AFP Netatalk share configuration (Apple Time Machine)

Netatalk is an OpenSource software package, that can be used to turn a *NIX machine into an extremely high-performance and reliable file server for Macintosh computers. Using Netatalk's AFP 3.3 compliant file-server leads to significantly higher transmission speeds compared with Macs accessing a server via SaMBa/NFS while providing clients with the best possible user experience (full support for Macintosh metadata, flawlessly supporting mixed environments of classic Mac OS and OS X clients)

This guide will walk you though the steps of installing the required packages and settings up linux users on the LEDE device so your Mac(s) can securely connect over the network to your Time Machine server.

In order for this guide to work you will need to meet the following prerequisites:

opkg update && opkg install avahi-utils netatalk

These packages are optional although recommend. nano will make editing text files super easy and the shadow packages make user and group managment a breeze, otherwise you'll have to manually edit user, group and password files by hand. The downside these packages will use precious space on your root partition. If your working with limited space consider using extroot.

opkg update && opkg install nano shadow-groupadd shadow-groupmod shadow-useradd shadow-usermod

Many of the Netatalk goodies such as Spotlight search, Zeroconfig, ACL and LDAP support have been disabled. That was probably a wise decision to save space and provide a broader range of hardware support. The good news Time Machine support is available. With a simple command afpd -V we can check what features have been compiled into Netatalk.

 afpd 3.1.10 - Apple Filing Protocol (AFP) daemon of Netatalk
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.
afpd has been compiled with support for these features:

        AFP versions:	2.2 3.0 3.1 3.2 3.3 3.4 
       CNID backends:	dbd last tdb 
    Zeroconf support:	No
TCP wrappers support:	No
       Quota support:	No
 Admin group support:	Yes
  Valid shell checks:	No
    cracklib support:	No
          EA support:	ad | sys
         ACL support:	No
        LDAP support:	No
       D-Bus support:	No
   Spotlight support:	No
       DTrace probes:	No

            afp.conf:	/etc/afp.conf
         extmap.conf:	/etc/extmap.conf
     state directory:	/var/netatalk/
  afp_signature.conf:	/var/netatalk/afp_signature.conf
    afp_voluuid.conf:	/var/netatalk/afp_voluuid.conf
     UAM search path:	/usr/lib/uams//
Server messages path:	/var/netatalk/msg/

The current Netatalk package (netatalk - 3.1.10-1) has minor posix permission issues.

Use the following chmod commands to fix this bug.

chmod 644 /etc/afp.conf
chmod 644 /etc/extmap.conf

The afp.conf file contains all AFP specific configurations and AFP volume definitions. Let's edit ours with nano /etc/afp.conf and setup our Time Machine Server; we'll be using the nano text editor in this tutorial. Netatalk has a lot of great features not covered in this guide. Make sure to checkout the documentation for more Time Machine options and other possible AFP uses.

log file = /var/log/afpd.log For initial configuration, it's good to check the log file.

afp interfaces = br-lan In case you have multiple interfaces. Select the one, which you want to use for listening.

vol size limit = size in MiB (V) Useful for Time Machine: limits the reported volume size, thus preventing Time Machine from using the whole real disk space for backup. Example: “vol size limit = 1000” would limit the reported disk space to 1 GB. IMPORTANT: This is an approximated calculation taking into account the contents of Time Machine sparsebundle images. Therefor you MUST NOT use this volume to store other content when using this option, because it would NOT be accounted. The calculation works by reading the band size from the Info.plist XML file of the sparsebundle, reading the bands/ directory counting the number of band files, and then multiplying one with the other.

; Netatalk 3.x configuration file

; Global server settings
log file = /var/log/afpd.log
afp interfaces = br-lan

path = /mnt/sdb1/Backups
time machine = yes
vol size limit = 250000 
valid users = @users

Don't forget to restart the daemon with /etc/init.d/afpd restart.

The default avahi-daemon configuration /etc/avahi/avahi-daemon.conf works perfect with stable LEDE 17.01.0+ and no chages are required.





By default Avahi daemon requires running dbus. Start the dbus with command /etc/init.d/dbus start in case it's not running. Or disable it with enable-dbus=no. Start the Avahi daemon with command /etc/init.d/avahi-daemon start.

