Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Netatalk with Time Machine problem
View unanswered posts
View posts from last 24 hours

Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message

Joined: 26 Feb 2005
Posts: 10

PostPosted: Mon Mar 30, 2020 12:21 pm    Post subject: Netatalk with Time Machine problem Reply with quote

Hi Gentoo people,

Many years since I posted here. Hope to get some assistance.. :D

I'm trying to set up Netatalk on a Gentoo server for use as remote Time Machine backup storage. I have successfully mounted the Share on my MacBook Pro (running Catalina 10.15.4) and writing/reading files works fine. In Time Machine settings under System Preferences the share is showing up as an available Backup disk. When I select it, it prompts me with a User/Password prompt and then successfully adds the Share as a Time Machine Backup Disk and it displays amount of available storage space. On the server messages log I see this:

afpd[20264]: DHX2 login: timemachine
afpd[20264]: PAM DHX2: PAM Success
afpd[20264]: pam_limits(netatalk:session): reading settings from '/etc/security/limits.conf'
afpd[20264]: pam_unix(netatalk:session): session opened for user timemachine by (uid=0)
afpd[20264]: DHX2: PAM Auth OK!
afpd[20264]: Login by timemachine (AFP3.4)

So far so good, now to the problem. When Time Machine is about to initiate the backup it fails. "Looking for backup disk...". Then 15 seconds later a notification shows up with "Backup Failed" and then a dialog window opens that says:

The network backup disk could not be accessed because there was a problem with the network username or password. You may need to re-select the backup disk and enter the correct username and password.

On the server, messages log says:

afpd[20293]: DHX2 login: timemachine
afpd[20293]: PAM DHX2: PAM Success
afpd[20293]: pam_unix(netatalk:auth): authentication failure; logname= uid=0 euid=0 tty=afpd ruser=timemachine rhost=<MASKED>  user=timemachine
afpd[20293]: DHX2: PAM_Error: Authentication failure

Why is there an authentication failure? I have been trying to getting PAM to send out more debug info in the messages log with no luck, how do I enable this? Is it possible to have PAM debug which password is being sent? Username is correct as stated on the pam_unix line above, but could the password have been corrupted in some way? In the afp.conf manual page there are some options, but I don't know if they can have anything to do with this:

mac charset = CHARSET (G)/(V)
Specifies the Mac clients charset, e.g. MAC_ROMAN. This is used to convert strings and filenames to the clients codepage for OS9 and Classic, i.e.
for authentication and AFP messages (SIGUSR2 messaging). This will also be the default for the volumes mac charset. Defaults to MAC_ROMAN.

unix charset = CHARSET (G)
Specifies the servers unix charset, e.g. ISO-8859-15 or EUC-JP. This is used to convert strings to/from the systems locale, e.g. for
authentication, server messages and volume names. If LOCALE is set, the systems locale is used. Defaults to UTF8.

Locale settings on server:
# eselect locale list
Available targets for the LANG variable:
[1] C
[2] C.utf8
[3] POSIX *
[4] en_US
[5] en_US.iso88591
[6] en_US.utf8
[ ] (free form)

# locale

My PAM configuration looks like this:

# cat /etc/pam.d/netatalk
# File autogenerated by pamd_mimic in pam eclass

auth include system-auth
account include system-auth
password include system-auth
session include system-auth

# cat /etc/pam.d/system-auth
auth required debug
auth required try_first_pass likeauth nullok debug
auth optional
account required debug
account optional
password required difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 debug
password required try_first_pass use_authtok nullok sha512 shadow debug
password optional
session required debug
session required debug
session required debug
session optional

Emerge of netatalk:
# emerge -pv netatalk

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] net-fs/netatalk-3.1.12:0/18.0::gentoo USE="(acl) cracklib pam shadow ssl utils -dbus -debug -kerberos -ldap -pgp -quota -samba -static-libs -tcpd -tracker -zeroconf" PYTHON_TARGETS="python2_7" 0 KiB

# afpd -V
afpd 3.1.12 - Apple Filing Protocol (AFP) daemon of Netatalk

This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.

afpd has been compiled with support for these features:

AFP versions: 2.2 3.0 3.1 3.2 3.3 3.4
CNID backends: dbd last tdb
Zeroconf support: No
TCP wrappers support: No
Quota support: No
Admin group support: Yes
Valid shell checks: Yes
cracklib support: Yes
EA support: ad | sys
ACL support: Yes
LDAP support: No
D-Bus support: No
Spotlight support: No
DTrace probes: No

afp.conf: /etc/afp.conf
extmap.conf: /etc/extmap.conf
state directory: /var/lib/netatalk/
afp_signature.conf: /var/lib/netatalk/afp_signature.conf
afp_voluuid.conf: /var/lib/netatalk/afp_voluuid.conf
UAM search path: /usr/lib64/netatalk//
Server messages path: /var/lib/netatalk/msg/

Any suggestions, hints, solutions? Cheers!
Back to top
View user's profile Send private message

Joined: 17 Sep 2010
Posts: 2420
Location: Frankfurt, Germany

PostPosted: Mon Mar 30, 2020 6:28 pm    Post subject: Reply with quote

I once read an article that describes how to store Time Machine backups to a Samba share. The article says that Time machine expects a HFS+J volume. It then shows how to outsmart Time Machine so that it thinks the Samba share were a HFS+J volume.

The article is in German, but you could translate it using Google Translate or DeepL:
Back to top
View user's profile Send private message

Joined: 26 Feb 2005
Posts: 10

PostPosted: Thu Apr 02, 2020 10:58 am    Post subject: Reply with quote

As a matter of fact, right now I'm trying the above method but with sshfs with fuse. Even better.. 8)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum