2019-04-23

Samba (SMB) on Ubuntu

Right out of the box, an Ubuntu 18.04 machine will not see any Microsoft Windows machines on the network, and Windows machines will not see it.  Unfortunately, there is an incredible amount of work necessary to get it to work properly.  So, here are my notes on setting up an Ubuntu 18.04 Linux workstation to act both as a Samba server and as a Samba client in a Windows Workgroup.

Server


Here is my setup script, which works, but be sure to keep reading, because the script alone is not enough.

sudo apt-get install samba winbind libnss-winbind
sudo ufw allow Samba

if [[ ! -f /etc/samba/smb.conf.original ]]; then
 sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.original
 sudo write /etc/samba/smb.conf <<EOF
# See /etc/samba/smb.conf.original

[global]
map to guest = bad user
server role = standalone server
server services = smb
unix extensions = no
wide links = yes
client max protocol = NT1
dns proxy = yes
wins support = yes

# This is necessary here so that user-specific clones of "[homes]" will be browseable.
browseable = yes

[homes]
read only = no
comment = %U's Home Directory
# browseable = no is necessary here, or else "homes" will appear in the browse list.
browseable = no
valid users = %U
EOF
fi

The above script will install samba and configure it. (If it has not been installed already.) The old configuration file is saved as /etc/samba/smb.conf.original so that it can be consulted in the future.

After this, windows machines will successfully list my Ubuntu machine among other machines under "Network", and if I click on it I will be prompted for credentials.  When entering credentials I must remember the incredible, ages long "Domain" gotcha: do not just enter the username, enter MACHINE\username instead.  Then, Windows will correctly list the shares.

The [homes] section in the above script defines a share which will magically have the same name as the authenticated user, and will magically map to the user's home folder.  That's all I need.

A minor annoyance is that testparm will always report the following error:

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

After much searching around on the interwebz I found that:
  1. It is allegedly a warning, not an error, so it allegedly does not matter, and 
  2. There simply seems to be absolutely no way to make it go away, so you better get used to it.

Client


Things turn out to be considerably more difficult in making the Ubuntu machine successfully act as a client.  In the beginning nothing worked.

Under Nautilus (the Gnome file manager) going to "Other Locations" and trying to open "Windows Network" would fail.  Trying to "Connect to Server" with smb://servername would also fail.

The smbtree command would initially list only the local host, and if you let things stand for a while, it would eventually also show other machines, but not their shares.

The smbclient command would fail with a very informative error message saying "Error NT_STATUS_UNSUCCESSFUL".

The nmblookup command would fail with a very informative message saying "name_query failed to find name".

The interwebz abound with discussions about the connectivity issues between Ubuntu 18.04 and Windows, but none of the solutions offered seemed to work for me.  Some of the discussions even arrive at the conclusion that it is impossible to get it to work.

So, I started troubleshooting with smbtree and --debuglevel=3. (Because debuglevel=10 is like trying to drink water from a fire hydrant.)

The first thing I noticed was that samba was complaining about it being supposed to use a WINS server, but having no address configured for it. I suppose that if there is no mention of WINS in smb.conf, then by default samba will neither try to act as a WINS server, nor will it know who the WINS server is.  Which kind of makes sense, but what does not make sense is that samba does not complain in any way about this erroneous situation during startup, and instead we need to look at debug information in order to discover it happening.

I have no WINS server on my network, because this is apparently an advanced feature that is only found on Windows Server products, so I added "wins support = yes" to my smb.conf, to tell samba to act as a WINS server for me, because Linux gives these things for free, that's how it rolls.

By doing that, the error about WINS went away.  Unfortunately, everything else remained as broken as before.

Then it dawned upon me to look at what is going on with the firewall.  I had enabled the firewall and I had added the necessary rules to allow samba, but you never know.

