As you learned in Table 26.1, Mac OS X supports a large number of network services. To access these services, you must configure each machine that will be using them. This involves configuring the particular machine that will be providing those services (the server) and then enabling access to those services on various machines on the network that will be accessing those services (the clients).
Explaining how to configure each of the possible services is beyond the scope of this book. However, learning about some examples of services you are likely to use will enable you to configure the others.
Some services you'll want to take advantage of on most networks are the following:
Windows file sharing
To learn how to share files with Windows computers, see "Mac OS X to the Max: Networking Mac OS X with Windows Computers," p. 853.
To learn how to share the printers attached to a Mac OS X machine, see "Configuring Print Options and Sharing a Printer," p. 768.
To learn how to host Web sites from a Mac OS X machine, see "Using Mac OS X to Serve Web Pages," p. 446.
The Mac OS has long provided peer-to-peer file-sharing capabilities to enable Macintosh computers on a network to share files. Support for such file sharing continues under Mac OS X, but be aware that the improved security features of Mac OS X make configuring and accessing files on a specific machine a bit more complicated than it was on previous versions of the Mac OS.
Under Mac OS X, file sharing is improved because, in addition to Mac OS X machines, you can also share files with Macs running OS 9 and earlier, Windows file servers, and Unix file servers. For other Macs, you can use AppleTalk for file sharing or use TCP/IP. For Windows and Unix, you can use SMB and CIFS services.
When connecting to other Macs for file sharing, the machines communicate through either TCP/IP or AppleTalk. To log in to a Mac OS X file-sharing machine serving files via TCP/IP, that machine must have an IP address. Typically, this IP address is assigned as part of connecting that machine to the Internet, such as by a DHCP server.
Mac OS X includes support for Rendezvous, which enables devices to seek out other Rendezvous-compatible devices on a network and configure automatically access to those devices. All Macs that have Mac OS X version 10.2 or later are Rendezvous aware and can therefore take advantage of this technology to easily and quickly connect to other Macs. However, other devices, such as printers, can also support Rendezvous, so those devices can be configured automatically as well.
AppleTalk is the Mac's original network protocol, and it continues to be supported in Mac OS X. When you are connecting to Macs running OS version 8.6 or earlier, you have to use AppleTalk as support for file sharing over TCP/IP, which was added in Mac OS 9.0.
In the next chapter, you will learn how to share an Internet account using a DHCP server. Such a server assigns IP addresses to the machines connected to it. The D stands for dynamic, meaning these addresses can change. This can make locating a specific machine by its IP address tough. Fortunately, with most DHCP servers, you can choose to manually assign IP addresses to the devices attached to it. When you do this, machines have the same IP address even though they are using a DHCP server to obtain that address.
With Rendezvous, you don't need to worry about the IP addresses of individual machines because your Mac seeks out the devices that are communicating on a network and automatically configures access to those devices.
If other devices on your network, such as printers, have dynamic IP addresses assigned to them and you use the IP address to configure that device, you can lose the connection to those devices when the DHCP server assigns a new address to them. (This typically happens if the hub loses power for some reason or the device is removed from the network for a while.) In such cases, you need to reconfigure any computers that access the device with the new address assigned by the DHCP server. For such devices, consider assigning a static address that remains constant for that device.
To identify the current IP address of a Mac OS X machine, open the Sharing pane of the System Preferences application. Select and activate the service in which you are interested; the current address is shown at the bottom of the pane (see Figure 26.2).
You can also use the machine's name to identify it from other machines that support Rendezvous. The machine name is shown in the Computer Name field at the top of the pane and also at the bottom of the pane as part of the address information (in Figure 26.2, you can see that the Mac's name is Test Mac).
To identify the current IP address of a Mac OS 9 machine, open the File Sharing control panel.
To share files from a Mac OS X machine, you must enable the Personal File Sharing service on that machine. This includes turning on the service, turning on AppleTalk (if you will be sharing files with Mac OS 9 machines), naming the machine, and so on.
If your purpose in file sharing is one-way?for example, enabling others to download files from a specific machine but not to upload files?consider using FTP services on a machine rather than file sharing. You will learn how to provide FTP services in a later section of this chapter. You can also use Web sharing to enable people to download files from a Mac OS X machine.
What's in a Name?
Your Mac actually has two names associated with it. One is the computer name, which by default is a combination of the first user's name and the word Computer. The other name is that device's hostname, which is actually the name used when the device is accessed over a network.
By default, the hostname and the computer name are the same, except your Mac automatically removes any characters, such as spaces, that aren't permitted in a hostname. Any changes you make to the computer name are automatically made in the hostname. However, you can manually set the hostname for a machine to be something different from its computer name. To do this, click the Edit button at the top of the Sharing pane. In the resulting sheet, enter the hostname of the Mac.
