Mac OSX Lion and AFP shares

Like most Apple Mac users this week, I updated from 10.6 Snow Leopard to 10.7 Lion of Apples operating system. Everything seemed to go fine, I noticed a few little quirks, but the one that gave me the biggest “Oh no, can I go back!?” was when I tried mounting my AFP share on my FreeNAS server.

iMac:~ kristijan$ mount_afp -i afp://kristijan@nas/Media ./Media/
Password: 
mount_afp: AFPMountURL returned error -5002, errno is -5002

For those that use the “Connect to server…” option from Finder would have come across the following pop up error message: “The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.”

So after some searching around, I found out that OSX Lion no longer supports AFP (and SMB/CIFS) servers which use the DHCAST128 authentication method. Apple flagged this is a security risk, and outright disabled it in Lion. Now I could have just scrapped AFP all together and started using NFS shares, but AFP just works a hell of a lot better with OSX clients.

Some more searching found this page[1], and a solution to my problem. Full credits to this solution go to Alexander Wilde.

Follow the below to enable DHCAST128 under Mac OSX Lion

Launch Terminal.app (/Applications/Utilities/Terminal.app) and run the following two commands.

iMac:~ kristijan$ sudo chmod o+w /Library/Preferences
Password:
iMac:~ kristijan$ defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1

Now restart your computer.

Launch Terminal.app or Finder and attempt to mount the AFP share again. This will fail, but what it will do is recreate the full preferences file.

iMac:~ kristijan$ mount_afp -i afp://kristijan@nas/Media ./Media/
Password: 
mount_afp: AFPMountURL returned error -5002, errno is -5002

Now run the following two commands.

iMac:~ kristijan$ sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"
Password:
iMac:~ kristijan$ sudo chmod o-w /Library/Preferences

Restart your computer and mount the AFP share again, it should now work.

[1] – http://www.alexanderwilde.com/2011/04/os-x-lion-connection-error-with-afp-and-workaround

Update – 26/11/2012
For Mountain Lion, I had to change the afp_host_perfs_version back to 15

sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 15

11 thoughts on “Mac OSX Lion and AFP shares

    • That sucks KT. You may be better off posting over on Alexander Wilde’s blog which is linked at the end of my post. He’s a developer, so might be able to give you some further insight into your problem.

      Just curious though, are you receiving the exact same error message as when you initially try the AFP mount?

  1. Couldn’t wait ehhhh??? The NFS shares from my server are still functioning as expected =]

    Unfortunatly Mac Office 2011 doesn’t fair so well with the upgrade…

    • Hi Yap,

      The password wont echo anything back to standard out. So type your password like you normally would (nothing will show up on the screen), and press enter.

      -Kristijan

Leave a Reply

Your email address will not be published. Required fields are marked *


*