Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Stephen on February 16, 2003, 06:12:47 PM

Title: Apple Talk
Post by: Stephen on February 16, 2003, 06:12:47 PM

Hi,
I have just upgraded my server-only e-smith installation to 5.6 and most things went smoothly. However I now realise (perhaps a little late!) that I can no longer connect to netatalk from my MacOS 7.5 clients. This is a problem for me since I only have 7.5 clinets! The ability to access the same file stores from my Macs as my pcs was one of the best things about E-smith.
I see that the problem is caused by the lastest version of netatalk supporting DHX password encryption and this only being possible on macos 8.x or above.
Is there any way I can re-enable plain text logon?
Perhaps I would have to downgrade netatalk? If so whats the best way to go about that?
Any suggestions are much appreciated!
Steve

Title: Re: Apple Talk
Post by: Rich Lafferty on February 17, 2003, 08:24:53 AM

You should be able to re-enable plaintext auth with a custom template
for /etc/atalk/config -- if you look at that file, you'll see the UAM list.

That part of /etc/atalk/config is templated in
/etc/e-smith/templates/etc/atalk/config/20AfpdUAMLIST, so something
like this (untested) ought to work:

mkdir -p /etc/e-smith/templates-custom/etc/atalk/config

cd /etc/e-smith/templates-custom/etc/atalk/config

cp /etc/e-smith/templates/etc/atalk/config/20AfpdUAMLIST .

## note the space followed by a period at the end of the previous line! ##

perl -i -pe 's/so"/so,uams_clrtxt.so"/' 20AfpdUAMLIST

/sbin/e-smith/expand-template /etc/atalk/config

(check the file /etc/atalk/config by hand here to see that it looks right)

/etc/init.d/atalk restart


Since atalk startup is backgrounded (because zip_getnetinfo takes a long
time on a network without appletalk routers), watch /var/log/messages
for errors, and for the message

Feb 17 00:22:37 hostname afpd[24141]: uam: "Cleartxt Passwrd" available

indicating success.

Keep in mind that this means that users' passwords will be traversing
the network in the clear, readable by anyone watching traffic on the
network -- which happens to be one of the reasons we removed support
for cleartext passwords in 5.6. :-)

Cheers,
--Rich

Title: Re: Apple Talk
Post by: Stephen on February 17, 2003, 12:21:34 PM

Wow!
Thanks! I'll give it a try next time I'm at the server (which may not be for a week or so since I'm off skiing :-)
I just love E-smith.
Steve

Title: Re: Apple Talk
Post by: Stephen on March 01, 2003, 01:26:45 AM

Hi,
Just thought I'd report back. The above solution worked a treat!
Thanks
Steve