Wednesday, 13 July 2011

FreeNAS fix for AFP connection issues with OSX Lion


The problem
I tried to connect to my FreeNAS box with Apple MAC OSX Lion over the AFP protocol and got an error message..  

There was a problem connecting to the server

The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.


The Solution
Apple disables support for the “DHCAST128″ in OS X 10.7 LION , which is commonly used by NAS boxes. Apple thinks it is insufficiently secure. So all the Vendors must work with Apple for Lion compatibility. However there is a workaround. You simply turn on or enable, DHCAST128 in Lion. Heres how you do it ..

To turn on “DHCAST128″ in Mac OS X Lion:-
1)  Launch terminal /Applications/Utilities/Terminal and do:

  • sudo chmod o+w /Library/Preferences
  • defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
  • Now restart your computer.

2)  From Finder, select an AFP server, or use “Connect To…”.  This will cause the AFP Client to create the full preferences file
3)  Launch Terminal again and do:

  • sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0″ “2-Way Randnum exchange”
  • sudo chmod o-w /Library/Preferences
  • Now restart your computer.

Now try connecting to FreeNAS over AFP protocol - voila! all fixed. Until FreeNAS has been updated this workaround should be sufficient. I know it's less secure than Apple wants, but at the moment NAS boxes aren't ready for the enhanced security features of OS X Lion. I will be keeping an eye on the FreeNAS forum. When a fix has been released by the experts, I will update this post.


Note:  To add a “DHCAST128″ to the disable list, use
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array-add “DHCAST128″

20 comments:

  1. This is brilliant! Any idea how to sort time machine afp backups too?

    ReplyDelete
  2. For the less abled, what would be the sequence of commands to completely reverse the settings, for the time when we no longer need this hack.

    ReplyDelete
  3. This doesn't seem to work with the retail release of Lion today. I've walked through the step-by-step twice now with no luck. "The network backup disk does not support the required AFP features. Open Time Machine preferences to select a different backup disk."

    ReplyDelete
  4. Same issue. Tried multiple times with the GM release today and still not working & same error.

    ReplyDelete
  5. Same issue. I followed the instructions closely copying each line and it simply doesn't work and fails with the same error.

    ReplyDelete
  6. It won't fix Time Machine people, but it does fix the actual finder access to the afp shares.

    ReplyDelete
  7. @TotalRecall, see last line in post:

    sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array-add “DHCAST128″

    This undoes the fix.

    ReplyDelete
  8. doesn't work and fails with the same error

    ReplyDelete
  9. look at the following link

    http://frankleng.me/2011/07/21/connect-to-a-freenas-samba-or-afp-share-on-lion-workaround/

    ReplyDelete
  10. Be careful if you cut and paste the first command from step 3 as the quote characters will not be interpreted as such - each word that follows -array will be seen separately.

    The pasted command will achieve the desired effect by enabling DHCAST128 but "defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams" will show odd output.

    Use http://support.apple.com/kb/HT4700 if you want to cut and paste commands.

    ReplyDelete
  11. A build has been posted which fixes FreeNAS afp service for Lion: https://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=92&t=6523#p31543

    Still doesn't work with the Time Machine tho.

    ReplyDelete
  12. This worked flawlessly for me on the retail release of Lion Server. I think the trick is take note that it is not - int 1 as is seen in the OP and instead it is _int 1

    "sudo chmod o+w /Library/Preferences
    defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
    Now restart your computer."

    Should read as

    "sudo chmod o+w /Library/Preferences
    defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version_int 1
    Now restart your computer."

    Everything else in the sequence works as is.

    Thanks for sharing the solution. works like a charm!

    ReplyDelete
  13. Solution found, I used the latest night build from Freenas: http://sourceforge.net/projects/freenas/files/FreeNAS-8-nightly/FreeNAS-8r7209-amd64.iso/download
    used AFP and made a apple share.
    Time Machine Found a disk to use….
    I Use OSX Lion on a IMAC

    ReplyDelete
  14. Fred, that is unfortunately not a solution for most FreeNAS users, as there is no upgrade path from FreeNAS 7 to FreeNAS 8 (also, FreeNAS 8 is nowhere near feature complete relative to FreeNAS 7).

