Sharing files on your Mac with Windows computers has always been a bit of a hassle, especially for your Windows friends. Without installing third-party software, their computers don't understand the Apple File Protocol (AFP) used by Personal File Sharing, and FTP requires them to use a special FTP application or the command line—it's just not as convenient for them as accessing files on other Windows computers. Wouldn't it be great if they could mount your shared folders like any other Windows share?
Starting with OS X 10.2, Apple included a version of the open-source Samba server (http://www.samba.org/), which shares files using the SMB/CIFS (Server Message Block/Common Internet File System) protocol—the same protocol used by Windows for sharing files. Using Samba (known in OS X as Windows File Sharing) you can make your files available to Windows users (and Unix computers that understand SMB/CIFS), and your shares will appear on their computers as any other Windows volume or share.
By default, users can only access their own home directory (/Users/username) via Windows File Sharing. In fact, when they connect, their home directory will be mounted as a shared volume. So in order to share a file with someone who is logging into your Mac through Windows File Sharing, you'll need to place the file in their Public folder (via the Drop Box), not yours. Likewise, for them to share a file with you, they'll need to place it in their own Public folder, since that's the only location they can access that you also have access to.
That being said, it's possible to share other directories, and to share them with more than a single user. I'll show you how under "How Do I Configure It?"
In order to connect to Windows File Sharing and access files, users must have an account on your Mac. In addition, you (or another administrator) must manually enable their account to allow Windows File Sharing access (as explained in the next section).
Obviously, users can connect to Windows File Sharing from a Windows computer. However, they can also connect from another computer running OS X 10.2 or later (I'll show you how in the next chapter when I talk about connecting to Windows shares). Thus if you're sharing files with both Windows and Mac OS X users, you can use Windows File Sharing for both—you don't have to turn on Personal File Sharing just for the Mac folks unless you want to take advantage of Personal File Sharing features.
Unlike most of the other types of sharing in OS X, basic Windows File Sharing requires two steps. First, you have to enable the service itself: in the Services tab of Sharing preferences, check the box next to Windows File Sharing. Second—and this is a step that many people forget, but that is required for access—you must enable/disable the ability to connect to Windows File Sharing for each user individually. Open the Accounts pane of System Preferences and select a user. Click the Edit User… button, and in the resulting window check the box next to "Allow user to log in from Windows" (Figure 10.6). Unfortunately, this requires you to enter a new password for the user. If you know the user's password (or if it's your own account) you can simply re-enter the current password. If you don't, just enter something easy to remember, give the new password to the user, and then let them change it back.
Although this is a bit of a pain as compared to enabling other types of sharing, it has the advantage of letting you easily decide which users can and cannot connect remotely without having to mess with configuration files.
Although the setting is called "Allow user to log in from Windows," it should actually be called "Allow user to log into Windows File Sharing." Because Windows File Sharing is simply a way to share files using the SMB/CIFS protocol, it's possible to access Windows File Sharing from any computer that understands SMB, including other Mac OS X computers and many Unix computers. This box must be checked to access files using SMB, regardless of the type of computer or OS.
In addition to the standard Windows File Sharing setup, you can customize Samba to provide access to other files and folders, and to allow guess access. Here are a few easy ways to do so.
If after reading the tips I include here for configuring Windows File Sharing, you decide that you really want to become a Samba pro, an entire copy of the book Using Samba is actually included with Mac OS X. You can view it by opening the file /usr/share/swat/using_samba/index.html in your web browser. A newer version of Using Samba is available as an actual book, but the information in this free, older version is still extremely useful for understanding the nitty-gritty behind Samba.
Although you could manually configure the Samba settings file (/etc/smb.conf), the easiest way to customize Windows File Sharing is to use the free Samba Sharing Package (http://xamba.sourceforge.net/ssp/index.shtml). Once you download Samba Sharing Package (SSP), you should place the SambaSharing.prefPane in /Library/PreferencePanes, and move the Samba Server Config Tool and Popup applications into /Applications. Then launch System Preferences and select the Samba Sharing pane; you'll be asked to provide your admin username and password.
Using SSP to enable additional shares is similar to using SharePoints to enable shares for Personal File Sharing. The difference is that SSP creates complete configuration files for the Samba server; you select a configuration file to be used for Windows File Sharing options whenever you start the service. In a way, this is a bit like OS X's network Locations—you can save "sets" of settings and easily switch between them.
