Mac OS X 10.2 lets you share files — over a local network or the Internet — with Windows computers. But customizing OS X’s Windows File Sharing (Samba) server to share specific directories, or to restrict access to read-only, requires that you manually edit some fairly complex configuration files.
However, the newest version of the Personal File Sharing utility SharePoints — now with support for a number of Windows File Sharing options — makes working with Samba a whole lot easier. We’ll tell you how.
Simple Samba Setup
You can use OS X’s built-in Samba server, which serves files via the SMB/CIFS (Server Message Block/Common Internet File System) standard used by Windows and many Unix computers, to share files with Windows computers — for example, in a multi-OS environ-ment or when you need to access your Mac from a remote location.
Setup is a two-step process. First, enable Windows File Sharing, under the Services tab of the Sharing pane of System Preferences; this starts the Samba server and, if you’ve enabled OS X’s firewall (via the Firewall tab of the Sharing pane), opens port 139 so Samba traffic is allowed. Second, for each person who needs access, open the Accounts pane of System Preferences, select a user account, and click on Edit User. In the resulting dialog box, select Allow User To Log In From Windows. (You’re actually allowing the user to connect via SMB/CIFS, so that person can connect from Unix and other OS X computers as well.) You’ll be asked to change the user’s password; make sure you tell the user what the new password is (it can be changed later).
Opening the Window(s)
Once your computer is ready to share, people with accounts on your Mac can access their Home folders from Windows computers. Since users are limited to their own Home folders, sharing your files with a remote Windows user requires that you place files inside each person’s Public folder or Drop Box.
To connect, Windows users on a local network should open Network Neighborhood (or My Network Places, in Windows XP); as long as your WorkGroup name is the same as theirs, shares (shared directories or volumes) on your Mac will show up. Otherwise, Windows users should first open Entire Network to find your WorkGroup.
To access a share, they’ll need to provide their user names and passwords.
Windows users connecting over the Internet should open My Computer and choose Tools: Map Network Drive (Windows XP); choose Tools: Map Network Drive and then the Web folder or FTP site (Windows 2000); or click on the Web Folders icon and then double-click on Add Web Folder (Windows 98). They should then enter, in the resulting dialog box, serveraddresssharename, where serveraddress is your Mac’s IP address or domain name, and sharename is the name of the directory or volume they want to access (in the case of a Home folder, the share name would be the short user name).
Now that the basic setup is complete, you can use SharePoints to access more options, such as sharing additional folders, restricting file access, and customizing server settings.
Unless you use a third-party utility (or OS X Serv-er), configuring OS X’s Samba server — beyond turning it on or off — requires manual editing of the /etc/smb.conf file. A few utilities have sprung up to make this process easier, and one of the best is
; “More Mac Software Bargains,” May 2003). By default, users can access only their own Home folders via Windows File Sharing. However, you can also provide access to the Users: Shared folder and make files in that folder available to all remote users. SharePoints’ “Normal” Shares tab lets you do so by creating additional Windows shares.
First, click on the padlock icon and provide your admin user name and password so you can make changes. In the Share Name field, enter the name of the new share. Click on the Browse button to select a folder to be shared. (Once you’ve selected a folder, the path to it will appear in the Directory field.) Next, select Shared (+) from the Windows (SMB) Sharing pop-up menu, and then click on Create New Share; the newly shared folder will show up in the list of shares at the top of the window. (If you’ve used SharePoints in the past to set up additional Personal File Sharing shares, you can simply click on an existing share, enable Windows Sharing for it, and then click on Update Share.)
If you want to view or change the privileges of the new share, select it from the list of shares and then click on the Show File System Properties button; a drawer that lets you edit the owner, group, and permissions will appear. Click on Update Share to save your changes.
Once you’ve created and edited the share, click on Restart SMB Server to restart Windows File Sharing using the new share.
SharePoints also allows you to change several Samba server properties, via the SMB Properties tab. Under General Properties, you can change your Mac’s NetBios name (the name Windows computers will identify your computer by) and the server info string (information about your Samba server that Windows users will see in My Computer after connecting). You can also change your WorkGroup name — it’s generally easier for others to connect if your WorkGroup name is the same as theirs. In fact, if you’re on a Windows NT network, your WorkGroup name must be the NT WorkGroup name. You can limit the number of users connected via Windows File Sharing by entering a number in the Max Connections box.
The File Visibility section lets you hide certain files or prevent them from being accessed altogether — for example, you might want to hide MP3 files from connected users. The Hide Files Starting With A Period option does just that (these files are usually invisible in OS X).
If you want to hide additional files, enter their names in the Hide Files field (separate multiple file names with a slash [/]). A savvy user, or one who’s chosen to view hidden files, can view and access these so-called hidden files. To prevent a file from being accessed at all, include it in the Veto Files field — by default, Samba is set up to veto a few common files. (When you select files to hide or veto, you can use an asterisk [*] as a wild-card character. For example, entering *.mpg in the Veto Files field would prevent connected users from viewing or accessing any file ending in .mpg.)
Home Security You can designate Home directories as browseable and/or read-only. If you deselect the Browseable option, Windows users will not be able to see Home-directory shares in My Network Places or Network Neighborhood; they’ll need to connect directly to their own Home directories (using the short user name as the share name). If the Read Only option is selected, each user will be able to connect to his or her Home directory and copy files from it, but not save files to it or edit files in it.
Tip of the Iceberg
Although SharePoints doesn’t give you access to all Samba server settings — Samba is a true industrial-strength file server with hundreds of options and features — it does provide access to much of what you’ll need. For more functionality, check out the open-source Samba Sharing Package (http:// xamba.sourceforge.net/ssp/index.shtml). And if you want to learn more about advanced Samba configuration, the entire first edition of Using Samba (O’Reilly, 1999) is available free online at www.oreilly.com/catalog/samba/chapter/book/index .html (HTML format) or at ftp://ftp.ora.com/ examples/misc/samba (PDF format). How deep you want to get into Samba configuration is up to you; however, the power is there if you want it.