|
SMB browsing
Can one of the nice Samba experts remind a poor old Mac-Win admin about where (and how) one sets the workgroup/NT domain name for NetBIOS LAN browsing (in 10.2)? I don't happen to use "Workgroup" (the default) and it seems to be messing things up for me.
Thanks! |
In the apps folder there is a utilities folder, in there is Directory Setup... That app has a place for workgroup names...
|
Thanks! That did it. Sure beats editing config files. :)
|
Yup, found that. The CIFS network icon can successfully sniff out all the servers in our workgroup/domain. But I cannot figure out how to supply the user-name and password. Pre 10.2 I was using Sharity, but it doesn't seem to work in Jag. It's also no longer appropriate as I need to connect to more than one network device (ie a server and a printer), and the single user license doesn't allow you to connect to multiple servers.
I know there is some sort of smb://.... syntax, but I was hoping to avoid typing passwords in with clear text. Any gurus out there? cheers RET |
I reported in the "DAVE still needed in 10.2?" thread that in 10.2x the only machines I can browse in our Windows domain are ones on the same subnet as my Mac. Someone else reported the same problem.
Setting the domain and WINS server in Directory Access actually made it worse. It did let me see outside my local subnet, but the only machine visible was the WINS server itself. I can get to any of our Windows file servers by entering the UNC, but I can't browse outside my own subnet. Any ideas? |
I dont believe that Appletalk or SMB can "graphically" be browsed across subnets without significant routing or software (as in the OS or drivers) tricks.
Windows itself, i am sure, could do it, but thats due to MS making it possible. |
Quote:
Windows browsing doesn't work the same way. When a Windows workgroup or domain exists on a single network subnet, each machine can browse the others via the NetBUI protocol. However when the Windows domain spans several subnets connected by routers or Layer 3 switches, if NetBUI is used each machine can browse only those machines on the same subnet. Machines on other subnets will not be browsable, but will be reachable via their UNCs. By default this is also true of an OS X 10.2 machine trying to browse a Windows domain. In the "Connect to..." browser it can see Windows servers and other PCs with sharing enabled on the same subnet as the Mac, but it can't see those that are on different subnets. It can connect to them by entering "smb://path/to/sharepoint", but it can browse for them. A large Windows domain spanning multiple subnets usually has one or more WINS servers somewhere in the domain. Each PC in the domain is configured to know the IP address of the WINS server(s), and queries the WINS server(s) to discover all the other PCs in the domain. WINS makes it possible for the PC to browse accross multiple subnets, which NetBUI can't do. In order to tell your 10.2 Mac where to find the WINS server, you have to enter its IP address in the SMB configuration in the Directory Access utility. Unfortunately that doesn't have the expected effect. You still can't browse your entire Windows domain. Instead it seems to disable browsing completely, and all you can see in the browser is the WINS server itself. That's definitely a step in the wrong direction. Without a specified WINS server at least you can see Windows servers and other shared-out PCs on your own subnet. I've been fooling around with /etc/smb.conf to see if I can solve the problem via manual configuration, but no luck so far. On the positive side, it did finally make it possible for all PCs in our Windows domain to see my Mac in their Network Neighborhood or My Network Places or whatever Microsoft calls it this week. If Apple really want to make OS X machines full partners on Windows networks, they need to fix this browsing problem. They need to put together a good single GUI for configuring SMB. It's not realistic to expect the average Mac user to do it via manual editing of /etc/smb.conf. |
Thanks to MacWindows for pointing this out:
Mac OS X 10.2 Tech Note - "SMB browsing is only supported on the local subnet. . " I think that's because they don't use NetBIOS. But DAVE 4.0 should handle this, yes? |
NetBEUI, not NetBIOS. NetBEUI is a simple protocol that Windows machines use to communicate with one another over a network. It is not routable, so it works only within a single subnet. If there is a router between PC "A" and PC "B", they can't communicate via NetBEUI.
