Configuring the Services on a NetworkAs you learned in Table 26.1, Mac OS X supports a large number of network services. To access these services, you must configure each machine that will be using them. This involves configuring the particular machine that will be providing those services (the server) and then enabling access to those services on various machines on the network that will be accessing those services (the clients). Explaining how to configure each of the possible services is beyond the scope of this book. However, learning about some examples of services you are likely to use will enable you to configure the others. Some services you'll want to take advantage of on most networks are the following:
To learn how to share files with Windows computers, p. 853.
To learn how to share the printers attached to a Mac OS X machine, p. 768.
To learn how to host Web sites from a Mac OS X machine, p. 446. Configuring and Using File SharingThe Mac OS has long provided peer-to-peer file-sharing capabilities to enable Macintosh computers on a network to share files. Support for such file sharing continues under Mac OS X, but be aware that the improved security features of Mac OS X make configuring and accessing files on a specific machine a bit more complicated than it was on previous versions of the Mac OS. Under Mac OS X, file sharing is improved because, in addition to Mac OS X machines, you can also share files with Macs running OS 9 and earlier, Windows file servers, and Unix file servers. For other Macs, you can use AppleTalk for file sharing or use TCP/IP. For Windows and Unix, you can use SMB and CIFS services. When connecting to other Macs for file sharing, the machines communicate through either TCP/IP or AppleTalk. To log in to a Mac OS X file-sharing machine serving files via TCP/IP, that machine must have an IP address. Typically, this IP address is assigned as part of connecting that machine to the Internet, such as by a DHCP server. Mac OS X includes support for Rendezvous, which enables devices to seek out other Rendezvous-compatible devices on a network and configure automatically access to those devices. All Macs that have Mac OS X version 10.2 or later are Rendezvous aware and can therefore take advantage of this technology to easily and quickly connect to other Macs. However, other devices, such as printers, can also support Rendezvous, so those devices can be configured automatically as well. AppleTalk is the Mac's original network protocol, and it continues to be supported in Mac OS X. When you are connecting to Macs running OS version 8.6 or earlier, you have to use AppleTalk as support for file sharing over TCP/IP, which was added in Mac OS 9.0. In the next chapter, you will learn how to share an Internet account using a DHCP server. Such a server assigns IP addresses to the machines connected to it. The D stands for dynamic, meaning these addresses can change. This can make locating a specific machine by its IP address tough. Fortunately, with most DHCP servers, you can choose to manually assign IP addresses to the devices attached to it. When you do this, machines have the same IP address even though they are using a DHCP server to obtain that address. With Rendezvous, you don't need to worry about the IP addresses of individual machines because your Mac seeks out the devices that are communicating on a network and automatically configures access to those devices. NOTE If other devices on your network, such as printers, have dynamic IP addresses assigned to them and you use the IP address to configure that device, you can lose the connection to those devices when the DHCP server assigns a new address to them. (This typically happens if the hub loses power for some reason or the device is removed from the network for a while.) In such cases, you need to reconfigure any computers that access the device with the new address assigned by the DHCP server. For such devices, consider assigning a static address that remains constant for that device. To identify the current IP address of a Mac OS X machine, open the Sharing pane of the System Preferences application. Select and activate the service in which you are interested; the current address is shown at the bottom of the pane (see Figure 26.2). Figure 26.2. When you select an active service, such as Personal File Sharing, the URL to connect to that service is shown at the bottom of the Sharing pane.You can also use the machine's name to identify it from other machines that support Rendezvous. The machine name is shown in the Computer Name field at the top of the pane and also at the bottom of the pane as part of the address information (in Figure 26.2, you can see that the Mac's name is Test Mac). TIP To identify the current IP address of a Mac OS 9 machine, open the File Sharing control panel. Configuring File SharingTo share files from a Mac OS X machine, you must enable the Personal File Sharing service on that machine. This includes turning on the service, turning on AppleTalk (if you will be sharing files with Mac OS 9 machines), naming the machine, and so on. TIP If your purpose in file sharing is one-way for example, enabling others to download files from a specific machine but not to upload files consider using FTP services on a machine rather than file sharing. You will learn how to provide FTP services in a later section of this chapter. You can also use Web sharing to enable people to download files from a Mac OS X machine.
