So I was recently trying to set up a fileshare in one of our offices and trying to get it visible to the filesharing stuff in Mac OS X, since several people in the office have Mac laptops. The original thought (since it’s supposedly better-supported on Linux) was to set up Samba, but our authentication in the office is all LDAP based, and I gave up trying to get Samba to work with our LDAP server after a few days. Samba seems to want complete control over your LDAP server, and won’t deal with a read-only one that just happens to have all the Samba auth info in it already. This seems wrong, and I’m sure there’s a way to do it, but I sure couldn’t find any documentation to tell me how.
So then I thought maybe I’d try Netatalk. None of the usual packaging repos seemed to carry a netatalk RPM, but I did find one for Netatalk 2.0.3 in Fedora 8. I took the SRPM from that and rebuilt it on my RHEL5 server. Then I went about trying to configure it. Turns out the documentation for Netatalk SUCKS ROCKS. Everything I could find was written in 1998 and last touched in 2002 or so, and there’s been several new versions of Netatalk since then. When all was said and done, the configuration part turned out to be really easy, you just couldn’t figure it out from the docs.
I did find a tutorial for setting up Netatalk for TimeMachine on Ubuntu, which turned out to be incredibly helpful. So my main reason for blogging about this is to help that tutorial get some more pagerank, since it wasn’t nearly high enough in the search results on Google. 🙂
So without further ado, here’s the Netatalk How-to for Ubuntu that I found.
I’ve gotta believe it’s possible to set it up to use a read only LDAP directory for authentication. That’s essentially how Active Directory works… and I know Samba can authenticate against AD as I have a server with a fake printer that only works because Samba auths against my AD (it’s really a perl script that takes the PostScript from the print job, runs it through GhostScript, then emails the PDF version to the person who initiated the print job).
Yeah, I thought so too. The docs sure don’t make it obvious. Every howto I could find was all about how to get Samba to manage your LDAP for you, nothing about just letting it authenticate from it.
so would you be willing to build rpm’s of your RHEL5 install and make them available? That would be nice!
You can just grab the SRPM from Fedora and use “rpmbuild –rebuild” on it.
But if you want the actual RPMs I built, they’re here:
http://people.mozilla.com/~justdave/RPMS/
That’s probably a couple versions behind by now though.