As you learned in Table 25.1, Mac OS X supports a large number of network services. To access these services, you must configure each machine that will be using them. This configuration involves configuring the particular machine that will be providing those services (the server), and then enabling access to those services on various machines on the network that will be accessing those services (the clients).
Explaining how to configure each of the services that are possible is beyond the scope of this book. However, learning about some examples of services you are likely to use will enable you to configure the others.
Some services of which you will want to take advantage on most networks are the following:
Windows file sharing
To learn how to share files with Windows computers, see "Mac OS X to the Max: Networking Mac OS X with Windows Computers," p. 752.
To learn how to share the printers attached from a Mac OS X machine, see "Sharing a Printer," p. 677.
To learn how to host Web sites from a Mac OS X machine, see "Using Mac OS X to Serve Web Pages," p. 389.
The Mac OS has long provided peer-to-peer file-sharing capabilities to enable Macintosh computers on a network to share files. Support for such file sharing continues under Mac OS X, but be aware that the improved security features of Mac OS X make configuring and accessing files on a specific machine a bit more complicated than it was on previous versions of the Mac OS.
Under Mac OS X, file sharing is improved because in addition to Mac OS X machines, you can also share files with Macs running OS 9 and earlier, Windows file servers, and Unix file servers. For other Macs, you can use AppleTalk for file sharing or you can use TCP/IP. For Windows and Unix, you can use SMB and CIFS services.
When connecting to other Macs for file sharing, the machines communicate through either TCP/IP or AppleTalk. To log in to a Mac OS X file-sharing machine serving files via TCP/IP, that machine must have an IP address. Typically, this IP address is assigned as part of connecting that machine to the Internet. When a machine has a static, or fixed, IP address, this isn't a big deal.
Mac OS X includes support for Rendezvous. This technology enables devices to seek out other Rendezvous-compatible devices on a network and configure access to those devices automatically. All Macs that have Mac OS X version 10.2 or later are Rendezvous aware and so can take advantage of this technology to connect to other Macs easily and quickly. However, other devices, such as printers, can also support Rendezvous so that those devices can be configured automatically as well.
AppleTalk is the Mac's original network protocol, and it continues to be part of Mac OS X. When you are connecting to Macs running OS version 8.6 or earlier, you will have to use AppleTalk as support for file sharing over TCP/IP, which was added in Mac OS 9.0.
In the next chapter, you will learn how to share an Internet account using a DHCP server. Such a server assigns IP addresses to the machines connected to it. The "D" stands for dynamic, meaning that these addresses can change. This can make locating a specific machine by its IP address tough. Fortunately, with most DHCP servers, you can choose to manually assign IP addresses to the devices attached to it. When you do this, machines will have the same IP address even though they are using a DHCP server to obtain that address.
With Rendezvous, you won't need to worry about the IP addresses of individual machines because your Mac will seek out the devices that are communicating on a network and configure access to those devices automatically.
To identify the current IP address of a Mac OS machine, open the Sharing pane of the System Preferences utility. The current IP address is shown next to the Network Address text. To identify the current IP address of a Mac OS 9 machine, open the File Sharing control panel.
If your purpose in file sharing is one-way?for example, enabling others to download files from a specific machine, but not to upload files?consider using FTP services on a machine rather than file sharing. You will learn how to provide FTP services in a later section of this chapter. You can also use Web sharing to enable people to download files from a Mac OS X machine.
To share files from a Mac OS X machine, you must enable the Personal File Sharing service on that machine. This includes turning on the service, turning on AppleTalk (if you will be sharing files with Mac OS 9 machines), naming the machine, and so on.
The following steps assume that the Mac has access to the network (via Ethernet or AirPort) and that the default privileges are in place on the file-sharing machine. You can change the default privileges for items to share to make them more available. You will learn how to do that in a later section.
Open the System Preferences utility.
Click the Sharing icon to open the Sharing pane (see Figure 25.2). At the top of the pane, you will see the computer's name, its Rendezvous name, and the current network address (its IP address).
The Sharing pane has three tabs. The Services tab is used to view and configure the services that the machine will be providing. You use the Firewall tab to enable and configure the machine's firewall. You use the Internet tab to enable a machine to share its Internet connection with other machines.
To learn how to configure a Mac's firewall, see "Defending Your Mac Against Net Hackers," p. 803.
To learn how to share an Internet connection among the devices on the network, see Chapter 26, "Sharing an Internet Connection," p. 755.
Provide the computer's standard name by entering a name in the Computer Name text box; use a name that will help others on the network easily identify the machine. The default computer name will be the user's name entered when the machine was registered, with an apostrophe, an "s," and the word "Computer" tacked onto it (see Figure 25.2). You can use the default computer name or change it to one you prefer.
