AFP network connections to many Linux-based NAS units aren’t working in Mac OS X Lion 10.7 developer preview. After hitting the connect button a message pops up saying:
The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.
The Time Machine backup feature present in many NAS obviously isn’t working as well because it’s based on AFP too.
You may say that this is a developer preview, things will change for the final release. That’s obviously true. But my source also says that this connection problem most likely has to do with Apple discontinuing support for DHCAST128 (or DHX) authentication in Lion because it was considered insecure. Instead, the successor of DHCAST128 should be used: the more secure DHX2 user authentication module. DHX2 is supported since Mac OS X 10.2 and supports up to 256 characters for passwords (hell yeah, that should be enough). It relies on CAST-128 in cipher block chaining mode for encryption.
I checked my QNAP NAS for available afpd/netatalk UAMs and DHX2 isn’t present, so it most likely wouldn’t work with Lion. Well, if it weren’t for Time Machine, I could always resort to SMB.
[/usr/local/etc/netatalk/uams] # ls -la
drwxr-xr-x 1024 Jan 31 23:08 ./
drwxr-xr-x 1024 Feb 25 20:14 ../
lrwxrwxrwx 14 Feb 25 2011 uams_clrtxt.so -> uams_passwd.so*
lrwxrwxrwx 18 Feb 25 2011 uams_dhx.so -> uams_dhx_passwd.so*
-rwxr-xr-x 10959 Jan 31 23:08 uams_dhx_passwd.so*
-rwxr-xr-x 5304 Jan 31 23:08 uams_guest.so*
-rwxr-xr-x 6996 Jan 31 23:08 uams_passwd.so*
AFP authentication might work if a uams_dhx_2_passwd.so authentication module was present and configured. It may not be a bad idea to raise this issue with your NAS vendor if you plan to use Lion in the near future.
Rumor has it that some NAS vendors intentionally disable DHX2 in netatalk because it’s a lot more CPU intensive. This could lead to longer login times when accessing AFP shares on NAS’ units with slow CPUs.
Update 2-26-2011: It has been verified that Lion is able to connect to a Linux host running netatalk 2.1.2 supporting the DHX2 UAM in afpd.
Update 7-15-2011: Check out this post for a status update on Time Machine support in OS X Lion 10.7.