    ReplyDelete
  15. Anonymous -- there's a FreeNAS 7 update which enables AFP for Lion clients.

    ReplyDelete
  16. This has now been fixed.
    http://sourceforge.net/projects/freenas/files/FreeNAS-7-Stable/0.7.2.8191/

    ReplyDelete
  17. who copied from who:

    http://www.alexanderwilde.com/2011/04/os-x-lion-connection-error-with-afp-and-workaround/#comment-1095

    ReplyDelete
  18. VIRUS REMOVAL

    Is Your Computer Sluggish or Plagued With a Virus? – If So you Need Online Tech Repairs
    As a leader in online computer repair, Online Tech Repairs Inc has the experience to deliver professional system optimization and virus removal.Headquartered in Great Neck, New York our certified technicians have been providing online computer repair and virus removal for customers around the world since 2004.
    Our three step system is easy to use; and provides you a safe, unobtrusive, and cost effective alternative to your computer service needs. By using state-of-the-art technology our computer experts can diagnose, and repair your computer system through the internet, no matter where you are.
    Our technician will guide you through the installation of Online Tech Repair Inc secure software. This software allows your dedicated computer expert to see and operate your computer just as if he was in the room with you. That means you don't have to unplug everything and bring it to our shop, or have a stranger tramping through your home.
    From our remote location the Online Tech Repairs.com expert can handle any computer issue you want addressed, like:
    • - System Optimization
    • - How it works Software Installations or Upgrades
    • - How it works Virus Removal
    • - How it works Home Network Set-ups
    Just to name a few.
    If you are unsure of what the problem may be, that is okay. We can run a complete diagnostic on your system and fix the problems we encounter. When we are done our software is removed; leaving you with a safe, secure and properly functioning system. The whole process usually takes less than an hour. You probably couldn't even get your computer to your local repair shop that fast!
    Call us now for a FREE COMPUTER DIAGONISTIC using DISCOUNT CODE (otr214423@gmail.com) on +1-914-613-3786 or chat with us on www.onlinetechrepairs.com.

    ReplyDelete
  19. Problem: HP Printer not connecting to my laptop.

    I had an issue while connecting my 2 year old HP printer to my brother's laptop that I had borrowed for starting my own business. I used a quick google search to fix the problem but that did not help me.

    I then decided to get professional help to solve my problem. After having received many quotations from various companies, i decided to go ahead with Online Tech Repair (www.onlinetechrepairs.com).

    Reasons I chose them over the others:
    1) They were extremely friendly and patient with me during my initial discussions and responded promptly to my request.
    2) Their prices were extremely reasonable.
    3) They were ready and willing to walk me through the entire process step by step and were on call with me till i got it fixed.

    How did they do it
    1) They first asked me to state my problem clearly and asked me a few questions. This was done to detect any physical connectivity issues with the printer.
    2) After having answered this, they confirmed that the printer and the laptop were functioning correctly.
    3) They then, asked me if they could access my laptop remotely to troubleshoot the problem and fix it. I agreed.
    4) One of the tech support executives accessed my laptop and started troubleshooting.
    5) I sat back and watched as the tech support executive was navigating my laptop to spot the issue. The issue was fixed.
    6) I was told that it was due to an older version of the driver that had been installed.

    My Experience
    I loved the entire friendly conversation that took place with them. They understood my needs clearly and acted upon the solution immediately. Being a technical noob, i sometimes find it difficult to communicate with tech support teams. It was a very different experience with the guys at Online Tech Repairs. You can check out their website www.onlinetechrepairs.com or call them on 1-914-613-3786.
    Would definitely recommend this service to anyone who needs help fixing their computers.
    Thanks a ton guys. Great Job....!!

    ReplyDelete