问题[afp](server)

您好我有一台 Linux 服务器 (18.04)，它使用 netatalk 服务充当 TimeMachine 备份服务器。用户正在使用 LDAP (/etc/ldap.conf) 进行身份验证

客户端可以连接到 AFP 挂载做 TimeMachine 备份和注销就好了。如果您需要共享更多 conf 文件，请告诉我。

AFPD 版本：

    afpd -V
afpd 2.2.6 - Apple Filing Protocol (AFP) daemon of Netatalk

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.

afpd has been compiled with support for these features:

          AFP versions: 1.1 2.0 2.1 2.2 3.0 3.1 3.2 3.3 
DDP(AppleTalk) Support: Yes
         CNID backends: dbd last tdb 
           SLP support: No
      Zeroconf support: Avahi
  TCP wrappers support: Yes
         Quota support: Yes
   Admin group support: Yes
    Valid shell checks: Yes
      cracklib support: Yes
        Dropbox kludge: No
  Force volume uid/gid: No
            EA support: ad | sys
           ACL support: Yes
          LDAP support: Yes

             afpd.conf: /etc/netatalk/afpd.conf
   AppleVolumes.system: /etc/netatalk/AppleVolumes.system
  AppleVolumes.default: /etc/netatalk/AppleVolumes.default
    afp_signature.conf: /etc/netatalk/afp_signature.conf
      afp_voluuid.conf: /etc/netatalk/afp_voluuid.conf
         afp_ldap.conf: /etc/netatalk/afp_ldap.conf
       UAM search path: /usr/lib/netatalk/
  Server messages path: /etc/netatalk/msg/
              lockfile: /var/run/afpd.pid

/etc/pam.d/common-auth

#
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.).  The default is to use the
# traditional Unix authentication mechanisms.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

#auth required pam_listfile.so onerr=fail item=group sense=allow file=/etc/login.group.allowed
# here are the per-package modules (the "Primary" block)
auth    [success=2 default=ignore]      pam_unix.so nullok_secure
auth    [success=1 default=ignore]      pam_ldap.so use_first_pass
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional                        pam_cap.so
# end of pam-auth-update config

/etc/pam.d/common-account

#
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system.  The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.
#

# here are the per-package modules (the "Primary" block)
account [success=2 new_authtok_reqd=done default=ignore]        pam_unix.so
account [success=1 default=ignore]      pam_ldap.so
# here's the fallback if no module succeeds
account requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
account required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

/etc/pam.d/common-session

#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
session [default=1]                     pam_permit.so
# here's the fallback if no module succeeds
session requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required                        pam_permit.so
# The pam_umask module will set the umask according to the system default in
# /etc/login.defs and user settings, solving the problem of different
# umask settings with different shells, display managers, remote sessions etc.
# See "man pam_umask".
session optional                        pam_umask.so
# and here are more per-package modules (the "Additional" block)
session required        pam_unix.so
session optional                        pam_ldap.so
session optional        pam_systemd.so
session optional                        pam_mkhomedir.so skel=/etc/skel/ umask=0066
# end of pam-auth-update config

/etc/pam.d/common-password

#
# /etc/pam.d/common-password - password-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define the services to be
# used to change user passwords.  The default is pam_unix.

# Explanation of pam_unix options:
#
# The "sha512" option enables salted SHA512 passwords.  Without this option,
# the default is Unix crypt.  Prior releases used the option "md5".
#
# The "obscure" option replaces the old `OBSCURE_CHECKS_ENAB' option in
# login.defs.
#
# See the pam_unix manpage for other options.

# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules.  See
# pam-auth-update(8) for details.

# here are the per-package modules (the "Primary" block)
password        requisite                       pam_cracklib.so retry=3 minlen=8 difok=3
password        [success=2 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512
password        [success=1 user_unknown=ignore default=die]     pam_ldap.so use_authtok try_first_pass
# here's the fallback if no module succeeds
password        requisite                       pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password        required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
# end of pam-auth-update config

auth.log 中的错误日志

Jul 20 11:05:17 server afpd[5131]: pam_unix(netatalk:auth): authentication failure; logname= uid=0 euid=0 tty=afpd ruser=demouser rhost=192.168.1.10  user=demouser
Jul 20 11:05:17 server afpd[5131]: pam_unix(netatalk:session): session opened for user demouser by (uid=0)
Jul 20 11:05:17 server systemd-logind[1166]: New session c23 of user demouser.
Jul 20 11:06:21 server afpd[5131]: pam_unix(netatalk:session): session closed for user demouser
Jul 20 11:06:21 server dbus-daemon[1278]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.69" (uid=10001 pid=5131 comm="/usr/sbin/afpd -U uams_dhx2.so,uams_clrtxt.so -g n" label="unconfined") interface="org.freedesktop.login1.Manager" member="ReleaseSession" error name="(unset)" requested_reply="0" destination="org.freedesktop.login1" (uid=0 pid=1166 comm="/lib/systemd/systemd-logind " label="unconfined")
Jul 20 11:06:21 server afpd[5131]: pam_systemd(netatalk:session): Failed to release session: Access denied
Jul 20 11:06:21 server afpd[5131]: PAM audit_log_acct_message() failed: Operation not permitted
Jul 20 11:06:21 server systemd-logind[1166]: Removed session c23.

