[clug] Re: Bonjour/ZeroConf Advocacy

Alex Satrapa grail at goldweb.com.au
Fri Nov 21 01:16:48 GMT 2008

On 13/11/2008, at 17:47 , Alex Satrapa wrote:

> Heck, I can launch "JollysFastVNC" on the Mac, select Windows ->  
> Server List, and what do you know? There's "alex's remote desktop on  
> ubuntu" right there in the service list!

For the true Macophiles (which I am apparently not, having been living  
in a cave for far too long), Mac OS X has a built-in VNC server which  
is used for Mac OS X's built-in screen sharing.

It turns out I wasn't aware of it because I had misconfigured my  
Ubuntu machine's firewall.

I had previously suggested this configuration:

> server_mdns_ports="UDB/5353"
> client_mdns_ports="default"
> ...
> interface any world
>    ...
>    server mdns accept
>    ...
>    client all accept

... it turns out I was mistaken.

What works for me now is this:

> server_mdns_ports="UDP/5353"
> client_mdns_ports="5353"
> interface any world src not "$RESERVED_IPS"  # [1]
>   protection strong
>   server multicast accept
>   server mdns      accept
>   ...
>   client multicast accept
>   client mdns      accept

And for bonus points, add the following service definition into  
Avahi's configuration /etc/avahi/services/samba.service

> <?xml version="1.0" standalone='no'?><!--*-nxml-*-->
> <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
> <service-group>
> 	<name replace-wildcards="yes">%h</name>
> 	<service>
> 		<type>_smb._tcp</type>
> 		<port>139</port>
> 	</service>
> 	<service>
> 		<type>_device-info._tcp</type>
> 		<port>0</port>
> 		<txt-record>model=MacBookPro</txt-record>
> 	</service>
> </service-group>

Change the "MacBookPro" to something that is more representative of  
your computer as required. The following worked for me so far:
  - MacBook
  - MacBookPro
  - RackMac
  - Macmini
  - PowerBook

... note that all the "_device-info._tcp" service does is change which  
icon Finder displays for your service.

Advertising the Samba service through Avahi means that the Mac user  
doesn't have to turn on SMB file sharing, which would otherwise be  
required in order to start the nmbd service. Turning on SMB file  
sharing means storing your password in two places (and thus having to  
change it in two places), which some people might want to avoid. I  
suspect that Finder expects the SMB file sharing service to be turned  
on before it starts displaying services discovered through nmbd (just  
starting nmbd manually has no effect on Finder).

Finder mounts remote SMB file systems using smbfs, so it's quite  
possible to *use* SMB file servers without running Samba. Without the  
Bonjour/ZeroConf advertisment, the usual means to connect to an SMB  
share is to use Finder's "Connect To …" option and type the "smb://host/share 
" URL - but that's *so* uncool!

Now to see how much breaks when I turn the ipfw firewall on, on the  
Mac …


More information about the linux mailing list