10 Replies Latest reply: Feb 25, 2012 3:51 PM by SoGood
Michael Wayne Level 4 (1,405 points)

so far. Take a look at this. It may go a long way to help folk understand why it's broken.

I wholeheartedly atribute this to a chap on trick77.com but I can confirm that my set up...


HP Proliant 4 x 1 TB drives runing Ubuntu 8.04.2 with 4 shares for my Mac stuff under 'afp' and 1 share under 'smb' ,so my wifes Windows work laptop can be backed up. Since update to Lion on main Mini no Time Machine.


I tried adding the line......uams_dhx_2_passwd.so......in Webmin but it did't work. I am sure a fix will be out soon so for time being I just back up important stuff either to good old cheap DVD discs and a USB drive.



AFP network connections to many Linux-based NAS units aren’t working in Mac OS X Lion 10.7 developer preview. After hitting the connect button a message pops up saying:

The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.

The Time Machine backup feature present in many NAS obviously isn’t working as well because it’s based on AFP too.


You may say that this is a developer preview, things will change for the final release. That’s obviously true. Source say that this connection problem most likely has to do with Apple discontinuing support for DHCAST128 (or DHX) authentication in Lion because it was considered insecure. Instead, the successor of DHCAST128 should be used: the more secure DHX2 user authentication module. DHX2 is supported since Mac OS X 10.2 and supports up to 256 characters for passwords (**** yeah, that should be enough). It relies on CAST-128 in cipher block chaining mode for encryption.

I checked my QNAP NAS for available afpd/netatalk UAMs and DHX2 isn’t present, so it most likely wouldn’t work with Lion.


Well, if it weren’t for Time Machine, I could always resort to SMB.


[/usr/local/etc/netatalk/uams] # ls -ladrwxr-xr-x      
1024 Jan 31 23:08 ./drwxr-xr-x     
1024 Feb 25 20:14 ../lrwxrwxrwx       
14 Feb 25  2011 uams_clrtxt.so -> uams_passwd.so*lrwxrwxrwx       
18 Feb 25  2011 uams_dhx.so -> uams_dhx_passwd.so*-rwxr-xr-x    
10959 Jan 31 23:08 uams_dhx_passwd.so*-rwxr-xr-x     
5304 Jan 31 23:08 uams_guest.so*-rwxr-xr-x     
6996 Jan 31 23:08 uams_passwd.so*

AFP authentication might work if a uams_dhx_2_passwd.so authentication module was present and configured. It may not be a bad idea to raise this issue with your NAS vendor if you plan to use Lion in the near future.

Rumor has it that some NAS vendors intentionally disable DHX2 in netatalk because it’s a lot more CPU intensive. This could lead to longer login times when accessing AFP shares on NAS’ units with slow CPUs.

Update 2-26-2011: It has been verified that Lion is able to connect to a Linux host running netatalk 2.1.2 supporting the DHX2 UAM in afpd.

Update 7-15-2011: See Time Machine support in OS X Lion 10.7.



Now we also have to wait for 'Netatalk' stable release to be outed as that should resolve the Ubuntu via Webmin picture..(we hope).

I tried different work arounds and have reset them all back to what they were and will just have to wait for Apple to address this. Hope this snippet

gives a little clarity