Answering my own question, much later.
Comparing working netatalk running in the root of a pcBSD system
with a non-working netatalk running in a jail I noticed that the
working version of cnid_metad was listening on loopback (lo0,
127.0.0.1:4700) vs the jailed version listening on the external
interface (lagg0, 10.128.x.y:4700).
Specifying "cnid listen" and/or "cnid server" in afp.conf did not
What did work was creating an extra IP address on lo0 and assigning
it to the jail:
In the parent BSD system:
ifconfig lo0 alias 127.0.0.2
jail -m ip4.addr=127.0.0.2,10.128.x.y jid=nn
Then inside the jail restart netatalk (without "cnid listen" or
"cnid server" in afp.conf) and netatalk works. Mavericks client
connects no problem.
In the jail:
root cnid_metad 44502 3 tcp4 127.0.0.2:4700 *:*
root cnid_metad 44502 4 dgram -> /var/run/logpriv
Not sure if cnid_metad not working when bound to the external
interface is a bug or a feature, but I'm happy to have jailed
-------- Forwarded Message --------
I'm setting up a fileserver on FreeBSD. I'm hoping to run all of my
services in Jails.
Unfortunately when I run netatalk in a jail my mac clients are unable to
connect. If I use a similar configuration of netatalk running on the
parent server the Macs can connect and run time machine with no trouble.
On the Mac
Connect to Server afp://<ip-address> gives:
Check the server name or IP address and then try again...
In the server log:
Jun 27 14:21:29 timemachine afpd: Login by me (AFP3.4)
Jun 27 14:21:40 timemachine afpd: AFP logout by me
Jun 27 14:21:40 timemachine afpd: dsi_stream_read: len:0,
Jun 27 14:21:40 timemachine afpd: afp_over_dsi: client logged
out, terminating DSI session
Jun 27 14:21:40 timemachine afpd: AFP statistics: 0.66 KB read,
0.52 KB written
>From the Mac
telnet timemachine.server.edu 548
connects, which seems to show that the jail network is working and
I'm also able to ping to and from the jail network.
Furthermore I can run other services in the jail successfully.
So this seems to be a fairly subtle problem related to running netatalk
in an otherwise functional jail environment.
OS: PC-BSD 10.0.2 trueos
Netatalk built from FreeBSD port with PAM support enabled.
afpd 3.1.2 - Apple Filing Protocol (AFP) daemon of Netatalk
This program is free software; you can redistribute it and/or modify it
the terms of the GNU General Public License as published by the Free
Foundation; either version 2 of the License, or (at your option) any later
version. Please see the file COPYING for further information and details.
afpd has been compiled with support for these features:
AFP versions: 2.2 3.0 3.1 3.2 3.3 3.4
CNID backends: dbd last tdb
Zeroconf support: Avahi
TCP wrappers support: Yes
Quota support: No
Admin group support: Yes
Valid shell checks: Yes
cracklib support: No
EA support: ad | sys
ACL support: No
LDAP support: No
D-Bus support: Yes
Spotlight support: No
DTrace probes: No
state directory: /var/netatalk/
UAM search path: /usr/local/libexec/netatalk-uams//
Server messages path: /var/netatalk/msg/
AFP reply from localhost:548
Flags: 1 Cmd: 3 ID: 57005
Request ID: 57005
Machine type: Netatalk3.1.2
AFP versions: AFP2.2,AFPX03,AFP3.1,AFP3.2,AFP3.3,AFP3.4
Volume Icon & Mask: Yes
Server name: timemachine
f2 75 ad e8 02 db bb e0 46 91 d9 0b b2 24 b1 68 .u......F....$.h
Network address: <gone.daddy.gone> (TCP/IP address)
UTF8 Servername: timemachine
Thoughts or debugging tips welcome
Thanks in advance