运行 OSX Lion Server (10.7.4)，Apple 文件共享服务大约每周一次停止让客户端连接到其共享。在客户端上，我们将看到一个对话框，提示“连接到服务器时出现问题”。浏览服务器时，我们根本看不到共享。客户端还运行最新的 OSX (10.7.4)

在 /var/log/system.log 中，我们看到如下条目：

6 月 26 日 08:38:22 w3 AppleFileServer [20511]：收到带有无效 client_id 157 的消息

6 月 26 日 08:42:11 w3 AppleFileServer [20511]：收到带有无效 client_id 165 的消息

6 月 26 日 08:42:21 w3 AppleFileServer [20511]：收到带有无效 client_id 174 的消息

其中 20511 似乎是 pid，并且 client_id 似乎随着每次失败的尝试而递增。

/Library/Logs/AppleFileService/AppleFileService[Access|Error].log 中没有任何内容跳出来

重启服务解决问题：

serveradmin 停止 afp && serveradmin 启动 afp

所以我添加了一个脚本来使用定期服务每天执行此操作。但是，我们仍然大约每周遇到一次这个问题。

我想在两台 mac 电脑之间传输文件。该网络是无线 N，两台计算机中都有无线 N 模块。

问题是，当我通过文件共享 (afp) 在它们之间传输文件时，网络速度上限为 2 兆字节/秒。仅从互联网下载文件我可以获得更快的速度，所以这不是我的 wifi 带宽的限制，它似乎是所使用协议的限制。

我的 wifi-n 设置为 130 兆比特，所以我应该看到真实世界的传输速度约为 12-16 兆字节/秒

我在两台计算机上都执行了这个命令，这sudo sysctl -w net.inet.tcp.delayed_ack=0应该会降低 tcp 开销，但这并没有影响它。

我怎样才能达到我期望的速度？

我有一个运行 FreeNAS 8 的家庭文件服务器。几天前，我使用 rsync 从 Mac 上传我的整个 iTunes 库，这样我就可以通过网络加载我的库，而不是从一个慢速 USB 驱动器上加载。这主要是有效的，iTunes 现在运行得更好，但是我在访问任何包含非 ascii 字符的歌曲时遇到了问题（我在加载 Queensrÿche 曲目时首先注意到了这个问题）。这些文件会显示在 Finder 中，但任何访问它们的尝试都会使它们消失，直到我重新连接到服务器。

经过一些研究，我发现这是因为 OSX 使用与 Linux 不同的 UTF 字符顺序。OSX 文件系统使用 Unicode Normalization Form D (NFD)，而 linux 使用 Form C (NFC)。Rsync 在执行从我的 mac 到服务器的复制时不会转换这些形式，现在当 iTunes 尝试通过网络访问具有特殊字符的文件时，服务器上的文件编码错误并且 afpd 报告它们没有不存在。

解决此问题的最佳方法是什么？是否可以让rsync在将基础库上传到服务器的同时进行unicode转换？我可以将 afpd 配置为传输/接收 NFD 格式的文件名吗？有没有简单的解决方案来更改服务器上的文件名？我找到了一些关于名为 convmv 的程序的资料，但我不知道我是否可以在 FreeNAS 上运行它。

我的公司使用 Mac，他们有很多文件名带有#. 我注意到使用外部 NAS（不是 Apple，而是 Synology 或 Qnap）时，“搜索”#在文件名中遇到文件时失败。这是法新社开源协议版本的限制还是其他原因？

使用 AFP 复制文件需要 40 分钟，但使用 scp 只需要 7 分钟。为什么法新社这么慢？

我的设置：

• D-Link DIR-300 无线路由器
• 配备 Snow-Leopard 的 iMac 服务于法新社
• 带有 Leopard 的 Macbook 是客户端

如何在 arch-linux 机器上通过苹果的 afp 协议实现文件共享？我的系统应该为具有不同操作系统的多个客户端提供文件。(Windows {XP,7},OS X) 对于 Windows 部分，我安装了 Samba。

我们的小办公室里没有那么多文件服务器，所以我想我们可以使用 Apple Time Capsule（我已经有了）。

我在安装它时遇到了问题，如下所示：

mount -t afp afp://10.0.1.1 /Volumes/test

返回此错误：

mount_afp: AFPMountURL returned error 22, errno is 2

我不确定发生了什么，我尝试了-i（交互式）参数，它提示我输入我的用户名和密码，即使它们是正确的，也会发生相同的错误。如果我username:password在地址中的协议后面加上我的正确，也是如此。

这与安装任何其他网络驱动器有什么不同吗？

运行 avahi 的单台机器是否有可能通过 afp 通告其他机器共享文件？

我有不同的机器运行 Gentoo，但我不想在每台服务器上运行 avahi。

在 OS X 10.5 中，共享点被“破坏”，因为继承的写入权限始终优先于共享点本身的 ACL。

OS X AFP 共享和访问

有人知道这是否在 10.6 中修复了吗？