Windows won't serve to Mac
April 27, 2008 9:45 AM Subscribe
Problem: OSX to Windows direct-wired ethernet connection works, but the Mac can't see the shared PC drives.
The PC and the Mac are both normally on wifi but the Mac's Airport is turned off now. Both machines have manual addresses set on their ethernet NICs, with direct CAT5 cable between the two; PC = 10.0.0.1/255.255.255.0; Mac=10.0.0.2/255.255.255.0. (The cable isn't a crossover, because OSX now manages that.)
Ping works in both directions (i.e. from either machine to the other.)
I want to connect from the Mac to the PC's share D, so I do flower-K to connect to smb://10.0.0.1/D.
First time I tried the Mac's dialog showed "Connecting" then radio buttons for 'guest' or "name + password". Because the PC's guest account was off I tried the PC's name+pw but OSX rejected it (and other names+pws) and said "not allowed..." [NOT the exact words, and I can no longer get this dialog].
I enabled the PC's guest a/c and tried the guest radiobutton on the Mac's Connect to Server. No success. Now the Mac doesn't ask for name and pw at all, and there's no guest/ID+PW choice nor radiobutton. Every time I try to connect from Mac to smb://10.0.0.1/D (or other share on the PC) the response after trying to connect is "Connection Failed. You do not have permission to access this server."
Windows Local Security Settings policies are not assigned. Do I need to change any other security settings?
As mentioned Airport is disabled on the Mac, but it's active on the PC. Another Mac here can share the PC just fine over wireless; no problem logging in - pretty much any username+pw works, it's not picky.
I need a fast connection though, to get stuff onto the new goodness of Mac (fresh yesterday. Yum.)
Hw/software: Macbook 13"; 2.1 GHz core duo; 1GB; internal NIC; running MacOS X .5.2. Windows XP Pro sp2 on homebuilt PC (ASUS mobo, Athlon 1500+ @ 1.3 GHz) 512 MB; Intel PRO/100 NIC. (Both OSes have current updates.)
I want to connect from the Mac to the PC's share D, so I do flower-K to connect to smb://10.0.0.1/D.
First time I tried the Mac's dialog showed "Connecting" then radio buttons for 'guest' or "name + password". Because the PC's guest account was off I tried the PC's name+pw but OSX rejected it (and other names+pws) and said "not allowed..." [NOT the exact words, and I can no longer get this dialog].
I enabled the PC's guest a/c and tried the guest radiobutton on the Mac's Connect to Server. No success. Now the Mac doesn't ask for name and pw at all, and there's no guest/ID+PW choice nor radiobutton. Every time I try to connect from Mac to smb://10.0.0.1/D (or other share on the PC) the response after trying to connect is "Connection Failed. You do not have permission to access this server."
Windows Local Security Settings policies are not assigned. Do I need to change any other security settings?
As mentioned Airport is disabled on the Mac, but it's active on the PC. Another Mac here can share the PC just fine over wireless; no problem logging in - pretty much any username+pw works, it's not picky.
I need a fast connection though, to get stuff onto the new goodness of Mac (fresh yesterday. Yum.)
Hw/software: Macbook 13"; 2.1 GHz core duo; 1GB; internal NIC; running MacOS X .5.2. Windows XP Pro sp2 on homebuilt PC (ASUS mobo, Athlon 1500+ @ 1.3 GHz) 512 MB; Intel PRO/100 NIC. (Both OSes have current updates.)
C_D: You must not have checked lately. Macs haven't needed special ethernet crossover cables for at least 5 years, and since they don't use particularly exotic ethernet hardware, I'd expect PCs to be the same. It's more a function of the hardware than the OS.
In any case, if ping works, then the ethernet connection is OK. The problem is at a higher level.
posted by xil at 11:02 AM on April 27, 2008
In any case, if ping works, then the ethernet connection is OK. The problem is at a higher level.
posted by xil at 11:02 AM on April 27, 2008
Response by poster: Thanks. Umm ... found the SMB config settings on my Panther PB, but Leopard on the Macbook calls the app Directory Utility and it has a different interface that doesn't show SMB.