Give the computer a Rendezvous name if you want it to have a unique name for machines that will access it using Rendezvous. By default, this name is the same as the computer name except that spaces are converted to hyphens and any special characters, such as the apostrophe, are removed. When you provide the Rendezvous name of the machine, make sure that you don't use spaces or special characters, and limit the name to letters, numbers, and hyphens. Fortunately, your Mac won't let you enter any characters that are not allowed.
Select the service you want to activate on the machine, such as Personal File Sharing.
Click the Start button to turn on the selected service. If you have selected Personal File Sharing, that service will be activated; after a moment or two its status will become On and you will see the afp address of the machine at the bottom of the window. When you enable other services, information related to that service will be shown in the window instead. When the service is running, the Start button becomes the Stop button.
If you want to share files with Windows PCs (to enable Windows machines to access files stored on the Mac), select Windows File Sharing and click the Start button. The address that Windows machines can use to access the Mac is shown at the bottom of the pane.
If you will be sharing files with Macs running a version of the Mac OS older than Mac OS X and those machines don't allow file sharing over TCP/IP, you need to make AppleTalk active on the Mac OS X machine. If the machines to which you will be providing file-sharing services do allow file sharing over TCP/IP, you don't need AppleTalk and can skip to Step 13.
If you don't need to use AppleTalk to use file sharing, leave it off. AppleTalk can sometimes interfere with other network services, such as TCP/IP services to the Internet. AppleTalk can also make your machine visible to a local or wide area AppleTalk network.
Click the Edit button at the top of the pane to open the Network pane of the System Preferences utility.
Choose the network port over which AppleTalk access will be provided on the Show menu. For example, choose Ethernet to enable machines to use the AppleTalk protocol over Ethernet. Choose AirPort to provide AppleTalk over an AirPort network.
You can provide AppleTalk over a single network port at a time. For example, you can provide AppleTalk over Ethernet or over AirPort, but not both at the same time.
Click the AppleTalk tab and check the "Make AppleTalk Active" check box. The computer name you entered in the Sharing pane will be shown at the top of the tab.
If you have AppleTalk zones on your network, choose the zone from the AppleTalk Zone pop-up menu. You can configure AppleTalk zones using the Configure pop-up menu (choose Manually if you want to configure the network manually or Automatically to have your Mac configure it automatically).
Click Apply Now.
Review the services you have configured on the Sharing pane (see Figure 25.3).
Close the System Preferences utility.
Firewalls and Network Services
If you have a firewall installed on the machine you are configuring as a file server, you must configure that firewall such that it allows the type of access needed for others to be able to access it from the network. For example, to enable the machine to provide AFP services, you must configure the firewall to allow machines from the network to connect to the file server. With some firewalls, you can allow access to specific services, such as AFP, only from specific IP addresses. All other requests for services will be denied.
If you use the Mac OS X built-in firewall that you can enable on the Firewall tab, the services you enable on the Services tab are allowed automatically. If you use another type of firewall or configure the built-in firewall using another method (such as the Brickhouse application), you must enable access to the services you are providing through that firewall.
Similarly, if some machines on your network are connected through AirPort, you won't be able to access those machines from machines that are connected outside of the AirPort network, such as via Ethernet. Because an AirPort Base Station provides NAT protection of the machines that it connects, machines outside the AirPort network can't see any of the machines on the AirPort network.
However, if you have configured the AirPort Base Station to provide Ethernet bridging, AirPort machines will be able to communicate with other devices on the network just as if they were connected to the network directly.
Always be aware of the security settings of the networks you are configuring and using. Sometimes, you can waste a lot of time troubleshooting a network problem that is actually a case of things working just as planned (such as when you try to figure out why no one can connect to a machine that is protected by a firewall that isn't configured to allow those services to be accessed on the machine).
To access shared files stored on a Mac OS X file server from a Mac OS X machine, do the following:
Switch to the Finder.
Choose Go, Connect to Server (press +K). The Connect to Server dialog box will appear. The Mac will begin searching the network to locate the devices it can communicate with. In the left pane of the window, you see the devices currently recognized by the machine, such as machines providing file services to the network (see Figure 25.4).
In the list of devices that are found on the network, the machine you are currently using will be found, assuming that you have enabled it to provide services to the network. If you attempt to connect to the same machine you are using, you will get an error dialog box explaining that you are connected to the machine already and that you should access its files locally.
If a machine can communicate via Rendezvous, you will see both its computer name and its Rendezvous name in the window. If you select the Rendezvous name, you will see the machine's address in the Address bar.
