Menu

#851 AFP not working with Mac OS X Lion 10.7

v0.7x
open
nobody
Services (Samba, FTP, etc...) (254)
7
2012-10-28
2011-02-26
dwinsmith
No

Apparently this is due to a change in authentication therefore the error message, "The version of the server you are trying to connect to is unsupported. Please contact your system administrator to resolve the problem."

From the Mac Dev Forum:
"The most likely cause for this problem is that Lion disables support for the "DHCAST128", which is commonly used by NAS boxes but is, in our opinion, insufficiently secure <rdar: problem="" 8846030="">>. You might want to raise this issue with your NAS vendor; regardless of whether this is the exact problem, they should be working with Apple to ensure Lion compatibility." -this was posted by an Apple employee.

Discussion

  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2011-02-26

    Hi,
    the way how FreeNAS afpd's UAMS is set up seems broken - just yesterday I was fighting my way through a hack to get PAM authentication enabled for the AFP service (check http://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=76&t=5328&sid=ee07af374df73a27938dbe35103c6976#p34182 ).

    Looking at http://netatalk.sourceforge.net/2.0/htmldocs/configuration.html#authentication and the security recommendations there the setup for FreeNAS in /var/etc/afpd.conf should be rather like this:
    "freenas" -uamlist uams_pam.so,uams_dhx2_pam.so,uams_gss.so -nosavepassword -defaultvol /var/etc/AppleVolumes.default -systemvol /var/etc/AppleVolumes.system -uservol -uampath /etc/uams -guestname "ftp"
    than this:
    "freenas" -uamlist uams_clrtxt.so,uams_dhx.so,uams_randnum.so -nosavepassword -defaultvol /var/etc/AppleVolumes.default -systemvol /var/etc/AppleVolumes.system -uservol -uampath /etc/uams -guestname "ftp"

    Since FreeNAS is a PAM supporting OS the passwd authentication is anyway done by the PAM modules then. And if Active Directory or LDAP are enabled then the AFP would also work out of the box.

    Best regards
    Rainer

     
  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2011-02-26

    Here a working patch for /etc/rc.d/afpd:
    freenas:/etc/rc.d# diff afpd afpd.orig
    44c44
    < -i "count(local) > 0" -i "count(guest) > 0" -o "," -b -o "uams_pam.so,uams_dhx2_pam.so,uams_gss.so" -b \

              -i "count(local) > 0" -i "count(guest) > 0" -o "," -b -o "uams_clrtxt.so,uams_dhx.so,uams_randnum.so" -b \

    freenas:/etc/rc.d#

     

  • dwinsmith

    dwinsmith - 2011-02-27

    I tried your patch, but I am still unable to get it to work. I am not using LDAP or Active Directory though.

     
  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2011-02-28

    Hi,
    not very helpful - can you post the /var/log/daemon.log while doing what is not working.
    Cheers
    Rainer

     
  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2011-02-28

    Hi,
    just tried here myself:
    uams_dhx2_pam.so requires libgcrypt, which does not exist on freenas:

    Feb 28 14:04:14 backup01 afpd[99082]: Registering CNID module [last]
    Feb 28 14:04:14 backup01 afpd[99082]: Registering CNID module [cdb]
    Feb 28 14:04:14 backup01 afpd[99082]: Registering CNID module [dbd]
    Feb 28 14:04:14 backup01 afpd[99082]: Loading ConfigFile
    Feb 28 14:04:14 backup01 afpd[99082]: main: atp_open: Protocol not supported
    Feb 28 14:04:14 backup01 afpd[99082]: ASIP started on 10.20.30.45:548(5) (2.0.5)
    Feb 28 14:04:14 backup01 afpd[99082]: uam: loading (/etc/uams/uams_pam.so)
    Feb 28 14:04:14 backup01 afpd[99082]: uam: uams_pam.so loaded
    Feb 28 14:04:14 backup01 afpd[99082]: uam: loading (/etc/uams/uams_dhx2_pam.so)
    Feb 28 14:04:14 backup01 afpd[99082]: uam_load(uams_dhx2_pam.so): failed to load: Shared object "libgcrypt.so.17" not found, required by "uams_dhx2_pam.so"
    Feb 28 14:04:14 backup01 afpd[99082]: uam: uams_dhx2_pam.so load failure
    Feb 28 14:04:14 backup01 afpd[99082]: uam: loading (/etc/uams/uams_gss.so)
    Feb 28 14:04:14 backup01 afpd[99082]: uam: uam not found (status=-1)
    Feb 28 14:04:14 backup01 afpd[99082]: uam: "Cleartxt Passwrd" available
    Feb 28 14:04:14 backup01 afpd[99082]: Finished parsing Config File