In Directory Utility the tabs now are:
Directory Servers = none configured
Mounts = none
Services = enabled: LDAP; disabled: Active Directory, BSD, NIS, Local
Search Policy = authentication: Automatic; Local/Default; BSD/local
-- sorry, don't know what any of these do nor where to check SMB
(re non-crossover cable -- can't find the reference now, but it's supposed to NOT required crossover on modern NICs. And since ping works then the problem isn't the ethernet transport but the sharing. Ah, preview: thanks xil)
posted by airplain at 11:11 AM on April 27, 2008
In Directory Utility the tabs now are:
Directory Servers = none configured
Mounts = none
Services = enabled: LDAP; disabled: Active Directory, BSD, NIS, Local
Search Policy = authentication: Automatic; Local/Default; BSD/local
-- sorry, don't know what any of these do nor where to check SMB
(re non-crossover cable -- can't find the reference now, but it's supposed to NOT required crossover on modern NICs. And since ping works then the problem isn't the ethernet transport but the sharing. Ah, preview: thanks xil)
posted by airplain at 11:11 AM on April 27, 2008
Best answer: Huh? Last time I checked, there is no way to just "hook up" two ends of a cat-5 cable to two computers and expect it to work without reversing the Tx signals, particularly not when the two systems in question are a Mac and a PC. No way, Jose'.
All macs with 1000BaseT ports have auto crossing MDI/MDIX. Have for years (actually, I thought most modern Dells were this way too). So this shouldn't be a problem.
Windows file sharing is a complicated beast. Here are a few things that could be wrong (I would try them in order):
1) Does the user have a password? By default, accounts with empty passwords are not allowed to connect over the network.
2) Are you trying to connect to the D: drive? In that case, the share is really D$.
3) If you're trying to use the default drive shares (C$, D$, etc) then you need to connect with an account that is in the Administrator group.
4) Is Windows Firewall turned on? Try turning it off for the moment.
5) Is the McAfee or Norton firewall on? Try turning these off for the moment.
6) Go to Start, Programs, Administrative Tools, Local Security Properties (you'll have to enable this by right clicking on Start, click Properties, Start Menu, select Classic Start Menu, click Customize..., and under Advanced Start menu options click "Display Administrative Tools").
Select Local Policies, User Rights Assignment:
a) "Access this computer from the network" should have a group in it that includes your user.
b) "Deny access to this computer from the network" must NOT have a group in it that includes your user.
7) Right click on My Computer, Manage, Services and Applications. Are the following services started: Computer Browser, Server, Workstation?
8) Share permissions are complicated beasts in Windows. Turn simple sharing off (it's somewhere in the folder preferences). There's two levels of permissions. First, there's the file permissions that you see by right clicking on a folder, then click "Properties", then "Security". These are the base permissions. Then there's also the share permissions, by clicking the "Sharing" tab, then "Permissions". These are overlayed on the base permissions, and can only make things more secure.
For example, suppose the base permissions give the Users group read/write access, but the sharing permissions give read only. The network user will get read only. Now suppose the base permissions give read only, but the sharing read/write. The network user will still get read only.
posted by sbutler at 11:22 AM on April 27, 2008 [1 favorite]
All macs with 1000BaseT ports have auto crossing MDI/MDIX. Have for years (actually, I thought most modern Dells were this way too). So this shouldn't be a problem.
Windows file sharing is a complicated beast. Here are a few things that could be wrong (I would try them in order):
1) Does the user have a password? By default, accounts with empty passwords are not allowed to connect over the network.
2) Are you trying to connect to the D: drive? In that case, the share is really D$.
3) If you're trying to use the default drive shares (C$, D$, etc) then you need to connect with an account that is in the Administrator group.
4) Is Windows Firewall turned on? Try turning it off for the moment.
5) Is the McAfee or Norton firewall on? Try turning these off for the moment.
6) Go to Start, Programs, Administrative Tools, Local Security Properties (you'll have to enable this by right clicking on Start, click Properties, Start Menu, select Classic Start Menu, click Customize..., and under Advanced Start menu options click "Display Administrative Tools").
Select Local Policies, User Rights Assignment:
a) "Access this computer from the network" should have a group in it that includes your user.
b) "Deny access to this computer from the network" must NOT have a group in it that includes your user.
7) Right click on My Computer, Manage, Services and Applications. Are the following services started: Computer Browser, Server, Workstation?
8) Share permissions are complicated beasts in Windows. Turn simple sharing off (it's somewhere in the folder preferences). There's two levels of permissions. First, there's the file permissions that you see by right clicking on a folder, then click "Properties", then "Security". These are the base permissions. Then there's also the share permissions, by clicking the "Sharing" tab, then "Permissions". These are overlayed on the base permissions, and can only make things more secure.