Again, because trying to read the logs is like trying to drink water from a fire hydrant, I had to write the following little script:

ufwwatch

#!/bin/bash

function process
{
 local -a array=( ${1// / } )
 local time="${array[2]}"
 local action="${array[7]%\]}"
 if [[ "$action" != "BLOCK" ]]; then return; fi
 local -a remainder=("${array[@]:8}")
 local -A map=()
 for part in "${remainder[@]}"; do
  local -a subparts=( ${part//=/ } )
  local left=${subparts[0]}
  local right=${subparts[1]}
  map[$left]="$right"
 done
 echo $time $action ${map[PROTO]} in=${map[IN]} out=${map[OUT]} src=${map[SRC]}:${map[SPT]} dst=${map[DST]}:${map[DPT]}
}

echo Displaying blocked packets as they happen:
tail -f /var/log/ufw.log | while read line; do process "$line"; done
By running this script I discovered to my astonishment and horror that some packets were in fact being blocked each time I tried running smbtree.  The packets were UDP packets arriving from my Windows machines to my Ubuntu machine.  The port on the originating machine's side was 137, but the ports on which they were arriving on my Ubuntu machine were random.  This is typical behavior when communicating via UDP, but the problem is that the standard ufw rules for "Samba" do not account for this! (WTF?)

Here is what happens.

Let us begin without any rules:

michael@pegasus:~$ sudo ufw status numbered
Status: active

Now, let us add the standard rules for "Samba":

michael@pegasus:~$ sudo ufw allow Samba
Rule added
Rule added (v6)
michael@pegasus:~$ sudo ufw status verbose
Status: active
Logging: on (full)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
137,138/udp (Samba)        ALLOW IN    Anywhere                  
139,445/tcp (Samba)        ALLOW IN    Anywhere                  
137,138/udp (Samba (v6))   ALLOW IN    Anywhere (v6)             
139,445/tcp (Samba (v6))   ALLOW IN    Anywhere (v6)             

The problem is that with these rules, incoming packets from remote port 137 to random local ports get filtered. So, although the Samba server works, the Samba client does not work. Here is what I had to do in order to fix this:

michael@pegasus:~$ sudo ufw allow in proto udp from any port 137,138 to any
Rule added
Rule added (v6)
michael@pegasus:~$ sudo ufw status verbose
Status: active
Logging: on (full)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
137,138/udp (Samba)        ALLOW IN    Anywhere                  
139,445/tcp (Samba)        ALLOW IN    Anywhere                  
Anywhere                   ALLOW IN    137,138/udp               
137,138/udp (Samba (v6))   ALLOW IN    Anywhere (v6)             
139,445/tcp (Samba (v6))   ALLOW IN    Anywhere (v6)             
Anywhere (v6)              ALLOW IN    137,138/udp (v6)          

After this, the smbtree command started listing Windows workstations.

The final piece of the puzzle was to get a proper listing of the shares of each Windows workstation.

Unfortunately I had to do an awful lot of tweaking around in order to get this to work, and I do not remember anymore every step of the process, but I am documenting what I remember, and I will refine this when I get the chance.

The final steps that worked were the following:
  • Go to Control Panel -> Network and Sharing Center -> Change Advanced Sharing Settings -> All Networks -> Password protected sharing and:
    • Select "Turn off password protected sharing"
  • In the Group Policy Editor (gpedit.msc) Go to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options and modify the following:
    • Enable "Network access: Let Everone permissions apply to anonymous users"
  • And of course make sure the firewall allows samba packets to go through.
Of course the above were probably not the only things required to make it work.  While troubleshooting, I also did several other things which, although they did not have any immediately visible result, may have contributed to the success of the configuration as a whole.  Those included  the following:

In an elevated command prompt, execute:
  • net user guest /active:yes to enable the guest account.
  • net user guest "" to make sure that the guest account has a blank password.
Go to Windows Explorer -> This PC ("My Computer") -> Uninstall or Change a program -> Turn Windows features on or off
  • Make sure "SMB 1.0/CIFS File Sharing Support" is checked.
Here is a relevant discussion for reference:
https://unix.stackexchange.com/q/453944/141190

2019-04-21

Clipboard Managers for Ubuntu as of April 2019

I have been researching clipboard managers for Linux, (Ubuntu with Gnome,) and I am recording my findings here for the benefit of others.


