Ubuntu and Mac OS X Integration

One of my projects over the Christmas holiday has been to rebuild the home network. You’d think I’d want to avoid that sort of thing since I’ve been on vacation from work for the past two weeks, but working on a home network is a different sort of beast than working on a network for a company. There are different challenges to be addressed.

My primary goals for this “home network rebuild” were the following:

  1. Rebuild the home server with a newer version of Linux, and possibly switch to a different distribution.
  2. Continue to provide DNS, DHCP, HTTP, and HTTP proxying/content filtering services to the home network.
  3. Continue to provide file sharing services via Server Message Block/Common Internet File System (SMB/CIFS) for Windows-based systems on the home network.
  4. Continue to have a shared music library available via Digital Audio Access Protocol (DAAP, aka iTunes) available to all systems on the home network.
  5. Provide file sharing services to Macs on the network via AppleTalk Filing Protocol (AFP) over TCP.

Ideally, I also wanted to enable Time Machine backups from my Mac laptop to the home server.

After doing a fair amount of research, I settled on the use of Ubuntu 8.04 LTS (“Hardy Heron”) for the server build. I didn’t go with Ubuntu 8.10 (“Intrepid Ibex”) simply because a) I already had 8.04.1 downloaded and burned to a CD; and b) Hardy Heron is an LTS release, so I should have better support over the long term.

I won’t bore readers with the details of the rebuild, but it took about a day or two to get a larger hard drive installed, Ubuntu installed and configured, and services running like DHCP (including some static reservations for certain computers, like my laptop and my iPhone), DNS (using MaraDNS, much easier to figure out than BIND), Apache, and Squid with SquidGuard. At this point, I’d completed tasks #1 and #2.

On to task #3. This was pretty simple and straightforward and easily accomplished via Samba, with nothing really unique to document here. The one interesting thing that I did find was a way to map the long usernames that Mac OS X uses (like “Bob Jones”) to a short username (like “bjones”). I used this command in the /etc/samba/smb.conf file:

username map = /etc/samba/usermap.conf

In this file, I simply placed lines that mapped the long usernames to the short usernames. Since Mac OS X defaults to the long username when connecting to the server, this allows me to simply type in a password and connect. I searched for hours trying to find a way to have Mac OS X supply my current password to the Samba server so that I wouldn’t get prompted, but could not find any information. If anyone knows the trick, I’d love to hear about it. After configuring a few shares, setting Linux permissions and the umask, and then testing from both my Mac laptop and a Windows laptop, task #3 was finished.

Task #4, providing an iTunes-compatible music server, was also really straightforward and easy. For this, I again selected Firefly Media Server, formerly mt-daapd, which I’d used before with great success. Again, nothing unusual or unique to document here, except for the potential interaction with Avahi (more on that later).

The final task was installing Netatalk to provide AFP over TCP file sharing services for Macs on the network. Fortunately for me, one of the sites I’d been using to help in my project pointed me to this blog post, which had a prebuilt package for Netatalk that included the necessary SSL support that Mac OS X requires. That saved me the trouble of compiling Netatalk from source. Following the steps in the Kremalicious article as well as information from this guide, I configured Netatalk to present a volume to use for Time Machine backups. It was at this point that I noticed a strange interaction with Avahi.

Avahi is a multicast DNS (what Apple calls Bonjour) server for Linux. It’s responsible for advertising services to multicast DNS-enabled systems, such as other Linux systems running Avahi or Macs. I’d installed Avahi earlier and used some service definitions from this article and this blog post to advertise Samba and HTTP. In addition, after installing Firefly, I’d noticed that Firefly starting advertising its presence automatically through Avahi with no service definition required.

Upon installing Netatalk, I also noticed that Netatalk started advertising automatically via Avahi as well, but using the IP address of the server. In order to be able to control how Netatalk advertises via Avahi, I had to change this line in /etc/avahi/avahi-daemon.conf:

enable-dbus=no

The suggestion for this change came from this thread on the Ubuntu Forums. Upon making the change and restarting Avahi, the odd Netatalk entry went away, but so did Firefly! To advertise both Netatalk and Firefly, I added a couple of files to /etc/avahi/services:

afpd.service:

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">Intrepid Time Machine</name>
<service>
<type>_afpovertcp._tcp</type>
<port>548</port>
</service>
<service>
<type>_device-info._tcp</type>
<port>0</port>
<txt-record>model=AirPort</txt-record>
</service>
</service-group>

daapd.service:

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name replace-wildcards="yes">Home Music Server</name>
<service>
<type>_daap._tcp</type>
<port>3689</port>
</service>
</service-group>

After placing these two files into /etc/avahi/services, the new services starting advertising immediately. By the way, you’ll note the extra “device-info” entry in afpd.service; that sets the icon that will be used by Macs when they discover this service. I made mine look like a Time Capsule by using the setting listed above.

During this work with Avahi, I uncovered a couple of interesting things:

  • I found that restarting the Avahi daemon is actually more problematic than just leaving it alone; in order to make it start advertising services again after a restart, you’ll have to open one of the files in /etc/avahi/services and then close it again. No changes are necessary to the file, but opening it will kickstart Avahi into service advertisement.
  • Advertising SMB/CIFS and AFP together with the same name caused my Mac to ignore the SMB/CIFS services and only use AFP. I had to separate SMB/CIFS and AFP into different entries. Since I was using AFP really only for Time Machine backups and SMB/CIFS for everything else, it wasn’t really a big deal.
  • Advertising SMB/CIFS and RFB (Screen Sharing, as outlined here) works fine together.