For example, suppose the base permissions give the Users group read/write access, but the sharing permissions give read only. The network user will get read only. Now suppose the base permissions give read only, but the sharing read/write. The network user will still get read only.
posted by sbutler at 11:22 AM on April 27, 2008 [1 favorite]
Response by poster: Have now set the workgroup on the Mac (via System Prefs / Network / WINS)
posted by airplain at 11:26 AM on April 27, 2008
posted by airplain at 11:26 AM on April 27, 2008
One other thing you might try, just to get some more information, is the command line SMB client. For example:
smbclient --user=airplain --workgroup=WHATEVAR --netbiosname=MAC --debuglevel=255 //10.0.0.1/D
Naturally, replace the options with the appropriate values.
posted by sbutler at 11:40 AM on April 27, 2008
smbclient --user=airplain --workgroup=WHATEVAR --netbiosname=MAC --debuglevel=255 //10.0.0.1/D
Naturally, replace the options with the appropriate values.
posted by sbutler at 11:40 AM on April 27, 2008
If you can't get the Mac to see the PC drive, try doing it the other way. Share your empty Mac drive and work on getting the PC to see it. Give the PC write permission. Then tell the PC to copy the files you want onto the Mac drive.
posted by Class Goat at 11:46 AM on April 27, 2008
posted by Class Goat at 11:46 AM on April 27, 2008
Response by poster: many thanks to sbutler !
for the detailed steps ... all followed but unfortunately no success. Connect to server still gets "Connecting to smb://10.0.0.1/D" then "Connection failed. You do not have permission to access this server" (no opportunity to enter a name + pw)
(The drive is explicitly shared to everyone as "D", and reached fine from the powerbook over wifi)
BUT smclient DOES connect ok from Terminal YAY! ... so how do I convert its command line into a GUI connection? (that is, at terminal's smb: prompt ls shows the PC's drive)
posted by airplain at 11:50 AM on April 27, 2008
for the detailed steps ... all followed but unfortunately no success. Connect to server still gets "Connecting to smb://10.0.0.1/D" then "Connection failed. You do not have permission to access this server" (no opportunity to enter a name + pw)
(The drive is explicitly shared to everyone as "D", and reached fine from the powerbook over wifi)
BUT smclient DOES connect ok from Terminal YAY! ... so how do I convert its command line into a GUI connection? (that is, at terminal's smb: prompt ls shows the PC's drive)
posted by airplain at 11:50 AM on April 27, 2008
Best answer: Hmmm... no clue. They should be using the same libraries and configuration, except Finder might add some parameters :(. Another long shot: do both computers have the same time, in the same timezone? If Finder is forcing Kerberos, then a time difference of more than 5 minutes would cause a failure.
One last thing I can think to try. From terminal:
mkdir ~/Desktop/foobar
mount -t smbfs //user:pass@10.0.0.1/D ~/Desktop/foobar
If that doesn't work, maybe it will at least tell you why.
posted by sbutler at 12:07 PM on April 27, 2008
One last thing I can think to try. From terminal:
mkdir ~/Desktop/foobar
mount -t smbfs //user:pass@10.0.0.1/D ~/Desktop/foobar
If that doesn't work, maybe it will at least tell you why.
posted by sbutler at 12:07 PM on April 27, 2008
Response by poster: the mount command comes back with
"mount_smbfs: mount error: /Users/me/Desktop/foobar: Broken pipe"
The PC username has no password, so I'd entered
mount -t smbfs //user@10.0 ....
given that the other mac can connect without pw i hoped this would be enough, but maybe the command is wrong that way?
posted by airplain at 12:14 PM on April 27, 2008
"mount_smbfs: mount error: /Users/me/Desktop/foobar: Broken pipe"
The PC username has no password, so I'd entered
mount -t smbfs //user@10.0 ....
given that the other mac can connect without pw i hoped this would be enough, but maybe the command is wrong that way?
posted by airplain at 12:14 PM on April 27, 2008
How about this:
mount -t smbfs //FOOBAR;user@10.0.0.1/D ~/Desktop/foobar
Where FOOBAR is the name of the Windows machine (not the workgroup name, the computer name).
posted by sbutler at 12:32 PM on April 27, 2008
mount -t smbfs //FOOBAR;user@10.0.0.1/D ~/Desktop/foobar
Where FOOBAR is the name of the Windows machine (not the workgroup name, the computer name).
