Configuring the Windows File-Sharing Service


Mac OS X Server includes the open-source software Samba to provide Windows services. Your Mac OS X Server can provide a variety of services to Windows clients, including the following:

  • File sharing via the Server Message Block (SMB) protocol

  • Print sharing, also via the SMB protocol

  • Local network browsing via the Network Basic Input/Output System (NetBIOS) protocol

  • Network browsing and name/address resolution via the Windows Internet Naming Service (WINS) protocol

  • Network authentication and security services, by acting as a Primary Domain Controller (PDC) or a Backup Domain Controller (BDC) to a Samba PDC

The possible roles of your Mac OS X Server, with regard to Windows services, are chosen by clicking the Settings tab, then the General tab in Server Admin (Figure 5.29). Initially, when you enable the Windows service, your Mac OS X Server acts as a stand-alone file server on the network. Windows and Mac OS X computers can discover your server on the local network via the NetBIOS protocol, and SMB handles the connectivity. The following task steps you through the process of enabling this basic configuration.

Figure 5.29. Choosing the various Windows server options from the Windows service in Server Admin.


For more advanced Windows network configurations, see the remaining tasks in this section. For more information about Windows print sharing, refer to Chapter 7, "Printing Services."

To set SMB access options

1.

Launch Server Admin and select the Windows service for your server in the Computers & Services list.

2.

Click the Settings tab and then the Access tab and do one or more of the following and click Save (Figure 5.30):

  • Click the "Allow Guest access" check box if you want to enable Windows guest connections.

  • Select the total number of simultaneous Windows connections. Mac OS X Server doesn't have any licensing restrictions on the number of simultaneous Windows connections.

  • Choose the various authentication mechanisms available for the Windows connections, which are NTLMv2 and Kerberos, NTLM (v1), and LAN Manager.

    Figure 5.30. Choosing the guest access option and various authentication methods with the Windows services.


3.

Click the Overview button at the bottom of the window (Figure 5.30).

4.

Verify that the Windows service is running, and if it isn't, click Start Service in the Toolbar to activate the Windows server.

Tips

  • To allow guest access, you must also enable guest access for each share point. See the "To configure Windows share-point settings" task later in this chapter for more information about enabling guest access for individual share points.

  • More information about Samba is available at www.samba.org/.


To connect Mac OS X via SMB

1.

In the Finder, click the Network icon to browse for your server. Mac OS X client can browse for SMB servers via the NetBIOS protocol.

or

To connect directly, select Finder > Go > Connect to Server or press Command-K and enter an SMB address.

2.

When the SMB share point pop-up menu defaults to guest connection options, select a share from the menu and click OK.

or

Click Authenticate to gain availability to more share points.

Either button will bring you to the SMB authentication dialog. Default settings dictate that the share point's icon will mount on the Finder's desktop.

To connect Windows clients via SMB

1.

In Windows Explorer, browse to your server as if it were another Windows computer.

You can also manually add your server using the Add Network Place Wizard.

2.

Authenticate using the authentication dialog as you would for any other Windows network connection.

All the share points appear in the Windows Browser.

About advanced SMB roles

Large SMB networks use an organizational unit known as a domain to segregate computers and services. You can restrict access to items inside each domain by enabling domain authentication. Mac OS X Server can join a domain, host a domain by becoming a Primary Domain Controller (PDC), or become a backup domain controller (BDC), all through using the Server Admin tool and managing the Windows service.

When you configure your server as a PDC or BDC, Windows clients can authenticate against your server for access to items inside the domain. Enabling your Mac OS X Server as a PDC or BDC also enables your Windows clients to change their passwords from their computers.

When hosting a PDC or BDC your server must also be hosting a shared (LDAP) database. Windows clients will use the same user accounts hosted in your shared database to log in to your domain. For more information about directory services and Open Directory, see Chapter 3.

By default, your server will act as a Standalone Server and create the workgroup you specify using the NetBIOS protocol. If your Windows domain is complete and does not require any other advanced configurations, enter the server's Description, Computer Name, and Workgroup values.

To enable Mac OS X Server as a domain member

1.

Launch Server Admin and select the Windows service for your server in the Computers & Services list.

2.

Click the Settings tab and then the General tab.

3.

Select Domain Member from the Role menu (Figure 5.31).

Figure 5.31. Selecting Domain Member from the Role menu.


4.

Enter the Description, Computer Name, and Domain for your server in the appropriate fields and click Save.

5.

Authenticate as a domain administrator for the Windows domain you'd like to be a member of.

To enable Mac OS X Server as a Primary Domain Controller

1.

Be sure you're an Open Directory Master (see Chapter 3) when you launch Server Admin.

2.

Select the Windows service for your server in the Computers & Services list and click the Settings tab and then the General tab.

3.

Select Primary Domain Controller from the Role pop-up menu (Figure 5.32).

Figure 5.32. Choose Primary Domain Controller from the Role menu.


4.

Enter the Description, Computer Name, and Domain for your server in the appropriate fields and click Save.

5.

When you change SMB server roles, you must authenticate as an LDAP domain administrator for the PDC server.

