2007-01-15, 03:56
This should enable you to share your mac folders over the local network and have it accessible via the (SMB) WOrkgroup option, just like the pc folders. No password prompt, and no coding login info into the xml. When network conditions change, anything hard-coded is broken. We can't have that ;-]
So this is from memory, but I'm pretty sure the important stuff is here. First off, you want to learn these two commands in terminal:
sudo pico /etc/smb.conf
'sudo' uses temporary root privilege to use a text editor (pico) to open the samba configuration file at /etc/smb.conf. After typing the command, you will probably be prompted for a password. You must be admin to perform these operations. Please save everyone some grief and refrain from comments on emacs/vi/you know what i'm saying. Pico can be worked by everyone.
sudo killall -hup xinetd
again, using temporary root privilege to terminate and restart the xinetd process. This forces a reloading of the smb.conf, so after you edit the configuration, restart the process and you dont have to reboot (i saw a guide suggesting a reboot was necessary, don't buy into the hype, friends).
So let's start. Go into applications/utilities/directory access and make sure smb is enabled. If you want to change your workgroup, click 'configure' and type it in.
next, go into system preferences, and in the 'internet and network' category choose 'sharing'. in the window that pops up, enable 'windows sharing'.
I created a new user called 'smblogin' which acts as the default for non-authenticated logins over samba. There may be other options (i didn't try 'unknown' as a user, which might have worked) but this is how i did it, and it worked, so use this as a base to maybe build a better solution on. Heh.
now, open the samba config file with sudo pico /etc/smb.conf
USING PICO: check the bottom for key combos, the ones you will want to know are ctrl+v to go down one page, ctrl+y to go up one page, and ctrl+x to exit. When you exit, it will ask you if you want to save the changes. Obviously, choose yes or no based on whether you want to save the changes.
Your smb.conf is laid out in this fashion:
[global]
variable = value
variable2 = another value
[homes]
userspecificvariable = %u
[share1]
variable1local = a local value
[share2]
variablelocal = local value
the global section contains variables which apply to the entire samba program, [homes] creates shares based dnamically on the user's login, so other users cant access them, and any other header in brackets signifies the name of a network share. [global] is the exception. If you want to make changes that apply to all connections, the variables are found in global.
I deleted [homes] entirely, as i wanted one account for anonymous read only access. I want easy access to all media streaming devices in the house.
So here's what I did to global:
these things were already there, i didnt mess with them:
encrypt passwords = yes
auth methods = guest opendirectory
passdb backend = opendirectorysam guest
printer admin = @admin, @staff
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = CP0
use spnego = no
client ntlmv2 auth = no
defer sharing violations = no
map to guest = Never
local master = yes
I added (or changed) these variables
guest account = smbguest #this tells it to use smbguest for logins where authentication isnt present
workgroup = METAL MAFIA #workgroup to show up in
netbios name = VIRUS # computer name
security = SHARE #handle permissions on a share level, not a user level. I'm not sure i even needed to do this, but this is how it looks now
hide dot files = yes #dot files are like litter all over the mac, i dont want to look at them.
server string =
(the above line is the comment displayed next to the computer, i left it blank, default i think is "Mac OS X", or perhaps a samba version)
so with those values all in global, i added only this one share:
[stuff]
public = yes
browseable = yes
read only = yes
available = yes
path = /shared
guest ok = yes
only guest = yes
force user = smbguest
[stuff] means it will show up in the network location as 'stuff', most of the other variables are pretty self-explanatory, and im quite certain some of them might even be redundant declarations over the global values, so this could probably be trimmed a bit.
with that done, i went to the folder i created, \shared, and did 'get info' on it. Expand the ownership tab of your shared folder and expand 'details'. make sure the 'others' group has 'read only' access, then click 'apply to enclosed items', which will cause everything in the folder to inherit permission from the parent.
Side note: I don't think this forces continuous updates of inherited permissions, which means the permissions would need to be propagated anytime new content was added. Does anyone know how to make every file in a folder ALWAYS share the same permissions as the parent? I'm really new to macs, so I'm still missing some basic knowledge.
Anyway, with those permissions extended to all the files, load up the xbox and try to get in via the (SMB) Workgroup option. Let me know how it works. I don't remember every step I took along the way, but I'll try to help troubleshoot if something isn't working.