posted by sbutler at 12:32 PM on April 27, 2008
Opps... make that:
mount -t smbfs //FOOBAR\;user@10.0.0.1/D ~/Desktop/foobar
Forgot you need to escape the semicolon.
posted by sbutler at 12:34 PM on April 27, 2008
mount -t smbfs //FOOBAR\;user@10.0.0.1/D ~/Desktop/foobar
Forgot you need to escape the semicolon.
posted by sbutler at 12:34 PM on April 27, 2008
Response by poster: sbutler all your help is very much appreciated!
mount -t smbfs //Rio\;user@10.0.0.1/D ~/Desktop/foobar
also gets "Broken pipe".
i guess there must be some setting on the PC i need to fix.
I'll create a new user on the pc with a password & try mount with that
posted by airplain at 12:49 PM on April 27, 2008
mount -t smbfs //Rio\;user@10.0.0.1/D ~/Desktop/foobar
also gets "Broken pipe".
i guess there must be some setting on the PC i need to fix.
I'll create a new user on the pc with a password & try mount with that
posted by airplain at 12:49 PM on April 27, 2008
You can also try using "Rio\user" instead of just "user".
I'm out of ideas. Googling around looks like other people who moved to Leopard are having the same problem with mount_smbfs... but not a lot of helpful suggestions.
posted by sbutler at 12:56 PM on April 27, 2008
I'm out of ideas. Googling around looks like other people who moved to Leopard are having the same problem with mount_smbfs... but not a lot of helpful suggestions.
posted by sbutler at 12:56 PM on April 27, 2008
Response by poster: YES! with a new user and password on the PC, mount has succeeded!
THANKS SO MUCH SBUTLER!
after mount -t smbfs //name:pw@10.0.0.1/E ~/Desktop/foobar Finder can browse the PC through the foobar folder
posted by airplain at 12:56 PM on April 27, 2008
THANKS SO MUCH SBUTLER!
after mount -t smbfs //name:pw@10.0.0.1/E ~/Desktop/foobar Finder can browse the PC through the foobar folder
posted by airplain at 12:56 PM on April 27, 2008
I think I first installed Samba on Slackware in 1998, and got it working with an NT Domain (this was before AD; or at least before AD became popular). You'd think that after 10 years of working with smb I'd know what I was doing.
But what I've got instead are 10 years worth of tips and tricks that amount to nothing more than superstition. Sometimes adding the domain/name before the user works. Sometimes not. I've got a Parallels XP VM that refuses to connect to a DFS share, but a crappy Dell across the room has no problems. But that Dell can't connect to any of the other workstations. As soon as you move a workstation outside an AD, abandon all hope of it working consistently.
Anyway, glad it finally worked for you!
posted by sbutler at 1:05 PM on April 27, 2008
But what I've got instead are 10 years worth of tips and tricks that amount to nothing more than superstition. Sometimes adding the domain/name before the user works. Sometimes not. I've got a Parallels XP VM that refuses to connect to a DFS share, but a crappy Dell across the room has no problems. But that Dell can't connect to any of the other workstations. As soon as you move a workstation outside an AD, abandon all hope of it working consistently.
Anyway, glad it finally worked for you!
posted by sbutler at 1:05 PM on April 27, 2008
I need a fast connection though, to get stuff onto the new goodness of Mac (fresh yesterday. Yum.)
Just for the record, I usually skip all of the Samba/disk mounting stuff and use WinSCP to ftp things back and forth to my Mac.
posted by tkolar at 6:47 PM on April 27, 2008
Just for the record, I usually skip all of the Samba/disk mounting stuff and use WinSCP to ftp things back and forth to my Mac.
posted by tkolar at 6:47 PM on April 27, 2008
All macs with 1000BaseT ports have auto crossing MDI/MDIX. Have for years (actually, I thought most modern Dells were this way too). So this shouldn't be a problem.
No way! Now I feel old. :)
posted by Civil_Disobedient at 9:22 PM on May 6, 2008
No way! Now I feel old. :)
posted by Civil_Disobedient at 9:22 PM on May 6, 2008
This thread is closed to new comments.
The cable isn't a crossover, because OSX now manages that.
Huh? Last time I checked, there is no way to just "hook up" two ends of a cat-5 cable to two computers and expect it to work without reversing the Tx signals, particularly not when the two systems in question are a Mac and a PC. No way, Jose'.
posted by Civil_Disobedient at 10:41 AM on April 27, 2008