Gpaste


Available in https://www.imagination-land.org/tags/GPaste.html As of the time of writing this, the latest version is 3.32.0 (March 12, 2019) but this version is not available via apt.  The latest version available via apt is 3.28.0-3, I guess it will have to do.

Decent looking user interface, but wasteful in terms of screen real estate, clunky, and actually annoying due to buttons whose icons are unintuitive and at the same time do not offer tooltips, so you have no way of knowing what the button does unless you click it.  (And it also has buttons that do not seem to do anything, so you will never know.)

Also quite buggy.  Supports a bunch of hotkeys for various arcane capabilities, but the mechanism for changing them does not work.

Also, badly designed: in the dialog that pops up when you invoke the history, the focus is not on the previously copied item, (which is what you want in the vast majority of cases,) the focus is on a stupid search box.

Also, it does not automatically paste, so after selecting an entry from the history you still have to press Ctrl+V in order to actually paste it into the application that you are using.

Thumbs down.


Keepboard (for Linux)


Available via https://sourceforge.net/projects/keepboard/ last updated in 2018-07-01, that's good enough.

Immediately after installation, on the very first run, during startup, it dies with a NullPointerException.  End of story.


Parcellite


Available via http://parcellite.sourceforge.net/.  Back in January of 2017 the author wrote "Nothing for years, then two releases in the same day".  He has been quiet ever since.  (And the previous update was like in 2014.)  So, forget it.


Glipper


Available via https://launchpad.net/glipper.  Last update was in 2013, so, forget it.


xclipboard


A very old program.  Comes preinstalled with Ubuntu.  When run, it fails with the message "Error: another clipboard is already running".  There is a page from 2009 explaining how to fix this problem, (https://lildude.co.uk/howto-use-xclipboard-with-gnome) but judging by how xclipboard looks in the screenshots, I do not feel compelled to keep trying.


CopyQ


Home page is https://hluk.github.io/CopyQ/. It is available via apt, latest version in apt is 3.2.0.  For Ubuntu there is also ppa:hluk/copyq which hosts the latest version, 3.8.0. Updates are frequent, with the latest being just a few days ago.

Copyq is a monster of a clipboard manager, packed with an awful lot of features and offering a ridiculous degree of control.  Besides the menu that drops down from the taskbar indicator allowing you to see your clipboard history and make a selection, it also has an extensive preferences window, and one more window which they call "main" and which allows you to manipulate your history entries, as if that's a very important thing deserving its own window.

The application is so over-engineered that it even has its own "task manager" and it supports color theming on the window they call "main".  Yet, it does not offer the ability to get rid of some things, for example some of the unnecessary menu items in the drop-down menu.

The application is a bit buggy.  One bug I found is that if you have the preferences window open, and then you also open the main window, then the main window is non-responding unless you close the preferences first.  Another bug is that its taskbar icon often gets lost, even though the application is still active and responding to the hotkey.  The worst problem is that it confuses the numeric keypad keys with their non-numeric keypad equivalents, so there is no way to specify a hotkey on the numeric keypad, like Ctrl + Shift + Numeric-Keypad-Insert

Most of the exotic features are unintuitive, so you are unlikely to use them because you will probably not even know what they do, but all the basics are there.

Bottom line is that this is a very useful clipboard manager, and the overengineering that has gone into it does not hurt, because
a) it is not ridiculously large, (only about 2MB to download, 7MB on the disk) 
b) the unnecessary extra functionality does not get too much in the way of using the small subset of the functionality that is actually useful, and 
c) the functionality that is actually useful does really work, and it works well.  (Well, mostly.  Except the numeric keypad hotkeys.)

