Cache-A and OS X Lion
before I start -
1) I LOVE Cache-A. It's the best LTO product out there
2) Cache-A support is fantastic.
3) I spoke to Tom at Cache-A about this today. I am just looking for anyone else that ran into this issue with the Cache-A and OS X Lion
I have having great difficulty getting the Cache-A to connect or mount on an OS X Lion operating system. I am using a MAC Pro as my server. This very same box, which now has a static IP assigned to it, mounts wonderfully on an OS X 10.6.x MAC across the network, just not an OS X Lion 10.7.1 system (brand new build).
As per Cache-A, and Apple Support tech note HT4700 from the Apple Knowlege base on Connecting to legacy AFP Services with OS X Lion -
in terminal, I execute
sudo chmod o+w /Library/Preferences
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1
I then connect the Cache-A, my OS X Lion MAC Pro and another OS X Snow Loeplard MAC Pro to a switch, all on the same 192.168.2.x subnet.
I connect from the Lion system to the snow leopard system (file Sharing) to fill the AFP Client Preference file with the default set of values. I do this as a registered user, not a guest.
I then type in
defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams
I see the default UAM's -
2-Way Randnum exchange
I then type in
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0"
"2-Way Randnum exchange"
I then get an ERROR that says
unexpected argument MS2.0; leaving defaults unchanged
I continued with the instructions, typing this in -
sudo chmod o-w /Library/Preferences
SO, after I do this, I try to connect to the Cache-A, and I CANT CONNECT on the OS X Lion MAC.
But I have no issue connecting on the OS X Snow Leopard MAC. And yes, I can ping the Cache-A
from the OS X Lion MAC, so it's not a cable issue.
Anyone else ever have this problem ?
[Bob Zelin] "I then get an ERROR that says
unexpected argument MS2.0; leaving defaults unchanged"
This means the command to enable the "less secure" authentication methods failed and not changes were made to the plist. I don't have a Cache-A to test against, but try this in place of Step 5 if you aren't concerned with having a "less secure" AFP connection to your Cache-A:
That is the same command, but with only one argument. That should enable all the legacy authentication methods except "Cleartxt Passwrd". Follow through the remaining steps and then see if you can connect to the Cache-A.
I couldn't test this, it is just a hunch based on reading HT4700 so my apologies if it fails to solve the problem.
I suggested leaving "Cleartxt Passwrd" disabled but it might even be the auth method Cache-A is using. Did Cache-A know which authentication method their implementation of AFP is using? If this Lion host is going to be using AFP out on the Internet, I would be more wary of enabling so many of the legacy auth methods. If it is only connecting to AFP shares in the shop, then there isn't really much to worry about.
To explain further about the issue Bob brings up, this is not just a Cache-A problem.
With Mac OS 10.7 Lion, Apple has decided in its infinite wisdom to disable some older methods for authenticating users in the name of security. One of these "UAM's" or "User Authentication Modules" that was disabled is DHCAST128 - the one used by every Linux system that shares volumes to Macs.
Apple provides instructions for re-enabling this as Bob has quoted above, but it does require a trip to terminal land and having a spare Mac around with a share that will mount. This only has to be done once to each Lion system, but certainly is inconvenient. I would maintain that this old authentication method has never been a security hole and Apple's unilateral and sudden change was a bad decision.
No doubt, the Linux open-source community will respond and new afp authentication will come along in due time - as soon as this becomes available, we will add it to our products, but in the mean time, this tech brief is the only solution.
We've had a number of customers use it successfully but would certainly be interesting in hearing if others have shared Bob's difficulties.
602 Park Point Drive
Golden, CO 80401
I have the same problem and i'm not fluent in terminal. So i guess I'll have to wait for the update? this sucks.
Unfortunately we are still a ways off from fixing this problem with Lion. It turns out that to fix this, we need to replace a good portion of the Linux utilities we use to connect with Macs. This upgrade will take significant effort and affects many moving parts in our software... we recognize the problem and know it will be much easier for our customers once it is fixed, but I'm sorry I can't promise it to you soon enough to address any immediate issues.
What I can do is offer the support to walk you through the process. You don't need to be fluent to use terminal, just careful and follow instructions.
Terminal can be your friend - it is a cool tool once you get to know a few things... in preparation for us helping you, take a look through our simple tech brief: Command Line Access to Cache-A Appliances
Once you've had a look, give our support group a call and we'll make sure you get connected.
602 Park Point Drive
Golden, CO 80401
Thanks! I'll study it!