Apparently this is due to a change in authentication therefore the error message, "The version of the server you are trying to connect to is unsupported. Please contact your system administrator to resolve the problem."
From the Mac Dev Forum:
"The most likely cause for this problem is that Lion disables support for the "DHCAST128", which is commonly used by NAS boxes but is, in our opinion, insufficiently secure <rdar: problem="" 8846030="">>. You might want to raise this issue with your NAS vendor; regardless of whether this is the exact problem, they should be working with Apple to ensure Lion compatibility." -this was posted by an Apple employee.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Hi,
the way how FreeNAS afpd's UAMS is set up seems broken - just yesterday I was fighting my way through a hack to get PAM authentication enabled for the AFP service (check http://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=76&t=5328&sid=ee07af374df73a27938dbe35103c6976#p34182 ).
Looking at http://netatalk.sourceforge.net/2.0/htmldocs/configuration.html#authentication and the security recommendations there the setup for FreeNAS in /var/etc/afpd.conf should be rather like this:
"freenas" -uamlist uams_pam.so,uams_dhx2_pam.so,uams_gss.so -nosavepassword -defaultvol /var/etc/AppleVolumes.default -systemvol /var/etc/AppleVolumes.system -uservol -uampath /etc/uams -guestname "ftp"
than this:
"freenas" -uamlist uams_clrtxt.so,uams_dhx.so,uams_randnum.so -nosavepassword -defaultvol /var/etc/AppleVolumes.default -systemvol /var/etc/AppleVolumes.system -uservol -uampath /etc/uams -guestname "ftp"
Since FreeNAS is a PAM supporting OS the passwd authentication is anyway done by the PAM modules then. And if Active Directory or LDAP are enabled then the AFP would also work out of the box.
Best regards
Rainer
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Here a working patch for /etc/rc.d/afpd:
freenas:/etc/rc.d# diff afpd afpd.orig
44c44
< -i "count(local) > 0" -i "count(guest) > 0" -o "," -b -o "uams_pam.so,uams_dhx2_pam.so,uams_gss.so" -b \
I tried your patch, but I am still unable to get it to work. I am not using LDAP or Active Directory though.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Hi,
not very helpful - can you post the /var/log/daemon.log while doing what is not working.
Cheers
Rainer
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Hi,
just tried here myself:
uams_dhx2_pam.so requires libgcrypt, which does not exist on freenas:
Feb 28 14:04:14 backup01 afpd[99082]: Registering CNID module [last]
Feb 28 14:04:14 backup01 afpd[99082]: Registering CNID module [cdb]
Feb 28 14:04:14 backup01 afpd[99082]: Registering CNID module [dbd]
Feb 28 14:04:14 backup01 afpd[99082]: Loading ConfigFile
Feb 28 14:04:14 backup01 afpd[99082]: main: atp_open: Protocol not supported
Feb 28 14:04:14 backup01 afpd[99082]: ASIP started on 10.20.30.45:548(5) (2.0.5)
Feb 28 14:04:14 backup01 afpd[99082]: uam: loading (/etc/uams/uams_pam.so)
Feb 28 14:04:14 backup01 afpd[99082]: uam: uams_pam.so loaded
Feb 28 14:04:14 backup01 afpd[99082]: uam: loading (/etc/uams/uams_dhx2_pam.so)
Feb 28 14:04:14 backup01 afpd[99082]: uam_load(uams_dhx2_pam.so): failed to load: Shared object "libgcrypt.so.17" not found, required by "uams_dhx2_pam.so"
Feb 28 14:04:14 backup01 afpd[99082]: uam: uams_dhx2_pam.so load failure
Feb 28 14:04:14 backup01 afpd[99082]: uam: loading (/etc/uams/uams_gss.so)
Feb 28 14:04:14 backup01 afpd[99082]: uam: uam not found (status=-1)
Feb 28 14:04:14 backup01 afpd[99082]: uam: "Cleartxt Passwrd" available
Feb 28 14:04:14 backup01 afpd[99082]: Finished parsing Config File
And in production we are still using uams_dhx_pam.so.
So freenas needs fixing here
Best regards
Rainer
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Hi again,
just got it to work - all you need are two more files in /usr/local/lib:
libgcrypt.so.17
libgpg-error.so.0
Got them from a FreeBSD installation.
Now it also works using dhx2
Feb 28 14:29:53 backup01 afpd[22518]: Loading ConfigFile
Feb 28 14:29:53 backup01 afpd[22518]: main: atp_open: Protocol not supported
Feb 28 14:29:53 backup01 afpd[22518]: ASIP started on 10.20.30.45:548(5) (2.0.5)
Feb 28 14:29:53 backup01 afpd[22518]: uam: loading (/etc/uams/uams_pam.so)
Feb 28 14:29:53 backup01 afpd[22518]: uam: uams_pam.so loaded
Feb 28 14:29:53 backup01 afpd[22518]: uam: loading (/etc/uams/uams_dhx2_pam.so)
Feb 28 14:29:53 backup01 afpd[22518]: uam: uams_dhx2_pam.so loaded
Feb 28 14:29:53 backup01 afpd[22518]: uam: loading (/etc/uams/uams_gss.so)
Feb 28 14:29:53 backup01 afpd[22518]: uam: uam not found (status=-1)
Feb 28 14:29:53 backup01 afpd[22518]: uam: "DHX2" available
Feb 28 14:29:53 backup01 afpd[22518]: uam: "Cleartxt Passwrd" available
Feb 28 14:29:53 backup01 afpd[22518]: Finished parsing Config File
Best regards
Rainer
Would you mind attaching the files here or providing a link because I downloaded FreeBSD 8.2, but I didn't not find those files. Thanks.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
Hi,
I am not able to attach files to this bug.
Here the links from my dropbox public folder:
http://dl.dropbox.com/u/12917442/libgcrypt.so.17
http://dl.dropbox.com/u/12917442/libgpg-error.so.0
Maybe you can attach files here...
Best regards
Rainer
I've tried to send a PM to Rainer directly, but sourceforge is giving me 500 error on that.
Can anyone please post details how to add these files to my existing Embedded installation of FreeNAS 0.7.2?
I wasn't able to get it to work. Not sure how to install on embedded. I switched to full a few months ago to make it easier to install plugins, etc.
You can disable DHCAST128 in OS X Lion if you need AFP access again:
http://icomputernrd.blogspot.com/2011/07/freenas-fix-for-afp-connection-issues.html
sudo chmod o+w /Library/Preferences
defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
[From Finder, select an AFP server, or use “Connect To…”. This will cause the AFP Client to create the full preferences file. After that, reboot.]
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0″ “2-Way Randnum exchange”
sudo chmod o-w /Library/Preferences
[Reboot]
Now try connecting to FreeNAS over AFP protocol.