Mac OS X Lion and AFP compatibility

OS X 10.7 Lion has hit GM build more than a week ago and those with access to an Apple dev account have been testing it for a while and have found that AFP shared no longer mount if the AFP server doesn’t support a new authentication method that is now mandatory for AFP under Lion.

The version of Netatalk used by WD Sharespace firmware obviously does not yet have this authentication method enabled or activated.

When can we expect a firmware update that will enable the new AFP authentication method ?

Adi

Well dude, since Lion has only been available for developers and is still not released for massive distribution, then I’d dare to say not for now. It can be the first day or release, a month after or never as there’s no way to tell for now if the SS will be able to handle Lion until it’s fully released…

I am in the same boat.  With the popularity of these drives, it’s disturbing that there is no WD Support post about what they are doing about this. 

All,

I have found a solution! (WD Engineers read this as well)

After Speaking with the WD Level 2 Techs yesterday I found out that that the problem with AFP not working in Mac OS 10.7 (Lion) comes down to Apple changing the AFP protocol itself.

All Mac OS X OS’s use an software API called “netatalk” which is the software built into the OS that makes AFP happen

netatalk’s current release version is 2.1.2 which makes AFP 3.2 happen

WD Sharespace’s firmware currently supports AFP 3.2

What that means is if you update your WD sharespace to the latest firmware (as of this post) it WILL work with Mac OS X 10.2 - 10.6.8

But 

This problem only happened when we all updated to Mac OS X 10.7 (Lion)

Lion uses netatalk 2.1.3 which is functionally identical to 2.1.2 but with one change to AFP 3.2 which is causing this problem.

Apple in their wisdom, figure that a particular authentication protocol within the implementation of  AFP 3.2 called DHCAST128 is very insecure, so they turned it off… It hasn’t been removed, but just turned off within Lion.

Because WD Sharepaces use AFP 3.2, WD did the right thing and used DHCAST128 (As per Apple’s guidelines) so its not WD’s fault that this problem arose, its Apple’s fault for changing the standard…

Now, there is a new version of netatalk 2.2 which is in beta atm that is a new version of AFP called AFP 3.3. This WILL be the new standard and WD are working on a beta firmware right now which has AFP 3.3 in it.

OS X Lion uses AFP 3.2 & 3.3

There is no timeframes as to when WD will release the AFP 3.3 version of the firmware, as the protocol itself is still in beta and it would be very stupid of them if they released a firmware with beta software in it…

So until then (whenever that is) lets just turn DHCAST128 back on and the problem goes away…

This is how to do it :-

1.  Launch /Applications/Utilities/Terminal and do:

    sudo chmod o+w /Library/Preferences

    defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1

    Now restart your computer.

2.  From Finder, select an AFP server, or use “Connect To…”.  This will cause the AFP Client to create the full preferences file

3.  Launch Terminal again and do:

    sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array “Cleartxt Passwrd” “MS2.0” “2-Way Randnum exchange”

    sudo chmod o-w /Library/Preferences

    Now restart your computer.

Now your WD sharespace WILL work wth AFP again in Mac OS X Lion 10.7

** WD Techs note - when you do release the updated sharespace firmware, I will post a way to reverse this so compitability will be retained.

But this Workaround doesn’t help for Time Machine. When will WD fix this? We want to use Time Machine again!

Greetings, Jann

It’s not up to WD to perform an update,

apple removed the  DHCAST128  in the AFP protocol.

They say it isn’t safe anough.

Problem:  WD, LACIE. IOMEGA and all other HOME nas system manufacturer uses this part of AFP and don’t look at it as a security issue. so they are forcing apple to perform an update.

but apple won’t cause their TimeCapsule is performing better in the current new setup of AFP.

But it you want to wait, NORMALLY SMB is still working.

CMD + K

in the message box you type  afp://yournetworkdrive/yourfolderyouwantmap/

for smb

n the message box you type  smb://yournetworkdrive/yourfolderyouwantmap/

PS: to turn off the above solution  you do this:

open terminal:

sudo defaults write /Library/Preferences/com.a​pple.AppleShareClient afp_disabled_uams -array-add “DHCAST128″

It is not the problem to use my WD-Drive with my iMac as a File - Server. That works already without this Workaround. The problem is to use ist with Time Machine. I dont know how to use Time Machine With a Samba Volume! Already Heise says that there is no way:

http://www.heise.de/mac-and-i/artikel/Praxistipps-zu-Lion-Update-1283461.html?artikelseite=13

Ow that’s allready a progress.

Many NAS systems can’t use it as fileserver neither after the LION upgrade. (when you use AFP)

Hi techdag,

Many thnaks for this work-around, it works for me, non- TM though.

One question, do I have to run the procedure for each NAS I have a login for?

Cheers Peter

Peter, 

In therory, no. All this workaround did was turn on the old AFP authentication in Lion, so any NAS that used it, should work again…

But just be aware, as per the prievious posts, this doesnt correct the Time Machine issue… If you use your WD Sharespace as a Time Machine backup, this workaround doesnt fix it… We will have to wait until WD get the new Firmware sorted.

I allready now want to reverse the first step, how do I do it?

Then I read that I can use the NFS protocol? is that possible?

Thx

Does this mean, that I cannot use my WD as a (normal) externe HD (I am not using any form of back-up) without performing the script you have mentioned?

Comon WD lion has been already released and there is still no update for it i have buyed my word edition just for backup and now is useless stop sleeping and ignoring the MAC comunity otherwise just stop supporting mac and go for windows only stop illuding people by saying compatible with Windows and Mac when the support for Mac come after week … im sure if it was windows the update would be released already next time ill buy a timecapsule and least i wont have any issue

Hi Techdag

Can you please post a way to reverse the settings to the original way, I just bought a Time Capsule and I would like to return it to the original setings.

Thanks

Thank you techdag for finding and sharing a solution. It works perfectly.

As for the WD techs, you have had enough time to find a solution before Apple released OS X Lion, your customers spend hard earned dollars to buy your products, how about respecting that and providing updates and solutions.

To reverse the Chnages from Techdag do this:

sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array-add "DHCAST128"

I got it from here:

http://www.heise.de/mac-and-i/artikel/Praxistipps-zu-Lion-Update-6-1283461.html?artikelseite=12

Any news on this ?! Netatalk 2.2 has been released a while ago and yet WD is being completly mute about it.

Where is the beta firmware ? I’m willing to try it, that’s how desperate i am to get TimeMachine to work with Lion…

Adi

I agree, it would be really nice to hear when a solution will be presented.  I just bought my ShareSpace because it is advertised as compatible with OS X’s Time Machine.  I figured I was safe purchasing from WD, but I am wondering if I should have looked to another supplier.  False advertising does not make me to happy…

Please provide the community with an update as to when the drives will support OS X as advertised.

Thanks,

Jeff

@Mac_darwin,

the Update came 10 Days ago, my MyBookLive runs with TimeMachine and Mac OS X Lion!

Use the Update-Function over the Web-Frontend of your WD-Device.

Jann

Yes, the MyBookLive got an update, but this is not the case with the ShareSpace that hasn’t received an update SINCE APRIL !!!

How sad is that ?!

Adi