Serving SMB on OS X

Now that we've covered how to get our Mac to talk to a Windows machine, or any *nix machine running Samba or a similar program, let's talk about how to set our Mac up to allow other computers to access it through the SMB protocol. This next section goes into the installation and configuration of Samba on an OS X system. An important thing to note is that these instructions will break the SMB serving functionality of Mac OS X Server. I do not suggest you use this method unless you are sure you need to.

What is Samba?

Samba is an open source project that is continuing to develop a freely available implementation of the SMB and CIFS protocols. Since it's open source, volunteers and computer enthusiasts collaborate to develop the software. You can read more about the Samba project on their website, http://www.samba.org.

Getting Samba

To get the newest version of Samba, you can download the source from the Samba website. For a direct link to the latest source, try http://us2.samba.org/samba/ftp/samba-latest.tar.gz. I suggest creating a directory in your home folder called samba and then storing the source archive there. For the remainder of this article, I will assume you've done this. Once you have the file in the samba directory, open up Terminal (see instructions above) and execute the following commands to prepare Samba to be installed on your computer:

% cd samba
% tar zxvf samba-latest.tar.gz
% cd samba-2.2.1a

Note, the samba-2.2.1a directory is for the version I'm working with. When a newer version is released, the directory will have a similar name, use that. Now the source code has been decompressed and the next section will walk you through the installation process.

Installing Samba

In order to compile and install the Samba software, you will need to have installed the OS X Developer Tools. This is a free download in the Developer section on the Apple website, http://developer.apple.com/macosx. Once you have installed the tools, to continue, you must be in the above-mentioned directory and have used the su command to become the root user. Now, issue the commands below to configure Samba for the OS X architecture and to install the binary executables into their appropriate locations:

# cd source
# ./configure --with-syslog --prefix=/etc/samba \
  --bindir=/usr/bin --sbindir=/usr/sbin --libdir=/etc/samba --mandir=/usr/share/man
# make
# make install

This explanation may help you in the future. The configure program is intended to prepare the source files for compilation on your particular machine. It checks to see what compilers are available, what support libraries, and any other special requirements. The make command actually compiles the source files into binaries. The make install command moves the binaries into the correct directories, configures support libraries, and other functions unique to the program.

To configure Samba to load with OS X, you need to set it up with the System Startup process. To do that, first create a directory in the correct path:

# mkdir /Library/StartupItems
# mkdir /Library/StartupItems/Samba

Next you need to create two files. The first one, named Samba, will need to have its permissions changed to 0755 so that it will properly execute. You can use the chmod command for this. The second file, StartupParameters.plist, should work fine with the default 0644 permissions. Place both of these files in the /Library/StartupItems/Samba directory. Finally, edit /etc/hostconfig and add a line that says:

SMBSERVER=-YES-

Now when you start your computer, the two daemons necessary to run Samba will launch automatically. All that's left after that is to configure the files that Samba will serve, which is covered in the next section. Below are the two startup files:

/Library/StartupItems/Samba/Samba

#!/bin/sh
#
# *********************************************************************
# **                /Library/StartupItems/Samba/Samba                **
# *********************************************************************
# **                                                                 **
# **  This is the intialization script for Samba services on Mac OS  **
# **  X.  This script has been tested under OS X 10.0 and 10.1. The  **
# **  permissions of this file need to be set to 0755. This can be   **
# **  accomplished from the Terminal while in this directory by      **
# **  typing: chmod 0755 Samba  This will adjust the properties so   **
# **  that Samba can be executed.                                    **
# **                                                                 **
# **  To configure Samba to launch: as root, edit the file           **
# **    /etc/hostconfig  After the WEBSERVER entry, add this line:   **
# **    SMBSERVER=-YES-  You can easily change this entry to enable  **
# **  or disable Samba whenever you like.                            **
# **                                                                 **
# **                                                                 **
# *********************************************************************
#

# ---------------------------------------------------------------------
#  Include system wide configuration options
# ---------------------------------------------------------------------
. /etc/rc.common


# ---------------------------------------------------------------------
#  Start SMB services
# ---------------------------------------------------------------------
if [ "${SMBSERVER:=-NO-}" = "-YES-" ]; then

        ConsoleMessage "Starting SMB services"

        /usr/sbin/smbd -D
        /usr/sbin/nmbd -D

fi

/Library/StartupItems/Samba/StartupParameters.plist

{
        Description             = "smb file server";
        Provides                = ("Samba");
        Requires                = ("Resolver");
        OrderPreference         = "None";
        Messages                =
       {
                start   = "Starting Samba";
                stop    = "Stopping Samba";
       };
}

Configuring Samba

Samba's configuration is mostly handled through a file called smb.conf. In our build of Samba, one of the settings we specified was the location of this file, which is in /etc/samba. The next step in sharing SMB on your Mac is to edit this file to specify what to share. To start things off, I've posted my configuration below and will explain it to you:

#
# *********************************************************************
# **                       /etc/samba/smb.conf                       **
# *********************************************************************
# **                                                                 **
# **  Configuration file for Samba SMB server                        **
# **                                                                 **
# **                                                                 **
# *********************************************************************
#