The following steps assume that the Mac has access to the network (via Ethernet or AirPort) and that the default privileges are in place on the file-sharing machine. You can change the default privileges for items to share to make them more available. You learn how to do that in a later section.
To provide file sharing services from a Mac running Mac OS X, do the following steps:
Open the System Preferences utility.
Click the Sharing icon to open the Sharing pane (see Figure 26.3). At the top of the pane are the computer's name and its hostname.
The Sharing pane has three tabs. The Services tab is used to view and configure the services the machine will provide. You use the Firewall tab to enable and configure the machine's firewall, and you use the Internet tab to enable a machine to share its Internet connection with other machines.
To learn how to configure a Mac's firewall, see "Defending Your Mac Against Net Hackers," p. 911.
To learn how to share an Internet connection among the devices on the network, see Chapter 27, "Sharing an Internet Connection," p. 855.
Provide the computer's name by entering a name in the Computer Name text box; use a name that will help others on the network easily identify the machine. The default computer name is the first user's name entered when the machine was registered, with an apostrophe, an s, and the word Computer tacked onto it. You can use the default computer name or change it to one you prefer.
After you provide a name, the machine's hostname is automatically created. Some characters aren't allowed in a hostname, which is the name by which the machine is identified on the network. If you enter such characters in the computer name, the machine name that people see on the network won't be exactly what you entered. For example, if you include a space in the computer name, it is replaced by a hyphen for the machine's network name. The Mac automatically removes and replaces any disallowed characters.
If you want to manually enter a hostname, click the Edit button; then, in the resulting sheet, enter the hostname for the machine. The extension .local is added to the hostname you type to indicate that the host is on the local network.
Select the service you want to activate on the machine, such as Personal File Sharing.
Click the Start button to turn on the selected service. If you have selected Personal File Sharing, that service is activated; after a moment or two its status becomes On and you see the AFP address of the machine and the hostname at the bottom of the pane. When you select and enable other services, information related to those services is shown in the pane instead. When the service is running, the Start button becomes the Stop button.
You can also start a service by clicking its On check box.
If you want to share files with Windows PCs (to enable Windows machines to access files stored on the Mac), select Windows Sharing and click the Start button. The address that Windows machines can use to access the Mac is shown at the bottom of the pane.
If you will be sharing files with Macs running a version of the Mac OS older than Mac OS X and those machines don't allow file sharing over TCP/IP, you need to make AppleTalk active on the Mac OS X machine. If the machines to which you will be providing file-sharing services do allow file sharing over TCP/IP, you don't need AppleTalk and can skip to step 13.
If you don't need to use AppleTalk to use file sharing, leave it off. AppleTalk can sometimes interfere with other network services, such as TCP/IP services to the Internet. AppleTalk can also make your machine visible to a local or wide area AppleTalk network.
Open the Network pane of the System Preferences utility by clicking the Network icon on the toolbar.
Select the network port over which AppleTalk access will be provided on the Show menu. For example, select Built-in Ethernet to enable machines to use the AppleTalk protocol over Ethernet. Select AirPort to provide AppleTalk over an AirPort network.
You can provide AppleTalk over only a single network port at a time. For example, you can provide AppleTalk over Ethernet or over AirPort, but not both at the same time.
Click the AppleTalk tab and check the Make AppleTalk Active check box. The computer name you entered in the Sharing pane is shown next to the text Computer Name.
If you have AppleTalk zones on your network, select the zone from the AppleTalk Zone pop-up menu (if there aren't any zones, this pop-up menu is inactive). You can configure AppleTalk zones using the Configure pop-up menu (select Manually if you want to manually configure the network or Automatically to have your Mac configure it automatically).
Click Apply Now.
Review the services you have configured on the Sharing pane (see Figure 26.4).
Close the System Preferences application.
If you have a firewall installed on the machine you are configuring as a server, you must configure that firewall to allow the type of access needed for others to access it from the network. For example, to enable the machine to provide file sharing services, you must configure the firewall to allow machines from the network to connect to the file server. With some firewalls, you can allow access to specific services, such as AFP, only from specific IP addresses. All other requests for services will be denied.
If you use the Mac OS X built-in firewall that you can enable on the Firewall tab, the services you enable on the Services tab are allowed automatically. You can use the Firewall tab of the Sharing pane to manually configure the services that are allowed if you need to.
If you use another type of firewall or configure the built-in firewall using another method (such as the Unix commands), you must enable access to the services you are providing through that firewall.