Thumbs up.

If you do use it, do not forget to immediately go to "Preferences" -> "Items" -> "Synchronize" and add a folder for saving your clipboard, because CopyQ does not do that automatically for you.  (So, even though the app has the feature, and you may have made sure that the feature is enabled, your clippings are still not being saved unless you take additional action.)  How do you add a folder for saving your clipboard?  I do not know yet, I am still trying to figure out the unnecessarily complicated interface. Good luck!


Diodon


Home page is https://launchpad.net/diodon.

Its icon is a blowfish.  I tried it and I did not like it, but I forgot to document what the problem was.  I might give it another try in the future.


Clipit

Or perhaps https://github.com/CristianHenzel/ClipIt

A decent little clipboard manager that does no more than what is necessary.  The most delightful aspect of it is that its popup menu does not contain any useless crap, just your clipboard history, as it should.

Unfortunately, when you select an item from history, there appears to be a half second delay before the text is actually pasted, and there appears to be no option to change this behavior.

At some point it mysteriously stopped working, so I uninstalled it and looked for another one, but I am giving it one more try now, since I prefer its minimalism over CopyQ's pompousness.


Anamnesis


Haven't tried it yet.


Pastie


Home page appears to be https://github.com/fmoralesc/pastie/
Has no README.
Last update was 4 years ago, so forget it.


Clipman

It is for "xfce", so it is a no-go for Ubuntu, which uses Gnome.


Clipboard Indicator (Gnome Shell Extension)


Home page: https://extensions.gnome.org/extension/779/clipboard-indicator

Either this is a clone of GPaste, or GPaste is a clone of this.

Has the very nice ability to show the first few characters of the current clipboard content next to its icon on the task bar.  Unfortunately, that's the only good thing I have to say about it.

It has a maximum history length of only 50, and as if that was not ridiculous enough, it will only show the last 15 of them.

When you open the menu, the first selectable entry is a stupid search box, (as if you will ever need to search through a meager 50 entries,) so you always need one extra press of the "down" arrow to skip the search box to go to the current clipboard entry, and one more to go to the previous clipboard entry, which is what you want like 99% of the time.

The author's idea of how favorites should work is that they should be pinned to the top of the list, so each time you add a favorite you are increasing the number of times you will have to press the down-arrow before you can reach the previous clipboard entry.

Worst of all, when you select an entry, it does not automatically paste it for you, it just places it in the clipboard, so you always need yet one more keystroke to actually paste.

Bottom line: Usable, but annoying.


Clipper (Gnome Shell Extension)


Home page: https://extensions.gnome.org/extension/1081/clipper/

Appears to be abandoned.

2019-01-29

Medium.com: Psychology of Code Readability by Egon Elbre

This is an article I enjoyed reading.  I am in full agreement with every claim made therein. It was very nice to see certain conclusions that I have arrived at in the past being spelled out and illustrated with nice explanations.

https://medium.com/@egonelbre/psychology-of-code-readability-d23b1ff1258a

2019-01-20

Ferolli BlueSense Boiler User's Manual in English

My apartment is equipped with a Ferroli BlueSense boiler, which I needed to troubleshoot today, but the manual is in dutch, so I had to find the manual in electronic form on the interwebz, and have it machine-translated to english.

I am posting both the original and the machine-translated version here, in case others find it useful. Click on the pictures below for the documents.
 
  
The machine translation from PDF to PDF was very nicely done via https://www.onlinedoctranslator.com.  By very nicely I mean that the images have been preserved, and the formatting has been preserved as much as is reasonable to expect.  Of course, if you have a Ferroli boiler, then you are probably in Holland, and if you are reading this text then you are probably an expat living in Holland, so you probably already know that the state of the art today in machine translation from dutch to english sucks, so do not expect it to make perfect sense, or even to make sense. Still, it is better than nothing.