppasswd command that manipulates afp's own password file. This is so that user could have different passwords for afp service and pam, but if user doesn't exist for real and cannot login (for example, because of wrongly setup home directory), they cannot login to afp as well. So I don't use afppasswd at all.
Let's move on to configurations. At default afpd can become pretty heavy, here's some tweaks.
1) Edit /etc/init.d/afpd and set MAXCONS to 4 - If only one machine is connected, this should cover it. If more than one - keep default 7.
2) AFPD often causes system to hang (and harddisk to need fsck after boot), let's minimize the load a bit, open /etc/netatalk/afpd.conf and set this as it's contents:
- -noddp -advertise_ssh -uampath /usr/lib/uams -uamlist uams_guest.so,uams_passwd.so,uams_dhx_passwd.so,uams_randnum.so,uams_dhx2.so -passwdfile /etc/netatalk/afppasswd -savepassword -passwdminlen 0 -nosetpassword -defaultvol /etc/netatalk/AppleVolumes.default -systemvol /etc/netatalk/AppleVolumes.system -nouservol -guestname "nobody" -sleep 1 -dsireadbuf 9 -dircachesize 1024 -server_quantum 65536 -fceholfmod 30 -nodebug
I've reduced dsireadbuf, dircachesize, server_quantum and fceholfmod - set software to nodebug mode and also set some default paths and settings about password aswell with authentication routines. This setup reduces load significantly and I was able to backup about 100gb on my WNDR3700 without router to hang. This might slow it a bit down, but not that much.
3) AppleVolumes.default, use TDB as cnid_scheme, it works best on these routers. Here's my AppleVolumes.default file, make modifications to suite your needs.
:DEFAULT: allow:root,jake dbpath:/etc/netatalk/AppleDB/$v options:upriv ea:ad :DEFAULT_CNID_SCHEME: tdb /tmp Temp options:upriv,searchdb /overlay Overlay options:ro,upriv,searchdb /mnt/Hdd/ Hdd options:upriv,searchdb /mnt/Devel/ Development allow:root,jake,nobody rolist:nobody rwlist:root,jake options:upriv,searchdb /mnt/Shared/ Shared allow:root,jake,nobody rolist:nobody rwlist:root,jake options:upriv,searchdb /mnt/Music/ Music allow:root,jake,nobody rolist:nobody rwlist:root,jake options:upriv,searchdb cnidscheme:tdb /mnt/Movies/ Movies allow:root,jake,nobody rolist:nobody rwlist:root,jake options:upriv,searchdb cnidscheme:tdb /mnt/Documents/ Documents option:upriv,searchdb cnidscheme:tdb # Didn't get this to work for some reason #/mnt/Private/$u/ $u allow:$u dbpath:/etc/netatalk/AppleDB/homedirs/$u options:upriv,usedots,searchdb cnidscheme:tdb /mnt/Private/jake/ jake allow:root,jake dbpath:/etc/netatalk/AppleDB/homedirs/jake options:upriv,usedots,searchdb cnidscheme:tdb /mnt/Private/TimeMachine/imac/ TimeMachine allow:nobody cnidscheme:tdb dbpath:/etc/netatalk/AppleDB/tm/imac options:usedots,upriv,tm
4) Follow guides on how to setup avahi for afpd/timemachine, here's mine:
<?xml version="1.0" standalone='no'?><!--*-nxml-*--> <!DOCTYPE service-group SYSTEM "avahi-service.dtd"> <service-group> <name replace-wildcards="yes">%h</name> <service> <type>_adisk._tcp</type> <port>9</port> <txt-record>sys=waMA=INSERTMACHERE,adVF=0x100</txt-record> <txt-record>sys=waMA=SECONDMACHERE,adVF=0x100</txt-record> <txt-record>dk0=adVF=0x100,adVN=Temp,adVU=73d13e1c-a35a-4fa2-bd7d-cb602929751d</txt-record> <txt-record>dk1=adVF=0x100,adVN=Overlay,adVU=33571b8e-d650-41a2-8809-b19f75a18d62</txt-record> <txt-record>dk2=adVF=0x100,adVN=Hdd,adVU=f2cea23c-c5bb-41b5-8a02-73429c61746e</txt-record> <txt-record>dk3=adVF=0x01,adVN=Development,adVU=1a5761ce-c35a-4e07-9375-f5ce6b4db386</txt-record> <txt-record>dk4=adVF=0x01,adVN=Shared,adVU=cef4bf1c-ab0e-45d2-b4be-1966893bd22f</txt-record> <txt-record>dk5=adVF=0x01,adVN=Music,adVU=f0b087df-f6ef-43d7-a717-4f67e0a32d9c</txt-record> <txt-record>dk6=adVF=0x01,adVN=Movies,adVU=743d693f-ae88-4d07-821b-769cc5be3be1</txt-record> <txt-record>dk7=adVF=0x100,adVN=Documents,adVU=b98f08cf-0a6a-4da0-9fc7-5b8c925cb5ae</txt-record> <txt-record>dk8=adVF=0x100,adVN=jake,adVU=a13d2b6f-6585-4e22-8eeb-1125218a9f72</txt-record> <txt-record>dk10=adVF=0xa1,adVN=TimeMachine,adVU=EA29AA60-2D26-2654-6F59-E9B305324D9D</txt-record> </service> </service-group>
I used uuidgen to generate uuids..
5) tune your /etc/config/fstab. Sync option is not good - especially when backing up large amounts. Try to change it to async or something else.
Here's my hfsplus mount options:
6) some more tweaks:
this has been reported to grow usb speed, so my rc.local says:
echo 1024 > /sys/block/sda/device/max_sectors echo 1024 > /sys/block/sdb/device/max_sectors echo 1024 > /sys/block/sdc/device/max_sectors
7) this is more WNDR3700 specific, but it's been reported to grow networking speed, so.. my /etc/sysctl.conf has these lines added to the end:
#Custom net.ipv4.neigh.default.gc_thresh1=1024 net.ipv4.neigh.default.gc_thresh2=2048 net.ipv4.neigh.default.gc_thresh3=4096
My setup is not only possible setup to get things work, but if you've had hardtime to get it work, maybe you should set it up like this and go from here?
There's also a reason why my TimeMachine is globally accessible: it was slower to connect to it when I had it behind authentication. I do a lot of stuff on my computer, so I also backup pretty often.. I decided to go this way - but it works just fine with authentication as well.