AFP changes in OSX Lion

Anyone experienced problems connecting to OES2 or NetWare via AFP since upgrading to OSX Lion?

Here's the solution:

Because Apple changed the AFP version from v1 to v2, there are no connections possible through AFP from Mac to OES2 Linux nor NetWare...

  1. Open up a Terminal on your Mac and make /Library/Preferences writable:
    sudo chmod o w /Library/Preferences

  • Switch back your Lion to AFP v1:
    defaults write /Library/Preferences/ 
    afp_host_prefs_version -int 1

  • Reboot your Mac !! (this is necessary just one time)

  • Try to connect to your Server again. It may still fail.

  • Open up a Terminal again and type:
    sudo defaults write /Library/Preferences/  
    afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way
    Randnum exchange"

  • Now the AFP connections should work...

  • Change back rights to /Library/Preferences/ with:
    sudo chmod o-w /Library/Preferences



How To-Best Practice
Comment List
  • in reply to MigrationDeletedUser
    Firstly we really are getting into support territory here for which Novell's forums would be much more appropriate.

    A forum has been created for Kanaka and is available at whilst there's also if you have a query about AFP and/or CIFS.

    You haven't said which version of OES you're using but if using OES11 or OES2 SP3 with November 2011 patches installed then you have a version of AFP that supports DHX2 as introduced with OS X Lion. What you might not have is the DHX2 UAM enabled so you need to configure that via AFP in iManager or by editing /etc/opt/novell/afptcpd/afptcpd.conf and setting AUTH_UAM to DHX2.

    If this doesn't resolve your problem then I suggest visiting one of the above support forums and posting a message giving more details.
  • I've tried changing the Apple Share Client.plist for Lion as shown below, but it still does not

    defaults write /Library/Preferences/ afp_host_prefs_version -int 1

    defaults write /Library/Preferences/
    afp_disabled_uams -array "Cleartxt Passwrd" "DHX2" "MS2.0" "2-Way Randnum exchange"

    The Kanaka plug-in works great on Snow Leopard. Any ideas on what
    needs to be modified in Lion to make the new Kanaka plug-in work correctly?

  • For those new to MACs, like me, the commands outlined above will not work if you copy and paste them as the copy and paste will include a carriage return. Remove the carriage returns from a copy and paste and then the commands will work (they are single-line commands).

    Might be obvious to others, but it delayed me for 30 seconds or so. Posted this in hopes others find it useful.
  • in reply to MigrationDeletedUser
    well, sorry for wrong background (version) info. I forgot the 3. stuff on there :-)
  • Novell have now published TID 7008683 with advice to disable the DHX2 UAM.
  • First of all Apple have published their own support document @ and Novell are currently working on a support TID.

    Now to correct some of the above article - with Mac OS X Lion (10.7) Apple have moved to AFP version 3.2 (not v2) but NetWare and OES2 only currently support AFP version 3.1 (not v1).

  • The new version of AFP is actually 3.3, and I believe OES is only supporting 3.1 or 3.2 (I think Netware supports 3.1).

    A full Apple support document on the changes can be found at the link below. It also includes information on how to exclude certain password hashing methods (for full compatibility with Netware and OES, I would just disable ClearText and let all of the others through).