I recently got AFP and Time Machine working so I thought I'd write up a consolidated post that covers everything in case others are interested. One thing to note is the forum software sometimes makes it hard to read characters properly (like underscores) so copy and paste to a text file if you're in doubt.

First you need to build and install Netatalk, there is one in the repos but it's a bit too old.

#
# grab some prereqs
apt-get install db4.6-util libdb4.6-dev libssl0.9.8k-dev libldap2-dev

# download netatalk
wget http://downloads.sourceforge.net/project/netatalk/netatalk/2.1.3/netatalk-2.1.3.tar.bz2

# extract build and install
tar xvfj netatalk-2.1.3.tar.bz2
cd netatalk-2.1.3
./configure  --prefix=/usr --sysconfdir=/etc
make
make install

Next we install avahi so we can advertise our services with Zero Conf

#
# install avahi to advertise services over zero-conf
apt-get install avahi-daemon

# have avahi advertise we offer AFP shares
cat > /etc/avahi/services/afpd.service <<EOF
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
  <name replace-wildcards="yes">%h</name>
  <service>
    <type>_afpovertcp._tcp</type>
    <port>548</port>
  </service>
</service-group>
EOF

# optional - make us look like a Xserve
cat > /etc/avahi/services/deviceinfo.service <<EOF
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
  <name replace-wildcards="yes">%h</name>
  <service>
    <type>_device-info._tcp</type>
    <port>548</port>
    <txt-record>model=Xserve</txt-record>
  </service>
</service-group>
EOF

# Add shares to /etc/netatalk/AppleVolumes.default then restart services
/etc/init.d/netatalk start
/etc/init.d/avahi-daemon restart

You can stop here if AFP shares is all you want. Any shares you listed in AppleVolumes.default should show up properly in Finder. If you want to use Time Machine though there are some additional steps. It's not necessary to do everything I do below for it to work, but this is how I set it up:

#
# create a dedicated Time Machine volume and user
zfs create tank/timemachine
useradd -c "Time Machine User" -d /tank/timemachine -s /bin/false -g 10 timemach
passwd timemach

# mark volume as supporting time machine
touch /tank/timemachine/.com.apple.timemachine.supported

# some permissions stuff I do on most volumes to keep ACLs sane
zfs set aclinherit=passthrough tank/timemachine
/usr/sun/bin/chown -R timemach:other /tank/timemachine
/usr/sun/bin/chmod -R A=owner@:full_set:file_inherit/dir_inherit:allow /tank/timemachine
/usr/sun/bin/chmod -R A+group@:read_set/execute:file_inherit/dir_inherit:allow /tank/timemachine
/usr/sun/bin/chmod -R A+user:root:full_set:file_inherit/dir_inherit:allow /tank/timemachine

# Configure netatalk for time machine and a couple other volumes
cat >> /etc/netatalk/AppleVolumes.default <<EOF
/tank/timemachine TimeMachine allow:timemach options:tm
/tank/media media forceuid:media
/tank/software software forceuid:software
EOF

# Turn off default home shares
sed -i 's/^~/#~/' /etc/netatalk/AppleVolumes.default 

# Advertise that we have disks and one supports TimeMachine
# this step is needed so the volume will show up when looking for available Time Machine disks
cat > /etc/avahi/services/adisk.service <<EOF
<?xml version="1.0" standalone='no'?><!--*-nxml-*-->
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
  <name replace-wildcards="yes">%h</name>
  <service>
    <type>_adisk._tcp</type>
    <port>9</port>
    <txt-record>sys=waMA=00:e0:81:ba:0e:23,adVF=0x100</txt-record>
    <txt-record>dk0=adVF=0xa1,adVN=TimeMachine,adVU=4ed1be04-64a1-4466-a2ed-b8d9ea6680a6</txt-record>
    <txt-record>dk1=adVN=media,adVU=60e5e43f3-7d7e-48cf-96f2-7b2d026cc8ad</txt-record>
    <txt-record>dk2=adVN=software,adVU=54bc0654-c071-4092-b43c-781c1164bd91</txt-record>
  </service>
</service-group>
EOF

There are a few things in this last file that you need to tweak. The first is the "waMA=", it should list your MAC address. It can supposedly work with '0' there, but the Apple products use their real MACs so I did too. Next, you need a dkX entry for every share you have in your AppleVolumes.default for your shares to properly show up in Finder. Without advertising an "adisk" record Finder will reach out to the AFP server and check which volumes are there, but once you publish an "adisk" record it will use that for the Finder list only. For each entry you should increment the dkX number and make sure the adVN entry matches the share name in AppleVolumes.default. Each share should also have its own unique adVU which is a UUID (google "uuid generator" if you need to create some).

Last step is to restart the services:

#
/etc/init.d/netatalk stop
/etc/init.d/netatalk start
/etc/init.d/avahi-daemon restart

Everything should now work properly. All shares except Time Machine should show up in Finder and when you go into Time Machine preferences you should be able to chose your Time Machine volume without any client side tweaks. Just select the disk and give the "timemach" user and the password you set for the account.

Hope some folks find this useful.

-apnar

edit: Added this to the wiki here AFP with TimeMachine