Mac OS X Lion and legacy SMB

mount_smbfs: server connection failed: Unknown error: -5996

For anyone else experiencing problems connecting to older Windows networking shares (using SMB/CIFS protocols) from OS X Lion hosts, here is why and what to do about it.

For many years Mac OS X included the Open Source Samba client, but from OS X 10.7 onwards this was replaced by Apple’s own Windows networking software. In making this change Apple also chose to disable support for the older SMB 1.0 protocol, which some file sharing devices still depend on.

If you cannot connect your Mac to a network storage device, then try this command which temporarily resurrects support for the older SMB 1.0 protocol:

sudo sysctl -w net.smb.fs.kern_deprecatePreXPServers=0

Note that this is a transient kernel fix which will revert back when you reboot your Mac.

Unfortunately I’ve heard that this option no longer works in OS X Mountain Lion (10.8), so if you can’t update your legacy storage device to support SMB 2.0 then you had better not upgrade!

(Apple support article HT4697 also describes this issue)

Dropbox & EncFS on OS X Lion

I previously wrote about a method for creating a super-secure filesystem using Dropbox’s cloud storage.

After updating to Mac OS Lion I struggled to get the MacFusion GUI to work and so I wrote an application to automate the mounting and unmounting of the EncFS filesystem.

I also took the opportunity to switch from the now abandoned MacFUSE to Fuse4X, which is a properly maintained fork of MacFUSE started in June 2011.

The install procedure is much simpler than before, you install Fuse4X and EncFS, but instead of using the MacFusion GUI you just call my script instead.

To the instructions!

First download and install Fuse4X and a version of EncFS which uses the Fuse4X APIs. Thanks to Simone Lehmann for providing an EncFS Mac installer at (also mirrored here).

To create a new encrypted volume (stored locally at first to prevent the EncFS key from being synchronised with Dropbox):

encfs ~/Desktop/_Encrypted ~/Documents/_DropSec

Answer ‘yes’ when prompted to create the new folders and choose ‘p’ for pre-configured paranoia mode (256-bit AES encryption). Enter a secure EncFS password when prompted and you’re done.

Now the filesystem has been created we can deal with securing the key.

umount ~/Documents/_DropSec
mkdir ~/.keys
mv ~/Desktop/_Encrypted/.encfs6.xml ~/.keys/dropsec.xml

The commands above move your key from the EncFS filesystem into a hidden folder in your (local) home directory

Now move the entire ~/Desktop/_Encrypted folder (minus your key) into your Dropbox:

mv ~/Desktop/_Encrypted ~/Dropbox/

Finally download my DropSec application and copy it to your Applications folder.

The first time you run DropSec it will prompt you for your EncFS password which it stores in your local login keychain. The password must match the secure password you set in a previous step.

To mount or unmount the encrypted filesystem simply run the DropSec app. For convenience copy it to your Mac OS Dock for quick access.