Similarly, if some machines on your network are connected through a Graphite AirPort base station, you won't be able to access those machines from machines connected outside the AirPort network, such as via Ethernet. Because an AirPort base station provides NAT protection of the machines it connects, machines outside the AirPort network can't see any of the machines on the AirPort network unless the base station allows bridging between the wired and wireless networks. By default, you have to manually configure a Graphite base station to allow bridging.
On newer base stations, bridging is automatically provided when you connect the station's Ethernet port to the wired network.
Always be aware of the security settings of the networks you are configuring and using. Sometimes, you can waste a lot of time troubleshooting a network problem that is actually a case of things working just as planned (such as when you try to figure out why no one can connect to a machine protected by a firewall that isn't configured to allow those services to be accessed on the machine).
There are two basic ways you can access a server. One is to browse the network for available servers. The other is to move to the services on a machine directly using the URL for the specific service you want to access.
In either case, when you connect to a server, you must log in to that server to access its resources. You can log in under a user account that is valid for that server, or you can log in as a guest. When you log in under a valid user account, you have access to all the items on that machine just as if you were logged in to the machine directly (rather than over a network). If you are logged in as a guest, you can access only the items on the machine that allow public access, such as each user's Public folder.
To access a server by browsing, it must support Rendezvous or AppleTalk. If not, you have to access it by entering its URL via the Connect to Server command.
To access shared files stored on a Mac OS X file server from a Mac OS X machine by browsing the network, do the following steps:
Open a Finder window and select the Network directory on the Places sidebar. The Network directory appears (see Figure 26.5). This directory contains an icon for each machine that is providing services to the network along with the Servers icon.
The icon labeled Servers actually points to the current machine. If you open it, you see the computer on which you are working. If you open that, you jump to the Computer folder.
Server icons you access over a network have the globe icon that is similar to the icon for the Network directory. A server's icon also indicates its status. When the icon is in color, you are currently connected to that server and its resources are available to you. When the icon is shaded, you are not connected to the server.
Double-click the server you want to access. The Connect To Server dialog box appears (see Figure 26.6).
Enter the username and password for the account under which you want to log in and click either Connect or Guest. The server's resources that you can access appear in the Finder window (see Figure 26.7). The resources that appear depend on the user account under which you are logged in. If you logged in as a guest, you can access only public resources.
Open the resource you want to use and access its files. For example, you can open files, drag them to your Mac to copy them, and so on.
For more precise access to services on a Rendezvous machine or to access services on a machine that doesn't support Rendezvous, you can use a server's address to access it manually. To do so, perform the following steps:
From the Finder, select Go, Connect to Server (-K). The Connect to Server dialog box appears (see Figure 26.8).
If you click the Browse button, you move to a Finder window showing the Network directory; this does the same thing as selecting Network on the Places sidebar.
Type the server address you want to access in the Server Address box. The address you use depends on how you want to access the server. For example, to open all of a server's resources, type its hostname, which is hostname.local, where hostname is the hostname of the machine you are accessing. To access file-sharing services, use the URL for File Sharing services, which will be something such as afp://10.0.1.4/. You obtain the URL for the specific service you want to access on the Sharing pane of the System Preferences application on the server you are accessing.
Click Connect to see the "Connect to server" dialog box (see Figure 26.9).
Enter the username and password for the account under which you want to log in and click either Connect or Guest. The server's volumes that you can access appear in the Select Volume dialog box (see Figure 26.10). The resources that appear depend on the user account under which you are logged in. If you logged in as a guest, you can access only public resources.
Select the volume you want to mount?hold down the Shift or key to select multiple volumes?and click OK. A Finder window opens and the volumes you chose to access are shown in the Places sidebar (see Figure 26.11). If you have set mounted servers to appear on the desktop using the Finder preference, they appear on your desktop as well.
Access the network volumes just like those physically connected to your Mac.
If your preferences are set such that mounted volumes appear on your desktop, you will see the shared volumes there as well.
Following are some additional tips about using a Mac OS X machine to access file-sharing services via the Connect to Server command:
When you sign on to a Mac OS X file-sharing machine as a registered user, meaning you have a username and password, the Options button in the Connect To Server dialog box is enabled. If you click this button, you can set some preferences related to accessing the file-sharing services on this machine. You can add the password for the file server to your keychain, allow a clear-text password (on by default), receive a warning when sending a password in clear text (also on by default), or allow secure connections using the SSH protocol. When you change these settings, you must click Save Preferences to save them. You can also change the password for the account under which you are logging in (if the account allows this) by clicking the Change Password button.
When you are logged in to a file-sharing machine, you can quickly choose other volumes to mount by opening the Connect To Server dialog box (press -K), selecting the file server on which you are logged in, and pressing Return. You jump to the Select Volume dialog box (because you are already logged in), and you can select another volume to mount on your machine.