At this point, task #5 was pretty much complete. I had originally envisioned providing file sharing services to the same locations via both AFP and SMB/CIFS, but in the end—partially because of the odd issue with AFP and SMB/CIFS being advertised together as described above—settled for using AFP only for Time Machine and SMB/CIFS for everything else.

Along the way, I also configured screen sharing as outlined here, and it seems to work just fine. I have to leave an account logged in to the Ubuntu server, but I can just lock the screen when I’m not logged in remotely.

The last step was to enable Time Machine backups to the Ubuntu server via AFP. First, the hack to enable non-Time Capsule network backups (this should be all on one line):

defaults write com.apple.systempreferences TMShowUnsupportedNetworkVolumes 1

I was then able to select the Ubuntu-hosted AFP volume for Time Machine backups. Attempting to run a Time Machine, backup, however, reported an error about being “unable to create the disk image”. Fortunately, a number of different articles pointed to the use of hdiutil to create the disk image, and that seemed to fix the problem. Time Machine is now backing up to the AFP volume, although I suspect I still have a few issues to work through (for example, it looks as though I have to keep the Time Machine AFP volume mounted in order for automatic backups to run).

So, when everything is said and done, I was able to achieve all my stated goals. The only outstanding issue that I haven’t yet figured out yet centers on automatic logins; for both AFP and SMB/CIFS, I get prompted for a password when connecting, even though I keep my password synchronized (manually) between my Mac and the Ubuntu server. Any tips on how to resolve that would certainly be appreciated.

Along the way, I found the following sites to be quite helpful. I’m sure there are others that I used along the way, and I apologize if I’ve failed to extend credit where credit is due.

Limit size of Time Machine backups on Time Capsule
Set up Time Machine on a NAS in three easy steps
Make Ubuntu a Perfect Mac File Server and Time Machine Volume
Five Guides on How to Integrate Ubuntu into a Mac OS X Network
Time Machine Wireless Backups without Time Capsule

Tags: , , , , , , ,

  1. Pete’s avatar

    Mac OS X Leopard runs a KDC on every node, so the way to avoid being prompted for a password is probably to establish cross-realm trusts between the Mac and the CIFS server. Might also eliminate the need for the user ID mapping file. (Either that, or using LDAP might be better.) This may be a similar exercise to getting Unix to work with Active Directory (you’re one of the experts there).

  2. Fernando’s avatar

    I’ve been trying to do the exact same thing last weekend. I was able to do most of your steps, but I go stuck in the permissions part. Everytime Windows writes on the ubuntu volume, ubuntu can’t modify that file (it’s locked), and neither can Mac OS. I assume it’s a permissions deal, so I wonder if you can point me in the right direction with this. I have a 3 network pc: ubuntu as server, and mac os x and windows xp machines connection throught apf and samba respectively. I wonder if there’s something about the authentication that can influence the restricted permissions I get.

  3. slowe’s avatar

    Fernando,

    You may need to set the umask on the directory, and set the group’s sticky bit on the directory as well (this will ensure that files inherit the group of the directory, not of the creator, and that the default permissions are set properly). I had to do both of these to make sure that Samba file sharing worked as expected.

  4. Fernando’s avatar

    Thanks for the response. I was able to give the shared volume an unmask value of 0. But I cant find any documentation concerning sticky bit. I just want to turn this shared volume or folder in the volume to a public folder. Just like Mac OS would. Can you tell me how you did it?? Im a newbie to ubuntu, but I feel I am very close to accomplish this. Thanks again!!

  5. slowe’s avatar

    Fernando, I just set the group on the directory to something like “users”–then I create all users with membership in that group–and used the command “chmod g+s” on the directory. This ensures that all files created in the directory have that group assigned to them. Combined with a umask that allows write permission to group members, you’ve created yourself a shared directory that anyone can contribute to and edit files in.

    If you want people to contribute files but only be able to modify their own, then you’ll need to adjust the umask accordingly.

    Hope this helps!

  6. Charles Francis’s avatar

    Have you tried to do a Time Machine Restore yet? I’m wondering about doing a backup across the network and then having to do a complete rebuild restore.

    Any success or attempts?

  7. slowe’s avatar

    I’ve used Time Machine to restore individual files. I don’t trust Time Machine for a full system backup–I have a local FireWire drive and a copy of Super Duper for full system backups. (And yes, I could have used Time Machine with the local FireWire drive, but what’s the fun in that?)

  8. Dean H. Saxe’s avatar

    Charles,

    I have done this and done a few backup/restore operations at this point.

    -dhs

  9. emp’s avatar

    Hi, how did u manage to split afp and samba in 2 services advertised? I browsed a lot, but seems I cannot find any reference.

  10. jhon’s avatar

    HELLO I AM NEW TO UBUNTU LINUX AND RECENTLY MADE THE MISTAKE OF TRYING TO INTALL UBUNTU ON MY MAC LABTOP IS WAY FASTER OPERATING SYSTEM BUT IS A PROBLEM THE SCREEN IS SPLIT SCREEN CAN ANY ONE HELP ME PLEASE HELP

Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>