In the Global tab of Samba Sharing preferences, you can start and stop Samba Sharing; this is identical to enabling and disabling Windows File Sharing in Sharing preferences. However, you can also switch between your various Samba configurations from the pop-up menu (switching configurations automatically restarts the Samba server). This means that if you want, you can enable standard Windows Sharing (the "default" configuration) most of the time, and, when needed, switch to a more specialized configuration that provides different levels of access. If you click the Edit button, the currently loaded configuration will be opened for editing (unless the "default" configuration is active—it can't be edited). The Help button at the bottom of the window opens the Samba Sharing documentation in your preferred web browser. A few ways to use configurations to your advantage follow.
Be sure to read the Samba Sharing Package documentation for information on limitations of Samba and Windows File Sharing connections.
To create a new Samba configuration file with custom shares, click on the Configurations tab, and then click the New button (you could also select the default configuration and click Duplicate). Give it an easily recognizable name; for example, I've created a configuration called Shared Folder that I've set up to allow users to access the Shared user folder via Windows File Sharing. I have another one called Consulting that allows clients to access files in a particular folder of project files. The Samba Server Config Tool will launch to allow you to customize the configuration. (You can also select a non-default configuration and click the Edit button to edit any existing configuration). Any configurations you create here will be accessible from the popup menu on the Global tab of Samba Sharing preferences. To configure your new configuration file using Samba Server Config Tool, including customizing shares, follow these steps:
Click the Server tab and enter a server name in the Servername field. This is how your computer will appear in Windows' Network Neighborhood (on a local network). It can be whatever you want, but it must be unique and shouldn't include any special characters (i.e., limit it to numbers and letters). You can also customize the Comment field, although it won't affect how your computer shares files.
If you're on a local network with Windows machines, choose the same Workgroup name as the other computers. This will allow Windows computers to see your computer in Network Neighborhood. If you choose a different Workgroup name, they'll have to browse Entire Network, find your Workgroup, and then access that Workgroup. (If you're on a Windows NT network, this field must be the NT Workgroup name.)
If you're on a local Windows network, and the network administrator tells you that you need a WINS address, enter it here. If not, or if you're not on a local Windows network, leave this blank.
Switch to the Global tab and select the account you want to use for "guest" access from the Guest Account pop-up. For most cases, you should just accept the default of "unknown." (See "Creating 'Guest' Users for Windows File Sharing" for more details.) Most of the other details on this tab can be left at their default values. You would only uncheck Filter Files if you want remote users to be able to see invisible/hidden files. If you want to restrict access only to certain IP addresses or domains, enter them in the Allow Hosts field, separated by commas. (If this field is left blank, all IP addresses are allowed.) Conversely, you can deny access to certain IP addresses or domains by entering them in the Deny Hosts field. Finally, checking the Messages option allows you to send messages to connected users using the Popup application.
Switch to the Shares tab to configure which directories are to be shared. You can enable or disable the sharing of each user's home directory (Figure 10.7), and the Shared directory, by checking/unchecking the respective box.
Figure 10.7: Using Samba Sharing Package to enable the sharing of the Shared user folder via Windows File Sharing
At this point, if all you wanted to do was change the home and Shared folder access, you can choose File ➣ Save to save changes you've made to the configuration. To create new shares, continue to Step 7.
Click the New button at the bottom of the window to create a new share. Give the share a name (enclose the name in brackets and don't use spaces or special characters); this name will show up when a Windows user accesses your server in Network Neighborhood. You can also choose a comment, which will be shown next to your share in Network Neighborhood. Enter the path to the folder you wish to share, or click the Edit button to navigate to it. If you want to change the permissions of the folder you're sharing, click the Change button to be presented with a dialog that allows you to set the owner, group, and privileges. Finally, decide if you want other users to have Write access, and whether or not you want people to be able to access the new share without entering a login name or password (guest access).
If you want to edit an existing share, choose it from the pop-up menu and edit any fields as needed. You can also delete a share by selecting it from the pop-up menu and clicking the Delete button, or duplicate an existing share by selecting it and clicking the Duplicate button (you can then edit the copy as needed).