You can collapse or expand the Connect to Server dialog box using the Expansion arrow located next to the At pop-up menu. If you expand the window, you will see all the networks available to you. If you collapse the window, you will see only the currently selected device.
Select the machine to which you want to connect. The name of the server will appear in the At pop-up menu, and you will see an icon representing the type of file server it is (see Figure 25.5). If the machine is not part of the local network, its URL will be shown under its icon as well as in the Address field.
When you access a server using the Apple File Protocol, Mac OS X automatically adds afp:// before the IP address; this URL indicates that it points to a server providing AFP services, which are those that provide file sharing.
If the machine you want to access isn't found, you can type the address of the machine in the Address field. You need to use the URL for the specific service you want to access. For example, to access Mac OS X file sharing the URL will start with afp, for FTP services it will start with ftp, and so on.
Click Connect. You will see the Connect to the File Server dialog box (see Figure 25.6).
If you have a username and password on that file server, enter them and click Connect. For example, if you have a user account on the machine, use your username and password for that account. If you don't have a username and password, click the "Guest" radio button and click Connect. You will see a dialog box enabling you to choose the volumes you want to mount.
Logging in as a Guest provides the same access to the Public folders on the machine as logging in under an account that is not an Administrator. Because logging in as a guest does not require a username or password, it is quicker to log in as a guest. However, if you want to access any resources other than those in Public folders, you will need to log in under a valid user account.
The share volumes you see when you log on to a Mac OS X machine depend on the type of user account you use to log in to the machine. If you log in through an account that is not an Administrator, you will see a volume for your Home directory. You will also see a volume for each user account on the machine you are accessing; the name of each volume is the short name of the respective user account on that machine. This volume is that user's Public folder. If you log on with an Administrator account, you will see all the volumes on that machine (which is what you will see when you use Mac OS 9 file sharing).
Choose the volume you want to mount?hold down the Shift key to choose multiple volumes?and click OK. A Finder window will open and will display the contents of the volumes you selected (see Figure 25.7).
Open the volume you want to access. If you logged in as a guest, you will see the contents of the Public folder for other user accounts. You can view or copy files and folders within the other user's Public folder, but you can't change their contents; except for the Drop Box folder into which you can place, but not view, files or folders (only someone logged in to that user account can see its contents). If you log in under a user account, you can work with the volumes as if you had physically logged in to that machine directly.
The volumes you selected will be mounted on your machine (see Figure 25.8). Network volumes have the network server icon, which is a disk icon with a globe on it. You can work with the files contained on mounted servers just like volumes that are physically connected to your Mac. For example, you can open the files on the file server, copy files to your machine, or move files from your computer onto the file server.
If you have your preferences set such that mounted volumes appear on your desktop, you will see the shared volumes there as well.
To unmount a shared volume, select it in a Finder window and choose File, Eject (+E).
Following are some additional tips about using a Mac OS X machine to access file-sharing services.
When you sign on to a Mac OS X file-sharing machine as a registered user, meaning that you have a username and password, the Options button in the Connect to Server dialog box will be enabled. If you click this button, you can set some preferences related to your accessing the file-sharing services on this machine. You can add the password for the file server to your keychain, allow clear text password (on by default), receive a warning when sending a password in cleartext (also on by default), or allow secure connections using the SSH protocol. When you change these settings, click Save Preferences to save them. You can also change your password (if your user account allows this) by clicking the Change Password button.
When you are logged in to a file-sharing machine, you can quickly choose other volumes to mount by opening the Connect to Server dialog box (press +K), choosing the file server on which you are logged in, and pressing Return. You will jump to the Select Volume dialog box (because you are already logged in) and you can choose another volume to mount on your machine.
To log back in to the same file-sharing machine under a different user account, such as an Administrator account, you must unmount any shared volumes on that machine and repeat the initial login process.
At the top of the Connect to Server dialog box, you will see a pop-up menu that shows the most recent server you accessed. If you open this menu, you will see two sections: Favorite Servers and Recent Servers. The Favorite Servers area lists those servers you have made favorites; you can quickly return to a favorite server by choosing it on the pop-up menu. In the Recent Server area, you will see those servers you have most recently accessed; again, you can choose a server from this list to return to it.
You can add a server to your favorites list by choosing it in the Connect to Server dialog box and clicking the Add to Favorites button. The Add to Favorites button becomes active when the server address is shown in the Address field.
Favorite servers also appear as individual IP addresses in the available servers pane of the Connect to dialog box.
If you click the Expansion triangle next to the At pop-up menu at the top of the Connect to Server dialog box, you can collapse or expand the dialog box. In the expanded mode, you will see the local network icon and the servers that are found on it. In the collapsed mode, you don't see the center pane and see only the pop-up menu, Address field, and the buttons at the bottom of the dialog box.