So this is from memory, but I'm pretty sure the important stuff is here. First off, you want to learn these two commands in terminal:
sudo pico /etc/smb.conf
'sudo' uses temporary root privilege to use a text editor (pico) to open the samba configuration file at /etc/smb.conf. After typing the command, you will probably be prompted for a password. You must be admin to perform these operations. Please save everyone some grief and refrain from comments on emacs/vi/you know what i'm saying. Pico can be worked by everyone.
sudo killall -hup xinetd
again, using temporary root privilege to terminate and restart the xinetd process. This forces a reloading of the smb.conf, so after you edit the configuration, restart the process and you dont have to reboot (i saw a guide suggesting a reboot was necessary, don't buy into the hype, friends).
So let's start. Go into applications/utilities/directory access and make sure smb is enabled. If you want to change your workgroup, click 'configure' and type it in.
next, go into system preferences, and in the 'internet and network' category choose 'sharing'. in the window that pops up, enable 'windows sharing'.
I created a new user called 'smblogin' which acts as the default for non-authenticated logins over samba. There may be other options (i didn't try 'unknown' as a user, which might have worked) but this is how i did it, and it worked, so use this as a base to maybe build a better solution on. Heh.
now, open the samba config file with sudo pico /etc/smb.conf
USING PICO: check the bottom for key combos, the ones you will want to know are ctrl+v to go down one page, ctrl+y to go up one page, and ctrl+x to exit. When you exit, it will ask you if you want to save the changes. Obviously, choose yes or no based on whether you want to save the changes.
Your smb.conf is laid out in this fashion:
[global]
variable = value
variable2 = another value
[homes]
userspecificvariable = %u
[share1]
variable1local = a local value
[share2]
variablelocal = local value
the global section contains variables which apply to the entire samba program, [homes] creates shares based dnamically on the user's login, so other users cant access them, and any other header in brackets signifies the name of a network share. [global] is the exception. If you want to make changes that apply to all connections, the variables are found in global.
I deleted [homes] entirely, as i wanted one account for anonymous read only access. I want easy access to all media streaming devices in the house.
So here's what I did to global:
these things were already there, i didnt mess with them:
encrypt passwords = yes
auth methods = guest opendirectory
passdb backend = opendirectorysam guest
printer admin = @admin, @staff
unix charset = UTF-8-MAC
display charset = UTF-8-MAC
dos charset = CP0
use spnego = no
client ntlmv2 auth = no
defer sharing violations = no
map to guest = Never
local master = yes
I added (or changed) these variables
guest account = smbguest #this tells it to use smbguest for logins where authentication isnt present
workgroup = METAL MAFIA #workgroup to show up in
netbios name = VIRUS # computer name
security = SHARE #handle permissions on a share level, not a user level. I'm not sure i even needed to do this, but this is how it looks now
hide dot files = yes #dot files are like litter all over the mac, i dont want to look at them.
server string =
(the above line is the comment displayed next to the computer, i left it blank, default i think is "Mac OS X", or perhaps a samba version)
so with those values all in global, i added only this one share:
[stuff]
public = yes
browseable = yes
read only = yes
available = yes
path = /shared
guest ok = yes
only guest = yes
force user = smbguest
[stuff] means it will show up in the network location as 'stuff', most of the other variables are pretty self-explanatory, and im quite certain some of them might even be redundant declarations over the global values, so this could probably be trimmed a bit.
with that done, i went to the folder i created, \shared, and did 'get info' on it. Expand the ownership tab of your shared folder and expand 'details'. make sure the 'others' group has 'read only' access, then click 'apply to enclosed items', which will cause everything in the folder to inherit permission from the parent.
Side note: I don't think this forces continuous updates of inherited permissions, which means the permissions would need to be propagated anytime new content was added. Does anyone know how to make every file in a folder ALWAYS share the same permissions as the parent? I'm really new to macs, so I'm still missing some basic knowledge.
Anyway, with those permissions extended to all the files, load up the xbox and try to get in via the (SMB) Workgroup option. Let me know how it works. I don't remember every step I took along the way, but I'll try to help troubleshoot if something isn't working.