Tips

  • It's best if your server's computer name is the unqualified DNS hostname (xserver, instead of xserver.example.com).

  • Windows workgroup and domain names are typically capitalized and can't exceed 15 characters.

  • On a Mac OS X (and Mac OS X Server) computer, you can configure SMB network settings, including a specific workgroup or domain for the client, in the Directory Access application.

  • Always verify client connectivity after you make SMB server role changesespecially from Windows clients, because domain authentication is vital.


About advanced SMB features

Mac OS X Server provides a variety of advanced SMB features that your Windows users may need. These features include support for alternate languages, improved network browsing, and hosting Windows home folders.

You can also participate in the election of workgroup master and domain master browsers and enable Windows Internet Naming Service (WINS). WINS allows Windows browsing across subnets and facilitates more efficient browsing.

The other option is to enable virtual share points, which provides easier configuration for Windows home directories. If your server is a PDC, a user's home folder automatically mounts when they log in to your domain from a Windows computer. In addition, users have the same home folder for both Windows and Mac OS X.

To enable advanced SMB features

1.

Launch Server Admin and select the Windows service for your server in the Computers & Services list.

2.

Click the Settings tab and then the Advanced tab (Figure 5.33).

Figure 5.33. Checking these boxes allows your Mac OS X Server to become a workgroup master browser and/or domain master browser.


3.

To determine which language is used for Windows services, select a language option from the Code Page pull-down menu.

4.

Select one or both of the Workgroup Master Browser and Domain Master Browser check boxes to have your server take part in the master browser elections (see the "Master Browser" sidebar).

5.

Choose one of the following modes for WINS registration:

  • Off means that your server has nothing to do with WINS registration.

  • Enable WINS server means that your server is the WINS server with which other machines register.

  • Register with WINS server means that your server informs other WINS servers that you're providing Windows services. You must enter the IP address(es) of your WINS server(s). You can enter more than one server by separating the addresses with a comma and a single space.

6.

Choose whether to enable virtual share points and click Save.

Tips

  • If your server is acting as a PDC, the Workgroup Master Browser and Domain Master Browser options aren't available because a PDC must be the domain master browser for that particular domain.

  • On a Mac OS X (and Mac OS X Server) computer, you can configure SMB network settings in the Directory Access application, including the ability for a client to register with WINS servers.

  • You should test these settings thoroughly from both Windows and Mac OS X computers.


Master Browsers

Master browsers are used to facilitate more efficient network browsing when using the NetBIOS protocol. This is the way Windows computers collect and display information when services are shared from Windows computers to Windows computers on a local subnet (local network).

A domain master browser is elected by choosing, one of the master browsers on each local network. This will collect and offer the list of services offered by Windows computers that resided on all the master browsers.

Selecting the Workgroup Master Browser and Domain Master Browser options (see Figure 5.32) doesn't guarantee that your server will become the master browser and/or the domain master browser if other computers are involved in the election.


Using Windows share-point settings

When you create a share point on Mac OS X Server, it's automatically shared via SMB (as well as AFP and FTP), assuming the Windows service is running. Share points are also automatically configured for both registered user and guest access via SMB. You can configure such settings individually for each share point using the Workgroup Manager tool.

To configure Windows share-point settings

1.

Launch the Workgroup Manager tool located in /Applications/Server, authenticate as the administrator if necessary, and click the Sharing icon.

2.

In the sharing browser, click the All tab and do one of the following:

  • Configure an existing share point by clicking the Share Points tab, and then select the share point you wish to edit from the sharing browser.

  • Configure a new share point. See the "To configure new share points" task earlier in this chapter for detailed instructions.

3.

Click the Protocols tab and from the Protocols pull-down menu, select Windows File Settings (Figure 5.34).

Figure 5.34. Choose Windows File Settings to manage share point options over SMB.


4.

In the Protocols tab, click the appropriate check boxes to configure SMB sharing and guest access and enter a custom SMB share point name that differs from the original folder's name (Figure 5.35).

Figure 5.35. Choose a permissions model and guest options for the share point.


5.

In the "Default permissions for new files and folders" section, click one of the following radio buttons, and then click Save:

  • Inherit permissions from parent will allow new items created within this share point to have the same permissions as the share point itself. See the "Configuring File and Folder Permissions" section earlier in this chapter.

  • Assign as follows is the default behavior, similar to inherited permissions in that the owner and group assigned to each item are the same as those of the parent share point when copied or moved into the share point (however, the owner of a file is still the creator of that file). But you can configure specific access for the user, group, or everyone from the menus.

Tip

  • Keep in mind that the general Windows service settings may affect the settings you configure here. For instance, disabling guest access to the Windows service in Server Admin disables Windows guest access for every share point regardless of individual share settings. Remember to verify proper Windows service configuration in both Workgroup Manager and Server Admin.





Mac OS X Server 10. 4 Tiger. Visual QuickPro Guide
Mac OS X Server 10.4 Tiger: Visual QuickPro Guide
ISBN: 0321362446
EAN: 2147483647
Year: 2006
Pages: 139
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net