In order to communicate across a router, PC "A" and PC "B" must have TCP/IP configured. In order for PC "A" to see PC "B" in its Network Neighborhood, there must be a WINS server somewhere on the network and the PCs must be configured to use WINS name resolution. It's obvious that Mac OS X 10.2 can use NetBEUI, because a 10.2 Mac can see PCs on the same subnet. The Directory Access utility has a place to enter a WINS server, but apparently WINS resolution is broken in 10.2. This seems to be confirmed by the technote you mentioned. That's a big disappointment. I'm on a WAN with PCs on close to 30 subnets. I can't browse for any of our file servers, all of which are on a different subnet. All I can see are a few uninteresting PCs on my own subnet. Oh well, it's easy enough to connect to the file servers by entering smb://name.of.server/sharename, then save that as a favorite (just as you had to do in 10.1). |
Not to be too nitpicky, because it doesn't help any, but NetBT, the transport protocol used by Windows these days, is NetBIOS over TCP/IP.
NetBEUI (or in Redmond's case, NBF) is a different transport protocol for network services programmed using the NetBIOS API. WINS uses NetBT for transport, and Apple's browser appears to be operating in B-node mode, which limits looking for service broadcasts within a single subnet, instead of H-node mode, which gets the list of all name from the local WINS server, and only looks for broadcasts if it can't resolve the name. Jag's NetBT H-node mode is busted. But it does appear to have NetBIOS support, so using a LMHOSTS file might work for resolving remote names, though. I only have a single net so I can't test this. Stuff like this explains why people lock up the liquor cabinets and remove sharp objects when the Network Engineers come by. :D |
Thanks for the correction, Craig. I deal primarily with Cisco routers, access servers, and general network infrastructure, leaving the Windows-specific stuff to our Windows specialists. My last formal Windows training was in NT 3.51, which tells you how long ago that was. I'm just a wee bit rusty!
Anyway, the bottom line as you pointed out is that Jaguar's implementation is broken. I'm one of the last remaining Mac users on a WAN populated by over a thousand PCs, so that's a major disappointment. |
Try experimenting with a LMHOSTS file. You may have to dig for documentation on where it needs to go, possibly "/etc/", or possibly "/System/Library/Filesystems/URLMount/smb.URLMounter/".
The format is: Code:
IP_ADDRESS NETBIOS_NAME #PRAGMACode:
198.168.1.10 FRED-10 #PREI bet the Samba site will have some info on this. |
Yes, I remember LMHOSTS very well from my NT 3 days. It's kind of like populating the /etc/hosts file on all your UNIX machines with the hostnames and IP addresses of everything on your network instead of running DNS servers. Bleagh! Very old fashioned.
Assuming the default location for a standard install, Samba expects to find the lmhosts file in the same directory as smb.conf, so it's probably /etc/lmhosts. But given Apple's tendency to play loose and free with conventional Unix directory structure and file locations, who knows. I'll experiment, but mainly out of curiosity. Using an lmhosts file provides no advantage over adding smb://fully.qualified.domain.name/sharename to your Connect To Server favorites. |
I'm almost too intimidated by all the technical know-how here, but I have a question...
Does Apple's implementation of Samba enable access to any area other than the user's Home folder? For instance, I'd like access to the root level of my startup disk, which would, in turn, give me access to the Volumes directory. I'm finding there's no easy way to figure out how to do this. In addition, I'm also finding that acess to a user's Home diretory is a mixed bag: some folders are browsable, but with others, access is denied. Does any of this have anything to do with what you folks are talking about (half of which went over my head)? Andy |
I haven't seen a way to get outside of the home directory yet. It's probably something that can be done in the samba.conf file.