    And in production we are still using uams_dhx_pam.so.

    So freenas needs fixing here

    Best regards
    Rainer

     
  • Comment has been marked as spam. 
    Undo

    View and moderate all "bugs Discussion" comments posted by this user

    Mark all as spam, and block user from posting to "Bugs"

    Anonymous

    Anonymous - 2011-02-28

    Hi again,
    just got it to work - all you need are two more files in /usr/local/lib:
    libgcrypt.so.17
    libgpg-error.so.0
    Got them from a FreeBSD installation.
    Now it also works using dhx2

    Feb 28 14:29:53 backup01 afpd[22518]: Loading ConfigFile
    Feb 28 14:29:53 backup01 afpd[22518]: main: atp_open: Protocol not supported
    Feb 28 14:29:53 backup01 afpd[22518]: ASIP started on 10.20.30.45:548(5) (2.0.5)
    Feb 28 14:29:53 backup01 afpd[22518]: uam: loading (/etc/uams/uams_pam.so)
    Feb 28 14:29:53 backup01 afpd[22518]: uam: uams_pam.so loaded
    Feb 28 14:29:53 backup01 afpd[22518]: uam: loading (/etc/uams/uams_dhx2_pam.so)
    Feb 28 14:29:53 backup01 afpd[22518]: uam: uams_dhx2_pam.so loaded
    Feb 28 14:29:53 backup01 afpd[22518]: uam: loading (/etc/uams/uams_gss.so)
    Feb 28 14:29:53 backup01 afpd[22518]: uam: uam not found (status=-1)
    Feb 28 14:29:53 backup01 afpd[22518]: uam: "DHX2" available
    Feb 28 14:29:53 backup01 afpd[22518]: uam: "Cleartxt Passwrd" available
    Feb 28 14:29:53 backup01 afpd[22518]: Finished parsing Config File

    Best regards
    Rainer

     

  • dwinsmith

    dwinsmith - 2011-02-28

    Would you mind attaching the files here or providing a link because I downloaded FreeBSD 8.2, but I didn't not find those files. Thanks.

     

  • dwinsmith

    dwinsmith - 2011-03-02
     
    libgpg-error.so.0

  • Stan

    Stan - 2011-03-04

    I've tried to send a PM to Rainer directly, but sourceforge is giving me 500 error on that.
    Can anyone please post details how to add these files to my existing Embedded installation of FreeNAS 0.7.2?

     

  • dwinsmith

    dwinsmith - 2011-03-10

    I wasn't able to get it to work. Not sure how to install on embedded. I switched to full a few months ago to make it easier to install plugins, etc.

     

  • Michael Kagerbauer

    Michael Kagerbauer - 2011-07-21

    You can disable DHCAST128 in OS X Lion if you need AFP access again:

    http://icomputernrd.blogspot.com/2011/07/freenas-fix-for-afp-connection-issues.html

    sudo chmod o+w /Library/Preferences
    defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1

    [From Finder, select an AFP server, or use “Connect To…”. This will cause the AFP Client to create the full preferences file. After that, reboot.]

    sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0″ “2-Way Randnum exchange”
    sudo chmod o-w /Library/Preferences

    [Reboot]

    Now try connecting to FreeNAS over AFP protocol.

     

Log in to post a comment.