The following steps assume that the Mac has access to the network (via Ethernet or AirPort) and that the default privileges are in place on the file-sharing machine. You can change the default privileges for items to share to make them more available. You learn how to do that in a later section. To provide file sharing services from a Mac running Mac OS X, do the following steps:
Using Firewalls and Network ServicesIf you have a firewall installed on the machine you are configuring as a server, you must configure that firewall to allow the type of access needed for others to access it from the network. For example, to enable the machine to provide file sharing services, you must configure the firewall to allow machines from the network to connect to the file server. With some firewalls, you can allow access to specific services, such as AFP, only from specific IP addresses. All other requests for services will be denied. If you use the Mac OS X built-in firewall that you can enable on the Firewall tab, the services you enable on the Services tab are allowed automatically. You can use the Firewall tab of the Sharing pane to manually configure the services that are allowed if you need to. If you use another type of firewall or configure the built-in firewall using another method (such as the Unix commands), you must enable access to the services you are providing through that firewall. Similarly, if some machines on your network are connected through a Graphite AirPort base station, you won't be able to access those machines from machines connected outside the AirPort network, such as via Ethernet. Because an AirPort base station provides NAT protection of the machines it connects, machines outside the AirPort network can't see any of the machines on the AirPort network unless the base station allows bridging between the wired and wireless networks. By default, you have to manually configure a Graphite base station to allow bridging. On newer base stations, bridging is automatically provided when you connect the station's Ethernet port to the wired network. Always be aware of the security settings of the networks you are configuring and using. Sometimes, you can waste a lot of time troubleshooting a network problem that is actually a case of things working just as planned (such as when you try to figure out why no one can connect to a machine protected by a firewall that isn't configured to allow those services to be accessed on the machine). Accessing Shared Files from a Mac OS X ComputerThere are two basic ways you can access a server. One is to browse the network for available servers. The other is to move to the services on a machine directly using the URL for the specific service you want to access. In either case, when you connect to a server, you must log in to that server to access its resources. You can log in under a user account that is valid for that server, or you can log in as a guest. When you log in under a valid user account, you have access to all the items on that machine just as if you were logged in to the machine directly (rather than over a network). If you are logged in as a guest, you can access only the items on the machine that allow public access, such as each user's Public folder. NOTE To access a server by browsing, it must support Rendezvous or AppleTalk. If not, you have to access it by entering its URL via the Connect to Server command. To access shared files stored on a Mac OS X file server from a Mac OS X machine by browsing the network, do the following steps:
For more precise access to services on a Rendezvous machine or to access services on a machine that doesn't support Rendezvous, you can use a server's address to access it manually. To do so, perform the following steps:
If your preferences are set such that mounted volumes appear on your desktop, you will see the shared volumes there as well. Following are some additional tips about using a Mac OS X machine to access file-sharing services via the Connect to Server command:
To log in to the same network server under a different user account, you must log out of that server and then reconnect to it. If you accessed a network resource by browsing, log off by selecting the server and selecting File, Eject. To log off a server from which you have mounted multiple volumes, you must eject each volume you have mounted on your Mac. TIP You can add a network server to the Startup Items tab of the Accounts pane of the System Preferences application to mount that server each time you log in. Using File Sharing with Mac OS 9 ComputersYou can use file sharing with Mac OS 9 computers just as you can with Mac OS X machines. The access you have to a Mac OS 9 machine from a Mac OS X machine is determined by the file-sharing settings of the Mac OS 9 machine. NOTE Explaining setting up file sharing on a Mac OS 9 machine is beyond the scope of this chapter. For help, see my book The Mac OS 9 Guide. When you enable access to a Mac OS X file-sharing machine from a Mac OS 9 machine, the user of the Mac OS 9 machine has the same options as someone who signs on to the file-sharing computer using a Mac OS X machine. For example, if he signs on under a guest account, he can mount any of the Public folders on the file-serving machine. If he logs in under a valid user account, he can use any volumes that user has permission to access on that machine.
NOTE Remember that Macs running older versions of the Mac OS must be configured to allow file sharing via TCP/IP; otherwise, you must turn on AppleTalk for the Mac OS X file server. Configuring and Using FTP ServicesAmong its other network services, Mac OS X also includes a built-in File Transfer Protocol (FTP) server. Using an FTP server can be an even more convenient way to enable others to access files stored on a particular machine. Other people can use a standard Web browser or FTP application to download files via the FTP services you enable on a machine. CAUTION Granting FTP access to a machine has security implications that are beyond what I have room to cover in this chapter. If you intend to use the FTP services on a machine that has sensitive data on it, you should investigate the implications of running FTP services on a Mac under Mac OS X that has data on it you need to protect. You can sometimes move outside the particular Home directory for the account under which you log in to the FTP site, so be very careful about granting FTP access to a machine unless you are very sure about the person who will be using it. Configuring FTP services under Mac OS X is similar to providing file-sharing services:
If you use the Mac OS X built-in firewall on the machine on which you are enabling FTP services, you must do a bit more configuration to allow FTP access across the firewall:
To access the FTP server, use a Web browser or an FTP client and use the URL ftp://ip_address/, where ip_address is the IP address of the machine providing FTP services (remember that the FTP URL for the machine is shown at the bottom of the Services tab when you select the FTP Access service). You are prompted to enter the username and password; enter the short name and the password for the user account whose Home directory you want to access. A Finder window appears, as does that user's Home folder. You can use it just as other FTP sites you have used (see Figure 26.12). You can browse the various directories shown and download any files you want. If you attempt to access a directory to which you don't have the required access privileges, your request is denied. Figure 26.12. The volume called 10.0.1.4 is an FTP server being accessed over a network.If you use a non-administrator account to log in to the FTP server, you have access to the entire Home directory for that user account. If you log in under an administrator account, you have wider access to files on the machine.
|