The address to which you most recently connected is remembered in the Server Address box so you can reconnect to it.
To log back in to the same file-sharing machine under a different user account, such as an administrator account, you must log off that machine and repeat the initial login process. You do this by ejecting all the mounted volumes provided by that server.
At the upper-right corner of the Connect To Server dialog box is a pop-up menu (the Clock icon) that shows a list of the most recent servers you have accessed. You can select a server from this list to return to it, or you can clear the list by selecting Clear Recent Servers.
In the lower part of the dialog box is the Favorite Servers list. You can add a server to your favorites list by entering its URL and clicking the Add to Favorites button (+). You can return to any favorite server by selecting it on the list and clicking Connect.
You can place an alias to a networked volume on your Mac, such as by adding it to the Places sidebar. When you open such an alias, you are prompted to log in to the server and, upon doing so, you can access that volume. If you add the password to your keychain, you can skip the login process.
If you are unable to access the file server, see "I Can't See the File Server Using the Connect to Server Command" in the "Troubleshooting" section at the end of this chapter.
To log in to the same network server under a different user account, you must log out of that server and then reconnect to it. If you accessed a network resource by browsing, log off by selecting the server and selecting File, Eject. To log off a server from which you have mounted multiple volumes, you must eject each volume you have mounted on your Mac.
You can add a network server to the Startup Items tab of the Accounts pane of the System Preferences application to mount that server each time you log in.
You can use file sharing with Mac OS 9 computers just as you can with Mac OS X machines.
The access you have to a Mac OS 9 machine from a Mac OS X machine is determined by the file-sharing settings of the Mac OS 9 machine.
Explaining setting up file sharing on a Mac OS 9 machine is beyond the scope of this chapter. For help, see my book The Mac OS 9 Guide.
When you enable access to a Mac OS X file-sharing machine from a Mac OS 9 machine, the user of the Mac OS 9 machine has the same options as someone who signs on to the file-sharing computer using a Mac OS X machine. For example, if he signs on under a guest account, he can mount any of the Public folders on the file-serving machine. If he logs in under a valid user account, he can use any volumes that user has permission to access on that machine.
If you have trouble using file sharing from a Mac OS 9 machine, see "My Mac OS 9 Machine Can't Share Files" in the "Troubleshooting" section at the end of this chapter.
Remember that Macs running older versions of the Mac OS must be configured to allow file sharing via TCP/IP; otherwise, you must turn on AppleTalk for the Mac OS X file server.
Among its other network services, Mac OS X also includes a built-in File Transfer Protocol (FTP) server. Using an FTP server can be an even more convenient way to enable others to access files stored on a particular machine. Other people can use a standard Web browser or FTP application to download files via the FTP services you enable on a machine.
Granting FTP access to a machine has security implications that are beyond what I have room to cover in this chapter. If you intend to use the FTP services on a machine that has sensitive data on it, you should investigate the implications of running FTP services on a Mac under Mac OS X that has data on it you need to protect.
You can sometimes move outside the particular Home directory for the account under which you log in to the FTP site, so be very careful about granting FTP access to a machine unless you are very sure about the person who will be using it.
Configuring FTP services under Mac OS X is similar to providing file-sharing services:
Open the Services tab on the Sharing pane of the System Preferences application.
Select the FTP Access service.
Click Start. FTP services start up, showing the FTP address for the machine at the bottom of the pane.
Quit the System Preferences application.
If you use the Mac OS X built-in firewall on the machine on which you are enabling FTP services, you must do a bit more configuration to allow FTP access across the firewall:
Open the Network pane of the System Preferences application.
Select the port through which the FTP machine is connected to the network on the Show pop-up menu.
Click the Proxies tab.
Check the "Use Passive FTP mode (PASV)" check box.
To access the FTP server, use a Web browser or an FTP client and use the URL ftp://ip_address/, where ip_address is the IP address of the machine providing FTP services (remember that the FTP URL for the machine is shown at the bottom of the Services tab when you select the FTP Access service). You are prompted to enter the username and password; enter the short name and the password for the user account whose Home directory you want to access. A Finder window appears, as does that user's Home folder. You can use it just as other FTP sites you have used (see Figure 26.12). You can browse the various directories shown and download any files you want. If you attempt to access a directory to which you don't have the required access privileges, your request is denied.
If you use a non-administrator account to log in to the FTP server, you have access to the entire Home directory for that user account. If you log in under an administrator account, you have wider access to files on the machine.
If you can't access the FTP site on a machine, see "I Can't See the FTP Site" in the "Troubleshooting" section at the end of this chapter.
If you are initially able to enter the FTP site, but then it stops working, see "FTP Access Was Working but Now It Isn't" in the "Troubleshooting" section at the end of this chapter.