Choose File ➣ Save to save your new configuration.
When creating new shares, it is much safer to create several shares of individual folders than to share an entire drive or a folder that contains sub-folders you don't want to share.
You can now go back to the Global pane of Samba Sharing preferences to switch to your new configuration. Windows File Sharing will restart using the new configuration file.
The utility SharePoints, which I discussed earlier in the chapter as a way to configure Personal File Sharing, also allows you to customize Windows File Sharing. Although it doesn't offer quite as much functionality as Samba Sharing Package, you may find its interface easier to use (it has similar interfaces for both Personal File Sharing and Windows File Sharing). In fact, if you already have Personal File Sharing sharepoints defined (as described earlier in the chapter), you can simply enable them for use with Windows File Sharing, as well. Share-Points also allows you to hide specific files from remote Windows File Sharing users, and to change your workgroup name. Check out the SharePoints documentation for more info.
You can generally use the "unknown" account for "guest" (non-user account) access. However, for added security you can create additional user accounts on your computer for use as guest Windows File Sharing accounts, and then use the Samba Sharing preference pane to customize the files those users will be able to access. Unfortunately I can't explain the entire process here due to space restrictions; however, the Samba Sharing Package Help files have a very detailed description of how to configure these user accounts using NetInfo Manager so that they will only be able to access your computer through Windows File Sharing. Click the Help button on the Global tab, then click the "Using SSCT" link. Scroll down to the "Guest account" section for details.
The Connections tab of Samba Sharing preferences provides a list of all currently connected users. It also provides information on the computer from which they're connecting (name and IP address), and the share they are accessing. (If you see a user called "unknown," it's usually a guest user.) You can immediately disconnect a user by selecting their name and pressing the Disconnect button. The window is refreshed each time you access the Connections tab; you can use the Refresh button to manually refresh it.
You can also browse the Samba log files; switch to the Extras tab and click on either of the buttons in the Logfiles section to view them using OS X's Console utility.
If the default Windows File Sharing settings and access are fine with you, but you just want to change your computer's Windows Workgroup name so that it's easier for Windows users on your local network to locate you, you can do so using Apple's Directory Access application (located in /Appliations/Utilities). Launch Directory Access and then follow these steps:
Authenticate by clicking the padlock icon.
In the Services tab, select SMB and then click Configure….
Type the new Workgroup name (or select it from the drop-down menu if applicable), and then click OK.
Click the Apply button, and then quit Directory Access.
In Sharing preferences, stop Windows File Sharing, and then start it again.
You can also change your workgroup name using SharePoints (via the SMB Properties tab).
If your Mac is on a Windows network, or you find yourself a heavy user of Windows File Sharing, you might want to consider the commercial software DAVE (http://www.thursby.com/). DAVE is a full-featured Mac/Windows file and print sharing package that provides a good deal of additional functionality in terms of sharing files with and connecting to Windows computers. For example, DAVE provides additional levels of access security, a simpler procedure for setting up additional shares, allows you to share your printers with Windows computers, and works with the NTFS file format used by Windows servers. It also provides additional features with respect to connecting to Windows shares, which I'll mention in the next chapter when I talk about how to connect to Windows shares from OS X.
How Windows users will access your Mac depends on whether they're on the same local network as you or they'll be connecting over the Internet.
Local network If you're on the same local network as your Windows users, they should simply open Network Neighborhood (My Network Places on Windows XP); if you've set up your Workgroup to be the same as theirs, your computer will show up. (If not, they'll need to open Entire Network and find your Workgroup name first.) When they open your computer, they'll see the shares they can access. To open a share, they'll need to provide their username and password.
Internet If Windows users are trying to access your Mac over the Internet, they'll have to use a technique similar to accessing your iDisk:
Windows XP Open My Computer and then choose Tools ➣ Map Network Drive. Enter \\yourIPaddress\sharename (where sharename is the name of the share on your Mac that they are trying to access). When prompted, they should provide their username and password for your computer, not their own.
Windows 2000 Open My Computer and then choose Tools ➣ Map Network Drive. Click "Web folder or FTP site," and then enter the address provided above.
Windows 98 Open My Computer, open the Web Folders icon, and then double-click Add Web Folder. Enter the address provided above.