I have recently come across an issue where I needed to mount a Samba share from a server I have no control over, on to my trusty MacBook Pro running Mac OS X 10.11.2 El Capitan. It turned out, however, that it’s not so easy to do anymore due to less-than-secure authentication method supported by the server, which by default is not supported on the OS X.
A quick background
As some of you may know by now, I’m currently working at Halley Research Station in Antarctica. Unsurprisingly, we have a station LAN with some servers on it, and some of the data accessible to all users is shared on a network server as an
It so happens, that the only access we have to the Internet is over a relatively slow Satellite link and some of the infrastructure we have here is not the most cutting edge. A few of the shared directories are on a Linux server which is running an older version of Samba and only supports
NTLM (version 1) for authentication. It also happens, that I need to access the information on those drives from my Mac, and yet have no other access to the server to fix the samba configuration.
In their wisdom, Apple have decided to by default drop support in the client for anything older than
NTLMv2. There’s no option to specify authentication mechanism while mounting the share, and there’s not a lot written about it in the documentation.
Further to that, a quick <insert your favourite Internet search engine here> search didn’t return any meaningful answers to my problem.
OSX doesn’t use
samba tools for mounting the Samba shares, and so it wasn’t immediately obvious to me how to circumvent the limitation, even if it required using command line to mount the share instead of pretty GUI. What is available, instead, is
mount_smbfs, as well as it’s companion command,
smbutil, both which at a very quick first glance in the manual seem to have originally been developed for FreeBSD.
I first tried looking at what the
smbutil can do for me, and quickly discovered that other than displaying a list of shares available on the server I was trying to connect to, not a lot more.
I then took a look at
man page for
mount_smbfs didn’t specify any switches or options to the command that would be of much use for choosing the authentication method. There was, however, a very inconspicuous sentence describing the purpose of a
nsmb.conf file which normally resides in
FILES nsmb.conf Keeps static parameters for connections and other information. See man nsmb.conf for details.
A quick look at
man nsmb.conf revealed that I could now create the
nsmb.conf file in
/etc (it doesn’t exist by default) and choose various parameters either as default, or on a per-host basis. One of those parameters was the minimum required authentication protocol, and lo and behold,
NTLMv1 was among those.
Encouraged by my findings, I’ve created
/etc/nsmb.conf with the following contents (replace
[server-hostname] with a NetBios name of the server you want to connect to):
MacBook:~$ cat /etc/nsmb.conf
minauth = ntlm
And tried mounting the share using the OSX GUI (in Finder choose Go > Connect to server…) and now I was able to mount the share!