In a previous article, you learned how to connect to Windows-based Server Message Block (SMB) shares from Mac OS X. Here we turn the tables and discover how we can share file resources in Mac OS X Snow Leopard with Windows-based client computers.
If you are like me, then you are accustomed to the enterprise-class file sharing and access control that are afforded to us in Windows. This being said, you are likely to find the Mac OS X file sharing options to be rather limited.
Setting up a Mac for Windows Sharing
From your Mac OS X Snow Leopard desktop, open the Apple menu and select System Preferences.
Opening System Preferences
In the System Preferences panel, in the Internet & Wireless icon group, open the Sharing item.
Mac OS X Preferences pane
In the Sharing preference pane, enable File Sharing.
NOTE: In previous versions of Mac OS X, the relevant option was named Windows Sharing.
When you enable File Sharing, you simultaneously enable the Samba server service. Next, click Options (shown as “A” in the next screenshot).
Select the option Share files and folders using SMB (Windows), and then check any local Mac OS X accounts that you want to enable for sharing. What this option does is to allow you to populate your shared folders’ access control lists (ACLs), explained further on in this article.
Enabling SMB server on Mac OS X
Click the plus sign (+) beneath the Shared Folders list (marked “B” in Figure 3) and browse to your desired directory. When you’ve located that directory, select it and then click Add.
Browsing for a folder to share
You will now see the name of that selected folder in the Shared Folders list. Next, click the plus sign below the Users: field (marked “C” in Figure 3) and select the Mac OS X user account(s) that you want to add to the ACL.
The New Person button allows you to create a special type of Mac OS X user account known as a Sharing-Only account. You should protect these accounts with (of course) a strong password.
The main difference between Sharing Only accounts and standard Mac OS X user accounts is that Sharing Only accounts cannot be used to log on interactively to a Mac OS X computer. Therefore, using these identities is a good idea from a security standpoint.
Enabling sharing for Mac users
The specific access options for shared folders in Mac OS X is either quite straightforward or needlessly basic, depending upon your perspective. Your choices are: Read & Write, Read Only, and Write Only (Drop Box).
The default permissions for a given folder are inherited from the folder’s underlying UNIX directory permissions.
Share access control options
The following exhibit shows the completed configuration for our shared folder named script.
The script folder is now shared
One more thing before we switch over to Windows: to make the Mac’s discoverability by Windows-based clients as transparent as possible, we will want to set a NetBIOS workgroup name for the Mac.
To do this, re-open System Preferences and open the Network item. Select your Ethernet connection and then click Advanced.
Network preference pane
From the Ethernet configuration dialog, navigate to the WINS tab and set both a NetBIOS name as well as a workgroup name. For discoverability in Active Directory domains, just add the NetBIOS “short name” of the domain (for instance, 4Sysopslab.com would be 4SYSOPSLAB, as shown in the following figure).
Configuring the Mac for workgroup membership
Making a client connection from Windows
I trust that you are familiar with the myriad methods by which we can establish an SMB-based client connection to a file server:
- The Map Network Drive command in Windows Explorer
- Universal Naming Convention (UNC) path from the Run box
- The net use command
- Network Control Panel item
The following exhibit demonstrates the process of mapping a Windows drive letter to a Mac-based SMB share by using the archaic net use command.
Connecting to Mac OS X share from Windows
In observing the previous exhibit, the question probably arose in your mind, “What about authentication? What is going on here, exactly?” Well, the reason why I was able to run the above net use command without specifying Mac credentials is because I allowed access to the Everyone special identity. This identity works the same way in Mac OS X as it does in Windows—the same security precautions apply regarding its use, too.
If you want to make an authenticated connection to a Mac share by specifying credentials, then we should map a network drive using Windows Explorer.
Mapping a network drive in Windows
In the Map Network Drive dialog box, type the UNC path to the Mac share, and be sure to enable the Connect using different credentials option. Next, click Finish.
Configuring a mapped drive
You are now prompted for your “workgroup” credentials. Type in your desired Mac OS X account creds and then click OK.
Providing Mac OS X credentials
If all goes well, then the new mapped volume will appear in Windows Explorer:
Connection to Mac from Windows Explorer
At this point you might be thinking, “Wow, I’m disappointed. I thought that Mac OS X had more enterprise-level networking built into it.” Well, as it happens, it really does. In future installments of this series I will show you how we can link Open Directory, the Mac’s enterprise LDAP directory service, with Microsoft’s Active Directory Domain Services. At that point we really get closer to “big time” leveraging of Mac OS X in business.