If you are unable to access the file server, see "I Can't See the File Server Using the Connect to Server Command" in the Troubleshooting section at the end of this chapter.
You can use file sharing with Mac OS 9 computers just as you can with Mac OS X machines.
The access you have to a Mac OS 9 machine from a Mac OS X machine will be determined by the file-sharing settings of the Mac OS 9 machine.
Explaining setting up file sharing on a Mac OS 9 machine is beyond the scope of this chapter. For help, see my book The Mac OS 9 Guide.
When you enable access to a Mac OS X file-sharing machine from a Mac OS 9 machine, the user of the Mac OS 9 machine will have the same options as someone who signs on to the file-sharing computer using a Mac OS X machine. For example, if they sign on under a non-Administrator account, they will be able to mount any of the Public folders on the file-serving machine. If they log in under an Administrator account, they will be able to access any volumes on that machine.
If you have trouble using file sharing from a Mac OS 9 machine, see "My Mac OS 9 Machine Can't Share Files" in the Troubleshooting section at the end of this chapter.
Remember that the Macs running older versions of the Mac OS must be configured to allow file sharing via TCP/IP or you must turn AppleTalk on for the Mac OS X file server.
Among its other network services, Mac OS X also includes a built-in File Transfer Protocol (FTP) server. Using an FTP server can be an even more convenient way to enable others to access files stored on a particular machine. Other people can use a standard Web browser or FTP application to download files via the FTP services that you enable on a machine.
Granting FTP access to a machine has security implications that are beyond what I have room to cover in this chapter. If you intend to use the FTP services on a machine that has sensitive data on it, you should investigate the implications of running FTP services on a Mac under Mac OS X that has data on it that you need to protect.
It is sometimes possible to move outside of the particular Home directory for the account under which you log on to the FTP site, so be very careful about granting FTP access to a machine unless you are very sure about the person who will be using it.
Configuring FTP services under Mac OS X is very similar to providing file sharing services.
Open the Services tab of the Sharing pane of the System Preferences utility.
You can configure the name and other information in the Sharing pane for FTP just as you do for file sharing services. See the preceding section for details on doing so.
Select the FTP Access service.
Click Start. FTP services will start up and you will see the FTP address for the machine at the bottom of the pane.
Quit the System Preferences utility.
If you use the Mac OS X built-in firewall on the machine on which you are enabling FTP services, you must do a bit more configuration to allow FTP access across the firewall.
Open the Network pane of the System Preferences utility.
Choose the port through which the FTP machine is connected to the network on the Show pop-up menu.
Click the Proxies tab.
Check the "Use Passive FTP mode (PASV)" check box.
To access the FTP server, use a Web browser or an FTP client and use the URL ftp://ip_address/ where ip_address is the IP address of the machine providing FTP services. You will be prompted to enter the username and password; enter the short name and the password for the user account whose Home directory you want to access. That directory will appear and you can use it just as other FTP sites you have used (see Figure 25.9). You can browse the various directories you see and download the files you want. If you attempt to access a directory to which you don't have the required access privileges, your request will be denied.
Remember that you can see the FTP address of a machine at the bottom of the Sharing pane of the System Preferences utility.
If you use a non-Administrator account to log in to the FTP server, you will have access to the entire Home directory for that user account. If you log in under an Administrator account, you will have wider access to files on the machine.
If you can't access the FTP site on a machine, see "I Can't See the FTP Site" in the Troubleshooting section at the end of this chapter.
If you are initially able to enter the FTP site, but then it stops working, see "FTP Access Was Working but Now It Isn't" in the Troubleshooting section at the end of this chapter.
You can use an AirPort Base Station to provide services to a wired network as well as to those machines that connect over an Ethernet network. You do this by enabling AirPort to Ethernet bridging. To use this, you need to have the AirPort Base Station connected to the Ethernet network to which you want to provide a bridge. When the Base Station acts as an Ethernet bridge, computers that are connected via AirPort will be able to access network resources connected via Ethernet just as they could if they were physically connected to the network. For example, AirPort machines can print to networked printers, share files, and so on.
To enable bridging for a Base Station, perform the following steps:
Open the AirPort Admin Utility application (Applications/Utilities). The application will search for available base stations.
Choose the Base Station you want to configure.
Click the Configure button. If you need to enter a password, enter it and click OK. If the base station's password is part of your keychain, you won't need to enter it, but you might need to grant permission for the keychain item to be used.
Click the Network tab.
Check the "Enable AirPort to Ethernet bridging" check box.
Click the Update button. The new settings will be transferred to the Base Station.
After you have enabled bridging, AirPort machines can access services on the Ethernet network just as if they were physically connected to the network.