Apple (AFP) Shares
FreeNAS® uses the Netatalk AFP server to share data with Apple systems. Configuring AFP shares is a multi-step process that requires you to create or import users and groups, set volume/dataset permissions, create the AFP share(s), configure the AFP service, then enable the AFP service in Services → Control Services.
This section describes the configuration screen for creating the AFP share. It then provides configuration examples for creating a guest share, configuring Time Machine to backup to a dataset on the FreeNAS® system, and for connecting to the share from a Mac OS X client.
If you click Sharing → Apple (AFP) Shares → Add Apple (AFP) Share, you will see the screen shown in Figure 7.1a. Some settings are only available in Advanced Mode. To see these settings, either click the Advanced Mode button or configure the system to always display these settings by checking the box “Show advanced fields by default” in System → Settings → Advanced.
Figure 7.1a: Creating an AFP Share
Table 7.1a summarizes the available options when creating an AFP share. Refer to Chapter 3. Setting up Netatalk for a more detailed explanation of the available options.
Once you press the OK button when creating the AFP share, a pop-up menu will ask "Would you like to enable this service?" Click Yes and Services → Control Services will open and indicate whether or not the AFP service successfully started.
Table 7.1a: AFP Share Configuration Options
|Name||string||volume name that will appear in the Mac computer's "connect to server" dialog; limited to 27 characters and can not contain a period|
|Path||browse button||browse to the volume/dataset to share; do not nest additional volumes, datasets, or symbolic links beneath this path because Netatalk lacks complete support|
|Allow List||string||comma delimited list of allowed users and/or groups where groupname begins with a @|
|Deny List||string||comma delimited list of denied users and/or groups where groupname begins with a @|
|Read-only Access||string||comma delimited list of users and/or groups who only have read access where groupname begins with a @|
|Read-write Access||string||comma delimited list of users and/or groups who have read and write access where groupname begins with a @|
|Time Machine||checkbox||due to a limitation in how Mac deals with low-diskspace issues when multiple Mac's share the same volume, checking Time Machine on multiple shares is discouraged as it may result in intermittent failed backups|
|Database Path||string||specify the path to store the CNID databases used by AFP (default is the root of the volume); the path must be writable|
|Zero Device Numbers||checkbox||only available in Advanced Mode; enable when the disk device number is not constant across a reboot|
|No Stat||checkbox||only available in Advanced Mode; if checked, AFP won't stat the volume path when enumerating the volumes list; useful for automounting or volumes created by a preexec script|
|AFP3 Unix Privs||checkbox||enables Unix privileges supported by OSX 10.5 and higher; do not enable if the network contains Mac OS X 10.4 clients or lower as they do not support these|
|Default file permission||checkboxes||only works with Unix ACLs; new files created on the share are set with the selected permissions|
|Default directory permission||checkboxes||only works with Unix ACLs; new directories created on the share are set with the selected permissions|
|Default umask||integer||umask for newly created files, default is 000 (anyone can read, write, and execute)|
AFP supports guest logins, meaning that all of your Mac OS X users can access the AFP share without requiring their user accounts to first be created on or imported into the the FreeNAS® system.
NOTE: if you create a guest share as well a share that requires authentication, AFP will only map users who login as guest to the guest share. This means that if a user logs in to the share that requires authentication, the permissions on the guest share may prevent that user from writing to the guest share. The only way to allow both guest and authenticated users to write to a guest share is to set the permissions on the guest share to 777 or to add the authenticated users to a guest group and set the permissions to 77x.
In this configuration example, the AFP share has been configured for guest access as follows:
1. A ZFS volume named /mnt/data has its permissions set to the built-in nobody user account and nobody group.
2. An AFP share has been created with the following attributes:
- Name: freenas (this is the name that will appear to Mac OS X clients)
- Path: /mnt/data
- Allow List: set to nobody
- Read-write Access: set to nobody
3. Services → AFP has been configured as follows:
- Server Name: freenas
- Guest Access: checkbox is checked
- nobody is selected in the Guest account drop-down menu
Once the AFP service has been started in Services → Control Services, Mac OS X users can connect to the AFP share by clicking Go → Connect to Server. In the example shown in Figure 7.1b, the user has input afp:// followed by the IP address of the FreeNAS® system.
Figure 7.1b: Connect to Server Dialog
Click the Connect button. Once connected, Finder will automatically open. The name of the AFP share will be displayed in the SHARED section in the left frame and the contents of the share will be displayed in the right frame. In the example shown in Figure 7.1c, /mnt/data has one folder named images. The user can now copy files to and from the share.
Figure 7.1c: Viewing the Contents of the Share From a Mac System
To disconnect from the volume, click the eject button in the Shared sidebar.
Using Time Machine
Mac OS X includes the Time Machine application which can be used to schedule automatic backups. In this configuration example, Time Machine will be configured to backup to an AFP share on a FreeNAS® system. To configure the AFP share on the FreeNAS® system:
1. A ZFS dataset named /mnt/data/backup_user1 with a quota of 60G was created in Storage → Volumes → Create ZFS Dataset.
2. A user account was created as follows:
- Username: user1
- Home Directory: /mnt/data/backup_user1
- the Full Name, E-mail, and Password fields were set where the Username and Password match the values for the user on the Mac OS X system
3. An AFP share with a Name of backup_user1 has been created with the following attributes:
- Path: /mnt/data/backup_user1
- Allow List: set to user1
- Read-write Access: set to user1
- Time Machine: checkbox is checked
4. Services → AFP has been configured as follows:
- Server Name: freenas
- Guest Access: checkbox is unchecked
5. The AFP service has been started in Services → Control Services.
To configure Time Machine on the Mac OS X client, go to System Preferences → Time Machine which will open the screen shown in Figure 7.1e. Click ON and a pop-up menu should show the FreeNAS® system as a backup option. In our example, it is listed as backup_user1 on "freenas". Highlight the entry representing the FreeNAS® system and click the "Use Backup Disk" button. A connection bar will open and will prompt for the user account's password--in this example, the password for the user1 account.
Figure 7.1e: Configuring Time Machine on Mac OS X Lion
Time Machine will create a full backup after waiting two minutes. It will then create a one hour incremental backup for the next 24 hours, and then one backup each day, each week and each month. Since the oldest backups are deleted when the ZFS dataset becomes full, make sure that the quota size you set on the dataset is sufficient to hold the backups. Note that a default installation of Mac OS X is ~21GB in size.
If you receive a "Time Machine could not complete the backup. The backup disk image could not be created (error 45)" error when backing up to the FreeNAS® system, you will need to create a sparsebundle image using these instructions.
If you receive the message “Time Machine completed a verification of your backups. To improve reliability, Time Machine must create a new backup for you.” and you do not want to perform another complete backup or lose past backups, follow the instructions in this post. Note that this can occur after performing a scrub as Time Machine may mistakenly believe that the sparsebundle backup is corrupt.