Frozen Geek Technology Blog

Mounting older Samba shares on Mac OS X 10.11 El Capitan

I have recently come across an issue where I needed to mount a Samba share from a server I have no control over, on to my trusty MacBook Pro running Mac OS X 10.11.2 El Capitan. It turned out, however, that it’s not so easy to do anymore due to less-than-secure authentication method supported by the server, which by default is not supported on the OS X.

A quick background

As some of you may know by now, I’m currently working at Halley Research Station in Antarctica. Unsurprisingly, we have a station LAN with some servers on it, and some of the data accessible to all users is shared on a network server as an SMB share.

It so happens, that the only access we have to the Internet is over a relatively slow Satellite link and some of the infrastructure we have here is not the most cutting edge. A few of the shared directories are on a Linux server which is running an older version of Samba and only supports NTLM (version 1) for authentication. It also happens, that I need to access the information on those drives from my Mac, and yet have no other access to the server to fix the samba configuration.

In their wisdom, Apple have decided to by default drop support in the client for anything older than NTLMv2. There’s no option to specify authentication mechanism while mounting the share, and there’s not a lot written about it in the documentation.

Further to that, a quick <insert your favourite Internet search engine here> search didn’t return any meaningful answers to my problem.

The solution

OSX doesn’t use samba tools for mounting the Samba shares, and so it wasn’t immediately obvious to me how to circumvent the limitation, even if it required using command line to mount the share instead of pretty GUI. What is available, instead, is mount_smbfs, as well as it’s companion command, smbutil, both which at a very quick first glance in the manual seem to have originally been developed for FreeBSD.

I first tried looking at what the smbutil can do for me, and quickly discovered that other than displaying a list of shares available on the server I was trying to connect to, not a lot more.

I then took a look at mount_smbfs. The man page for mount_smbfs didn’t specify any switches or options to the command that would be of much use for choosing the authentication method. There was, however, a very inconspicuous sentence describing the purpose of a nsmb.conf file which normally resides in /etc:

FILES
    nsmb.conf    Keeps static parameters for connections and other 
                 information.
                 See man nsmb.conf for details.

A quick look at man nsmb.conf revealed that I could now create the nsmb.conf file in /etc (it doesn’t exist by default) and choose various parameters either as default, or on a per-host basis. One of those parameters was the minimum required authentication protocol, and lo and behold, NTLMv1 was among those.

Encouraged by my findings, I’ve created /etc/nsmb.conf with the following contents (replace [server-hostname] with a NetBios name of the server you want to connect to):

MacBook:~$ cat /etc/nsmb.conf 
[server-hostname]
minauth = ntlm

And tried mounting the share using the OSX GUI (in Finder choose Go > Connect to server…) and now I was able to mount the share!

Exit mobile version