# ---------------------------------------------------------------------
#  Global configuration options
# ---------------------------------------------------------------------
[global]
        # basic options
        netbios name            = MOG
        workgroup               = ARTOFTECH
        server string           = Samba %v

        # misc options
        hide dot files          = yes

        # logging options
        log level               = 2
        log file                = /var/log/samba-%m.log
        max log size            = 512
        debug timestamp         = yes
        syslog                  = 1


# --------------------------------------------------------------------
#  Home share configuration
# --------------------------------------------------------------------
[homes]
        comment                 = "Home directory for %u on %L"
        path                    = /Users/%u
        browseable              = no
        guest ok                = no
        read only               = no
        create mask             = 644
        directory mask          = 755


# --------------------------------------------------------------------
#  MP3 share configuration
# --------------------------------------------------------------------
[mp3]
        comment                 = "MP3s"
        path                    = /Users/Shared/MP3
        browseable              = yes
        guest ok                = no
        read only               = no
        create mask             = 644
        directory mask          = 755

To break this down a bit, I'll go through the different sections and just give an idea what each setting does. The [global] section is for settings that affect the whole server. The two most important ones here are the netbios name and the workgroup, since any machine trying to connect to your system will need to know these values. If you're setting up a machine in an existing network (usually the case), then you should have a good grasp on what these values need to be. Otherwise, a safe bet for your netbios name is the same as your hostname (or DNS name), and for a workgroup, it's really up to you. Call it MYHOUSE or anything you wish. Other settings in here are just little extras. hide dot files makes it so that any file that starts with a . in OS X (i.e. .cshrc) will appear much like a hidden file in the Windows Explorer. The logging options are all my personal preferences. I find having a little more comprehensive log is useful for debugging purposes.

Now we get to the actual guts of the smb.conf file: the shares. In this particular configuration, I have two shares set up: [homes] and [mp3]. However, one of them is a special share. I'll start with that one, the homes share isn't actually a "normal" share. What this share does is allow a user to access her home directory on OS X. What happens is when the users logs in, Samba takes her username and looks for it in /Users. That's what the %u represents, the username. So, if the directory is found (which it should be), Samba presents the directory as a share named after the username. So, if my username is jldera, and I try to mount my home directory, it will be presented as jldera on my desktop by the Finder. I turn off browseable so that Samba doesn't show a ghost share labeled homes on a Windows machine. The create mask sets the default UNIX permissions for any files I create, while the directory mask sets the permissions for directories. These permissions should work for most people, though if you're familiar with UNIX based permissions and want to set something more private, this is the place to do so.

The last share is a standard disk share. First off, I'm setting the specific path to the directory on my machine. I then set browseable to yes, I want this to appear in the Windows Network Neighborhood. Now, something I didn't touch on before is the guest ok value. If you set this to yes, anyone can access the share without needing a username or password. I suggest not allowing this, as it can become quite a security issue. There are ways to set the permissions of the account that a guest would use, but it is beyond the scope of this document, and covered in Using Samba. The only other property I didn't mention is the read only property, which should be pretty self-explanatory.

Accessing Samba

Now that we've gone through all of the trouble of downloading and installing Samba, let's put our efforts to work. This section will cover accessing your Mac's SMB services from the Windows and Linux platforms. Something important to note is that SMB can use two types of passwords: plaintext and encrypted. By default, Samba on both the Mac and Linux uses plaintext, and that is what I've used here. However, most versions of Windows use encrypted passwords. There are two approaches to solving this problem. One is to change Windows over to plaintext passwording, and that is the approach I will use here. I feel it is the easier route. The other method is to set Samba up to use encrypted passwords, which involves creating a special password file and some additional directives in /etc/samba/smb.conf. If you want to employ encrypted passwords, I will again point you to O'Reilly's Using Samba. What follows are instructions for the various operating systems:

Windows 95/98/Me

In the Windows registry, using regedit, create a DWORD value named EnablePlainTextPassword in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP. Give it a value of 1 (0x01).

Windows NT

Once again using regedit, create a DWORD value named EnablePlainTextPassword in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr\Parameters. Give it a value of 1 (0x01).

Windows 2000/XP

Use regedit to create a DWORD value EnablePlainTextPassword in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters. Give it a value of 1 (0x01).

Once you've made the necessary changes, reboot the Windows machine. You should now be able to browse your shares in the Network Neighborhood, or you can use the address field of Windows Explorer to go to \\NETBIOSNAME\SHARE

Linux

In Linux, you will need to have the appropriate Samba client software installed. Most distributions will include this. The command to use is smbmount. Here's an example:

# smbmount //MOG/JLDERA /mnt/smb/mog -o workgroup=ARTOFTECH,username=jldera

This command line is pretty self-explanatory. It mounts the jldera share on mog onto the /mnt/smb/mog directory. Once I've done this, I can access /mnt/smb/mog on the Linux machine like any other directory. Once I'm finished, I use the smbumount command to close the connection:

# smbumount /mnt/smb/mog