Environment
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 2
Situation
Mapping an OES11 SP2 CIFS share from a Mac 10.9.* client fails with error
There was a problem connecting to the server. The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.
There was a problem connecting to the server. The version of the server you are trying to connect to is not supported. Please contact your system administrator to resolve the problem.
Resolution
Check if the CIFS server configuration option "SMB Signature" is set to "Mandatory" at the "General | Server" configuration page in iManager > "File Protocols" > "CIFS". If it is so, set "SMB Signature" to "Disabled" or "Optional" on the CIFS server.
Cause
Tested on Mac OS X 10.9.2. When "SMB Signature" option is set to "Mandatory", the CIFS server sets the NEGOTIATE_SECURITY_SIGNATURES_REQUIRED flag in the SecurityMode field of the SMB_COM_NEGOTIATE response (see http://msdn.microsoft.com/en-us/library/ee442092.aspx for detailed information).
When "SMB Signature" is set to "Disabled" or "Optional" with the CIFS server, the Mac OS SMB client does not require Extended Security/SPNEGO authentication and successfully proceeds communication with a SMB_COM_SESSION_SETUP_ANDX request using NTLM authentication upon having received the SMB_COM_NEGOTIATE response from the CIFS server.
Because the SMB/CIFS protocol specification does not prescribe any relation between the authentication method and the NEGOTIATE_SECURITY_SIGNATURES_REQUIRED flag in the SecurityMode field of the SMB_COM_NEGOTIATE response, the behaviour of the Mac OS X version 10.9.2 SMB Client (SMBFS version 2.0.1) can be considered defective.
As a work-around for this defect we advise to configure the "SMB Signature" option with the CIFS server to "optional" or "disabled".
When "SMB Signature" is set to "Disabled" or "Optional" with the CIFS server, the Mac OS SMB client does not require Extended Security/SPNEGO authentication and successfully proceeds communication with a SMB_COM_SESSION_SETUP_ANDX request using NTLM authentication upon having received the SMB_COM_NEGOTIATE response from the CIFS server.
Because the SMB/CIFS protocol specification does not prescribe any relation between the authentication method and the NEGOTIATE_SECURITY_SIGNATURES_REQUIRED flag in the SecurityMode field of the SMB_COM_NEGOTIATE response, the behaviour of the Mac OS X version 10.9.2 SMB Client (SMBFS version 2.0.1) can be considered defective.
As a work-around for this defect we advise to configure the "SMB Signature" option with the CIFS server to "optional" or "disabled".