Apple Training Series: Mac OS X System Administration Reference, Volume 1

A Common Internet File System (CIFS) comprises an entire suite of protocols that provide the browsing and sharing interface on Windows.

File sharing on Windows computers is based on the SMB protocol. Like other UNIX-based operating systems, Mac OS X uses the Samba server software to provide SMB file services.

As shown in the figure below, the two programs responsible for Windows Sharing are smbd and nmbd, which reside in /usr/sbin. The nmbd program provides NetBIOS name service, so that other computers running Windows or the Samba suite can resolve your computer's name. The smbd program is the actual SMB server daemon. Both of these processes are run as children of launchd, the systemwide daemon manager. Configuration files in /System/Library/LaunchDaemons/ control the startup of the two daemons. The file /etc/smb.conf controls the behavior of smbd and nmbd. The enable property in com. apple.sharing.firewall.plist controls whether the Samba port in the firewall is open.

You use the Sharing pane of System Preferences to stop and start SMB file services. You use Directory Access to modify workgroup and wins server, which are two of the parameters in smb.conf. You must use a text editor to modify other parameters. The command testparm scans the smb.conf file and provides output that is useful for debugging.

Each of the two daemons has its own log file in /var/log/samba. You may also look in the other log files for mention of netbios_ssn and netbios_ns. As you know from Lesson 26, "Maintaining Local Volumes and Files," forked files may be problematic when using file-sharing protocols other than AFP.

Getting SMB Started

Starting Windows Sharing consists of several steps, as shown in the following figure:

1. You start Windows Sharing in the Sharing pane of System Preferences.

2. The enable property for Samba Sharing in /Library/Preferences/com.apple.sharing. firewall.plist changes from 0 to 1. This change opens a port in your computer's firewall for SMB connections.

3. The Disabled key is removed from both of the config files, /System/Library/LaunchDaemons/smbd.plist and nmbd.plist.

4. launchd is notified of the changes to /System/Library/LaunchDaemons/smbd.plist and nmbd.plist. Because these files have been changed so that SMB and NMB are no longer disabled, the launchd process listens for NMB and SMB connections.

5. After a request, launchd starts the nmbd process.

6. When a user connects to your computer using SMB, launchd starts smbd to manage the connection.

Note

You'll also notice an Enable Accounts button for Windows Sharing. By default, each user's account on your computer will not have the necessary password hash stored to allow that user to connect via Windows Sharing. You can use that button to enable an account for Windows sharing, which will require you to reenter the password so it can be hashed in the appropriate format.

When you stop Windows File Sharing in the Sharing preferences pane, the files change back to their original state and launchd rereads its configuration file. The smbd process stops when the last connected user disconnects. The nmbd process stops shortly after that. You can also start or stop Windows File Sharing from the command line.

Configuring SMB Parameters With Directory Access

You may be familiar with Directory Access, the application you use to configure directory services and service discovery protocols on your Mac OS X computer. If you disable SMB in directory services, you will not be able to browse for SMB services using the Finder.

The file /var/run/smbbrowsing.conf is similar to smb.conf. It is generated from smb.conf at system startup.

Directory Access also provides a configuration interface for /etc/smb.conf. If you select SMB and click Configure, you see a dialog for configuring two SMB parameters, Workgroup and WINS server, as shown in the following figure. When you use Directory Access to change those parameters, a subprocess changes the corresponding settings in /etc/smb.conf and /var/run/smbbrowsing.conf. The following figure shows the entries in the SMB plug-in within Directory Access and the corresponding entries in the smb.conf file.

The Workgroup parameter controls which Windows workgroup your computer belongs to. Windows workgroups are simply collections of computers configured to advertise themselves as belonging to a workgroup. By default, Mac OS X computers and most Windows client computers belong to a workgroup called WORKGROUP. The workgroup name is case-sensitive. If you do not use workgroups on your network, leave this field blank.

Workgroups affect the browsing interface. When users on other Mac OS X computers open /Network in the Finder, they will see your computer in a folder that has the same name as that of your computer's Workgroup. Windows users can see computers listed by workgroup by clicking My Network Places on the desktop.

The WINS server field contains the NetBIOS name server. On Windows networks, the WINS server coordinates and manages the mapping of NetBIOS names to Internet Protocol (IP) addresses. A WINS server is necessary if a Windows network includes more than one IP subnet. It is not necessary if the whole Windows network is on one subnet, because the computers can use User Datagram Protocol (UDP) broadcasts to find out which computer is using which name. On the other hand, using a WINS server will reduce traffic. If you use one, all Windows (and Samba) computers should point to it.

Configuring SMB Parameters by Editing smb.conf

Following are some smb.conf parameters that you may want to change:

• server string: The description before the computer name when you browse from a Windows XP computer. The default server string is Mac OS X, as shown in the following figure.

• max smbd processes: The number of users using SMB who can connect to your computer at the same time.

• create_mask: The creation mask that determines the default permissions on files.

• guest account: The account used for guest users. By default, it is set to unknown.

• hide dot files: When set to yes, files beginning with a period (dot) either are not displayed on a Windows client or appear dimmed, depending on the settings on the client.

• veto files: Specifies a list of files that the client will not see when listing a folder's contents.

The parameters in smb.conf and smbbrowsing.conf that correspond with Workgroup and WINS Server are workgroup and wins server. When Directory Access changes these parameters, it leaves the rest of smb.conf and smbbrowsing.conf untouched, so you can safely change other parameters with a text editor. You would normally use Directory Access to configure workgroup and wins server. If you must configure these parameters from the command line, restart the computer or the DirectoryService process so that Directory Access picks up the change.

Note

Always keep smbbrowsing.conf consistent with smb.conf. You can make the same changes to both files, or you can edit smb.conf and restart the computer.

More Info

See the man page for smb.conf for more information. Also see the Samba manual on your Mac OS X computer at file:///usr/share/swat/using_samba/toc.html.

Browsing on Mac OS X and Windows XP

The computer names you see in Connect to Server on Mac OS X might not be the same as the ones you see when you browse on Windows, as the example in the following figure illustrates.

Browsing on Mac OS X has a few unique characteristics:

• When you view a Windows XP computer, the name you see is the computer name configured by the Windows administrator.

• When you view a Mac OS X or Mac OS X Server computer, you see one of the following: the DNS name, if there is DNS service on the network, or the Bonjour name (without .local) if there is no DNS service.

You'll also find some traits specific to browsing on Windows XP:

• When you view either a Windows XP computer or a Mac, the name you see consists of an initial string followed by a second string in parentheses.

• In a Windows XP computer name, the initial string is the computer description string, and the string in parentheses is the computer name configured by the Windows administrator.

• In a Mac OS X computer name, the initial string is the server string parameter in smb.conf. It is Mac OS X by default. The second string is one of the following: the DNS name, if there is DNS service, or the Bonjour name (without .local) if there is no DNS service.