This freeware claims to give a GUI front end to configuring the samba server. I haven't had a chance to play with it yet. Otherwise, this is a different issue than the one about SMB browsing. ;) Addendum: many people have had serious problems because of this samba configuration program. Use with extreme caution. |
OK, I just installed that samba freeware above, decided i didn't like it very much, so i tried to uninstall it. I deleted the prefs pane, and the two apps. THen, since it changed my smb.conf file, i went to /etc, and replaced it with the original. Next, I rebooted because the windows file sharing button in the System Prefs didn't work too well. RIght now, my computer boots into the console. I can't seem to figure out how to get OS X to start up. after the white screen with the grey apple, it goes straight to sh-2.05a#, and i've been trying to figure out how to fix it without reinstalling os x. This is mainly a warning for using that tool, but if anyone knows what i did wrong, or how i might be able to fix it, i'd really appreciate the help.
|
browsing root
I enabled smb sharing on my Mac, (changed my password to get it to work) and was able to connect to my Mac from a Win XP box. I logged in as a non-admin user and it mounted the home directory for that user. I then found that I could manually traverse up the directory tree into my Users directory by manually editing the path in the XP file browser window and then enter my main (Admin User folder)....Whoa, major security breach, anyone could read most of my files. I then edited the permissions on my home directory to 700 and that prevented other user accounts from viewing the files in my home directory. I'm still tinkering with this so see how sevure it is before I leave Windows File sharing on for guest users.
Does anyone else know of other security issues with Apples implementation of Samba? Y |
Ok, I figured out what happened to my computer. For some reason, moving the 3 components of that freeware to the trash also deletes the hostconfig file. Fortunately there was a backup there which i was able to restore through os 9/resedit. I've done it again to test, and the same thing happens.
On a side note, now the Apple Windows sharing button in the sharing preferences fails to work. ARRR. |
I took a look at the Samba Server Config tool and I plainly cannot get it to work any better than Apple's own implementation. I can't even figure out how to log into my Mac from XP. \\servername\user should work, but doesn't. This is so weird. I had it sort of working yesterday but now it won't even accept my password and user name. Browsing available shares from the Map Network Drive wizard reveals a workgroup named "workgroup" with the domain I set up for my G4, but that's as far as it goes. Clicking on that does nothing.
Man, I'm stumped. |
You need to do the following:
In the Jag 'Accounts' prefpane make sure the user you want to connect from Windows has the 'Allow user to log in from Windows' item checked. It will make you re-enter the password, which I assume means it changes the encryption scheme. Then, from the PC login as that user with that password. Now, when you browse the network from the PC you should see the Mac, with a share that is the home directory of the user you turned on in Jaguar. It is important the the Windows login match the short name of that user. --- PS - OK, you folks have put the fear in me about using the freeware samba config. program listed above. Time to learn how to edit samba.conf by hand, I think. |
Re: browsing root
Quote:
(UPDATE) It seems this backdoor only works to the /Users/ folder, and only occurs when you try it through a user's home folder. I have the public share set to /Users/Shared/SharedFiles/ and was unable to backtrace at all. |
Craig, I swear to God I did exactly what you outlined about a dozen times and it never worked. So then I followed your post step by step and it worked. Go figure. Thanks!
I haven't been able to take advantage of stepping up past the immediate user's directory yet, but I'm such a newbie at Windows networking I'm lucky I got it working at all. Andy |
Okay, I figured out how to access all the volumes on my G4 from Windows via Samba. You must edit the /etc/smb.conf file thusly:
(Note: I use Code:
sudo vi /etc/smb.confAt the bottom of the file simply type using the following syntax (use the brackets as illustrated): Code:
[Volume_Name]Code:
path = /\\servername\Volume_name I don't know if this is particularly secure, but for my closed network it's perfect. Andy |
Is it possible for my PC friends who are outside of my LAN and who live in various parts of the world , to access my drive through mapping it on their PC? I have a shared folder set up in 10.2 with the users configured for Windows access.
I have a SMC Barricade router on my LAN. What ports do I have to open in order for SMB to work? |
| All times are GMT -5. The time now is 09:07 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.