Chapter 2. Installation

Table of Contents

How to obtain Netatalk
Binary packages
Source packages
Compiling Netatalk
Configure and build Netatalk
Starting and stopping Netatalk


Netatalk 3 cannot coexist with earlier versions of Netatalk. See the upgrading chapter in this manual if you want to migrate a Netatalk 2 installation to Netatalk 3.

How to obtain Netatalk

Please have a look at the Netatalk homepage for the most up to date information on where to find the latest version of the software.

Binary packages

Binary packages of Netatalk are included in the package repositories of some Linux and BSD distributions. Installing Netatalk through this channel will give you the most seamless experience, with managed updates when new package versions are available.

You might also want to have a look at 3rd party package repositories for your operating system, such as rpmfind for Red Hat based Linux distributions, OpenCSW for Solaris and its descendants, and Homebrew or MacPorts for macOS.

Source packages


Prepackaged tarballs with stable releases of the Netatalk source code are available on the Netatalk releases page on GitHub.


Downloading the Git repository can be done quickly and easily:

  1. Make sure you have Git installed. which git should produce a path to git.

    $ which git
  2. Now get the source:

    $ git clone netatalk-code
    Cloning into 'netatalk-code'...
    remote: Enumerating objects: 41592, done.
    Resolving deltas: 100% (32227/32227), done.

    This will create a local directory called netatalk-code containing a complete and fresh copy of the whole Netatalk source tree from the Git repository.

  3. If you don't specify a branch or tag, you will get the bleeding edge development code. In order to get the latest stable Netatalk 3.1 code, for instance, check out the branch named "branch-netatalk-3-1":

    $ git checkout branch-netatalk-3-1
  4. In order to keep your repository copy updated, occasionally run:

    $ git pull

Compiling Netatalk


Required third-party software

  • Berkeley DB

    The default dbd CNID backend for netatalk uses Berkeley DB to store unique file identifiers. At the time of writing you need at least version 4.6.

    The recommended version is 5.3, the final release under the permissive Sleepycat license, and therefore the most widely available edition.

  • Libgcrypt

    The Libgcrypt library enables the DHX2 UAM, which is required to authenticate with OS X 10.7 and later.

  • libevent

    Internal event callbacks in the netatalk service controller daemon are built on libevent version 2.

Optional third-party software

Netatalk can use the following third-party software to enhance its functionality.

  • OpenSSL / LibreSSL / WolfSSL

    OpenSSL 1.1 or LibreSSL is needed for the older DHCAST128 (a.k.a. DHX) UAM, which provides the strongest password encryption for Classic Mac OS. The older Random Number UAMs uses this library, too.

    Note that as of netatalk 3.2.0, a bundled WolfSSL library is distributed with netatalk as the default DHX provider.

  • Tracker for Spotlight support

    Netatalk uses Tracker as the metadata backend. The minimum required version is 0.7 as this was the first version to support SPARQL.

    Samba's talloc library, a Yacc parser such as bison, and a lexer like flex are also required for Spotlight.

  • mDNSresponder or Avahi for Bonjour

    Mac OS X 10.2 and later uses Bonjour (a.k.a. Zeroconf) for automatic service discovery. Netatalk can advertise AFP file sharing and Time Machine volumes by using Avahi or mDNSResponder.

    The Avahi library itself must be built with DBUS support ( --enable-dbus).

  • TCP wrappers

    Wietse Venema's network logger, also known as TCPD or LOG_TCP.

    Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing; booby traps to implement an early-warning system.

  • PAM

    PAM provides a flexible mechanism for authenticating users. PAM was invented by SUN Microsystems. Linux-PAM is a suite of shared libraries that enable the local system administrator to choose how applications authenticate users.

  • Kerberos V

    Kerberos v5 is a client-server based authentication protocol invented at the Massachusetts Institute of Technology. With the Kerberos library, netatalk can produce the GSS UAM library for authentication with existing Kerberos infrastructure.

  • ACL and LDAP

    LDAP is an open and industry-standard user directory protocol that works in tandem with the advanced permissions scheme of ACL. On some operating systems ACL and LDAP libraries are built in to the system, while on others you have to install supporting packages to enable this functionality.

  • MySQL

    By leveraging a MySQL-compatible client library, netatalk can be built with a MySQL CNID backend that is highly scalable and reliable. The administrator has to provide a separate database instance for use with this backend.

  • D-Bus and GLib bindings

    Used by the afpstats tool to inquire afpd about file server usage statistics.

  • iconv

    iconv provides conversion routines for many character encodings. Netatalk uses it to provide charsets it does not have built in conversions for, like ISO-8859-1. On glibc systems, Netatalk can use the glibc provided iconv implementation. Otherwise you can use the GNU libiconv implementation.

  • CrackLib

    When using the Random Number UAMs and netatalk's own afppasswd password manager, CrackLib can help protect against setting weak passwords for authentication with netatalk.

  • Perl

    Administrative utilities such as afpstats, apple_dump, asip-status and macusers rely on the Perl runtime, version 5.8 or later. The required Perl modules include IO::Socket::IP (asip-status) and Net::DBus (afpstats).

  • DocBook XSL and xsltproc

    The netatalk documentation (such as this manual) are authored in XML format, and then styled with DocBook XSL stylesheets. We rely on xsltproc to transcode the XML to other human-readable formats.

Configure and build Netatalk

Instructions on how to use the build system to configure and build netatalk source code are documented in the INSTALL file in the Netatalk source tree.

For examples of concrete steps to compile on specific operating systems, refer to the Compile Netatalk from Source appendix in this manual, which is automatically generated from the CI build scripts.

Starting and stopping Netatalk

The Netatalk distribution comes with several operating system specific startup script templates that are tailored according to the options given to the build system before compiling. Currently, templates are provided for systemd, openrc, in addition to platform specific scripts for popular Linux distributions, BSD variants, Solaris descendants, and macOS.

When building from source, you can configure the build system to install the generated startup script(s) you want by specifying an with-init-style option. For the specific syntax, please refer to the build system's help text.

Since new releases of Linux distributions appear all the time and the startup procedure for the other systems mentioned above might change as well, it is probably a good idea to not blindly install a startup script but to confirm first that it will work on your system.

If you use Netatalk as part of a fixed setup, like a Linux distribution, an RPM or a BSD package, things will probably have been arranged properly for you. The previous paragraphs therefore apply mostly for people who have compiled Netatalk themselves.

The following daemon need to be started by whatever startup script mechanism is used:

  • netatalk

In the absence of a startup script, you can also launch this daemon directly (as root), and kill it with SIGTERM when you are done with it.

Additionally, make sure that the configuration file afp.conf is in the right place. You can inquire netatalk where it is expecting the file to be by running the netatalk -V command.