OS X Lion: Connecting to legacy AFP services

Have an old NAS you want to use from OSX Lion?  Read on…

After running through 4TB of NAS I unearthed an older 1TB Buffalo Terastation (HD-HTGL/R5) NAS to get a quick 25% storage boost.

Lion, however, has other ideas.  Apple, it turns out, disabled Apple Filing Protocol in Lion making it impossible for Finder to connect to the NAS.

Windows 7 running in VMWare on my Mac has no problem connecting, and Buffalo’s own NASNavigator2 for Mac finds the device without problem.

But Finder won’t connect.

Fortunately, Apple provided a way to enable legacy protocols like AFP.   Here’s how:

Lion maintains a list of authentication methods that are not allowed. These are the older, less secure authentication methods. You may need to enable one or more of these methods to support legacy devices or protocols.

Open Terminal.

Execute the following commands:

sudo chmod o+w /Library/Preferences

sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1

Make an AFP connection to another system so that the AFP Client preference file will be filled in with the default set of values. Note: You must connect as a registered user, not as a guest.

Execute the following command to see a list of the disabled User Authentication Methods (UAMs)

defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams

By default the disabled UAMs are “Cleartxt Passwrd”, “MS2.0”, “2-Way Randnum exchange”, and “DHCAST128”.  Note: if you don’t see a list, restart your computer and repeat step 3.

To enable one of these UAMs, remove it from the list of disabled UAMs. For example, this command enables DHCAST128 by removing it from the list of disabled authentication methods:

sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0” “2-Way Randnum exchange”

After the desired changes have been made, restore the permissions on the Preferences folder with this command:

sudo chmod o-w /Library/Preferences

Additional Information

If you want to undo the changes described above, you can either delete the /Library/Preferences/com.apple.AppleShareClient file or use the following command to re-disable the default set of older UAMs:

sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -arr

via OS X Lion: Connecting to legacy AFP services.

PS –  Depending on the browser you’re using and the behavior of WordPress, when you cut and paste the commands above, you may have to replace curly quotes with straight quotes.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s