:!: Learn about other configuration options here

The LEDE implementation of Netatalk was not compiled with Zeroconf support; so we must advertise the required afpovertcp, device-info, and adisk text-record properties manually. We previously installed avahi-daemon (via avahi-utils) for exactly this purpose. Let's create a service file nano /etc/avahi/services/afp.service using the template below.

<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
 <name replace-wildcards="yes">%h</name>

:!: model=TimeCapsule this determines the hardware icon that appear within macOS Finder. Some available options are Xserve, PowerBook, PowerMac, Macmini, iMac, MacBook, MacBookPro, MacBookAir, MacPro, MacPro6,1, TimeCapsule, AppleTV1,1 and AirPort.

:!: adVU=00000000-AAAA-BBBB-CCCC-111111111111 must be changed to a uniquely generated UUID. You can create a UUID in LEDE by writing cat /proc/sys/kernel/random/uuid (each time generating and displaying a new UUID).

:!: adVN=Backups should match the virtual volume name of your timemachine = YES share from /etc/afp.conf. If you used my example settings above; leave this set to Backups. Most online guides use “TimeMachine” however “Backups” is more traditional since it's the default when using macOS Server or Time Capsule; although it realy dosen't matter what you call it, as long as they both match.

Don't forget to restart the daemons after changing the configuration.

Some helpful links

In this section we'll create two (2) new users on the LEDE system for file sharing purposes. Create as many or as little as you like, the principles are the same. We'll also accomplish the following:

  • create home folders for the new user(s)
  • create a group with the same name as the new user(s)
  • add new user(s) to a supplementary group named “users”

1. Create a place for the users home folder with mkdir /home/. The default location for most Linux distros.

2. Add the new user(s). In my example users anne & brian will be created. They will receive a home folder /home/username and become members of the group users and username.

useradd --create-home --groups users --user-group anne
useradd --create-home --groups users --user-group brian

3. Add passwords for the newly created user(s).

passwd anne
passwd brian

4. Change the permissions of the Backups directory. You will have to improvise and use your systems own mount and or backup location.

cd /mnt/sdb1/
mkdir Backups
chmod 775 Backups/
chgrp users Backups/

5. Verify the permission changes with ls -alF.

root@LEDE:/mnt/sdb1# ls -alF
drwxr-xr-x    5 root     root          4096 Apr 25 18:48 ./
drwxr-xr-x    1 root     root           224 Apr 25 21:49 ../
drwxrwxr-x    2 root     users         4096 Apr 25 21:01 Backups/
drwxr-xr-x    3 root     root          4096 Apr 25 18:48 Shared/
drwx------    2 root     root         16384 Apr 25 16:35 lost+found/

:!: The users group is very important because the valid users = @users option in the Netatalk configuration. All members in this group have access to Time Machine services. Lets check what members makeup the users group with grep users /etc/group. You should see somthing similar to my results.

root@LEDE:~# grep users /etc/group

The default LEDE firmware upgrade procedure might not backup some of our configuration files. That would be a horrible waste of hard work.

Add them to the list of custom backup files at /lib/upgrade/keep.d/ as follows:

echo '/etc/afp.conf ' >> /lib/upgrade/keep.d/afp
echo '/etc/avahi/ ' >> /lib/upgrade/keep.d/afp
echo '/etc/extmap.conf ' >> /lib/upgrade/keep.d/afp
echo '/home/ ' >> /lib/upgrade/keep.d/afp
echo '/var/netatalk/ ' /lib/upgrade/keep.d/afp

You can verify the setting by the following command:

sysupgrade -l

This can also be accomplished via LuCi > System > Backup / Flash Firmware > Configurations > Backup file list and simply append the following:


For more information, please check the Upgrading LEDE from the Command Line

Settting up Time Machine on the Mac is a very simple process:

  • Open System Preferences > Time Machine > Select Backup Disk.
  • Select “Backups on LEDE” (encrypted backups will also work).
  • Login with your username and password (from earlier in this guide).

Apple can explain how-to use Time Machine much better then myself, so I'll let them. If you completed this guide successfully, chances are you wont need help.

:!: Depending on your storage requirements the initial backup could take several hours.

If you have questions, post them in the OpenWrt Forum so that myself and others can respond.

Please update this user guide if you have a better way of doing things or notice typos and errors. :-)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/08/16 21:09
  • by vgaetera