I have recently come across an issue where I needed to mount a Samba share from a server I have no control over, on to my trusty MacBook Pro running Mac OS X 10.11.2 El Capitan. It turned out, however, that it’s not so easy to do anymore due to less-than-secure authentication method supported by the server, which by default is not supported on the OS X.
A quick background
As some of you may know by now, I’m currently working at Halley Research Station in Antarctica. Unsurprisingly, we have a station LAN with some servers on it, and some of the data accessible to all users is shared on a network server as an SMB
share.
It so happens, that the only access we have to the Internet is over a relatively slow Satellite link and some of the infrastructure we have here is not the most cutting edge. A few of the shared directories are on a Linux server which is running an older version of Samba and only supports NTLM
(version 1) for authentication. It also happens, that I need to access the information on those drives from my Mac, and yet have no other access to the server to fix the samba configuration.
In their wisdom, Apple have decided to by default drop support in the client for anything older than NTLMv2
. There’s no option to specify authentication mechanism while mounting the share, and there’s not a lot written about it in the documentation.
Further to that, a quick <insert your favourite Internet search engine here> search didn’t return any meaningful answers to my problem.
The solution
OSX doesn’t use samba
tools for mounting the Samba shares, and so it wasn’t immediately obvious to me how to circumvent the limitation, even if it required using command line to mount the share instead of pretty GUI. What is available, instead, is mount_smbfs
, as well as it’s companion command, smbutil
, both which at a very quick first glance in the manual seem to have originally been developed for FreeBSD.
I first tried looking at what the smbutil
can do for me, and quickly discovered that other than displaying a list of shares available on the server I was trying to connect to, not a lot more.
I then took a look at mount_smbfs
. The man
page for mount_smbfs
didn’t specify any switches or options to the command that would be of much use for choosing the authentication method. There was, however, a very inconspicuous sentence describing the purpose of a nsmb.conf
file which normally resides in /etc
:
FILES nsmb.conf Keeps static parameters for connections and other information. See man nsmb.conf for details.
A quick look at man nsmb.conf
revealed that I could now create the nsmb.conf
file in /etc
(it doesn’t exist by default) and choose various parameters either as default, or on a per-host basis. One of those parameters was the minimum required authentication protocol, and lo and behold, NTLMv1
was among those.
Encouraged by my findings, I’ve created /etc/nsmb.conf
with the following contents (replace [server-hostname]
with a NetBios name of the server you want to connect to):
MacBook:~$ cat /etc/nsmb.conf
[server-hostname]
minauth = ntlm
And tried mounting the share using the OSX GUI (in Finder choose Go > Connect to server…) and now I was able to mount the share!
I’m trying your solution but it is not working: in console I get 05/03/16 11:22:34,000 kernel[0]: smb1_smb_negotiate: Support for the server MODEMTELECOM has been deprecated (PreXP), disconnecting
Hi,
I would have a look at other options available in
/etc/nsmb.conf
. If in doubt, have a look at the man page for that file (by usingman nsmb.conf
command). And if it still doesn’t work, then that may just be the way it is. Sorry!Thanks! It works perfectly: an easy and fast solution!
You’re welcome, glad it helped!