The Node

Posts Tagged ‘windows’

Welcome to the first real Windows post :) Now, I know this place mostly has a Linux bias but really, The Node is about solving technological problems…it’s just that Linux makes it easier to do so. As my main interest and inspiration for starting this site was Linux, it has a Linux slant…but I use all sorts of computers. Since July I have become responsible for a Windows network as well as my yummy Linux servers. While I don’t hold Windows very highly, I have been using it…even at home with my new gaming laptop (I tweeted about the joys of Crysis 2 on max detail last week).
So there are bound to be little problems that crop up. This particular problem is so seemingly prevalent on Windows that I just took it as Windows being dreadful. This is when you have an external USB hard drive that you plug into Windows and Windows makes the “bing bong” noise…yet no drive pops up in Windows explorer. Your brow furrows, and you probably do what I did which was to switch it off and on again (grin). Still no luck. However, this isn’t Windows having shoddy USB drivers or anything like that. It’s totally fixable and here’s how.

Note: This fix can also be achieved with Windows XP, but the location of various options and windows may have been moved. Anyway, there are two main ways to fix this. The first way is more common, less complicated in cause and solution.

As you probably know, Windows uses drive letters to distinguish between partitions. I think this is a bone-headed method of file system design, but fine. Anyway, in order for your USB drive to show up as…well…a drive, Windows has to assign it a letter when the USB subsystem alerts it to a new device being connected. No drive letter, no drive to use.

Before we start, make sure that you’ve disconnected or switched off any other external USB devices you may have attached to your computer else it’ll make identification of the problem device difficult.

So, first make sure your USB drive is plugged in and switched on. You’ll hear the “bing bong” sound Windows makes when it’s alerting you to a new USB device being attached. As expected, the drive doesn’t show up.
Open the Start menu and right-click on “My Computer”. From there, left-click on “Manage”. This requires Administrator privileges. From the left panel on the new window, click on: -

System Tools -> Device Manager

From the tree list, expand the “Universal Serial Bus Controllers” option. You’ll probably see many devices, but you only need to look for one, the “USB Mass Storage” entry. If you see more than one, you didn’t take my advice above and switch off and disconnect any other USB hard drives you have. Go ahead and do that and then come back :)

If you only have the one entry for “USB Mass Storage”, that’s your drive. Right-click on it and choose “uninstall” from the options. Switch off or disconnect your drive and then power it up again. This will allow Windows to attempt to re-install the driver for the device. If that was your problem, you should now see your device assigned with a correct drive letter. Done.

If this didn’t work, you’ll need to try the second method.

From the Start menu, select:-

Administration Tools -> Computer Management -> Disk Management

In the bottom middle panel of this new window, you will see a graphical representation of your disk drives. “Disk 0″ is usually your drive C: and should not be touched. If you have more internal drives or partitions, they will also show here. In order to match up your external USB device to the devices listed, either match it up by the approximate size listed or simply switch off and on your USB drive to see which entry vanishes and reappears. Once you’ve identified your device, right-click on the blue bar running along the top of the device entry and select “Change drive letters and paths”. Click change and choose an unassigned drive letter. Save your changes and reset the device and it should show up! If it was not seen there, go to “Action” on the menu bar, click on “Rescan Disks” and it should appear.

The blue bar menu is all greyed out and I cannot select the change drive letter option!

If you get this, you have a GPT Protective partition which means that the drive was probably installed on a Linux, Mac or Windows XP 64-bit edition machine. You can override this and get a functional drive, but you cannot save the data as the following solution is a data destructive process. In my case, I didn’t mind, but if you do, consider using the parent operating system of the drive to read the data.

In any case, you won’t be able to recover the data under Windows 7. The drive is inaccessible and Disk Management reports that the drive has a GPT Protective Partition on it. The drive cannot be re-partitioned and formatted in this state, so you’ll need to clean the drive before you can use it.
First, make a note of the disk number listed in the Disk Management window as you’ll need this information in a minute.

Open a Windows command prompt window and enter:-

diskpart

From the diskpart prompt, type: -

list disks

You’ll get back something like: -


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 111 GB 0 B
Disk 2 Online 298 GB 1024 KB


Select the disk number for your device that you noted down earlier with: -

select disk [NUMBER]

Where [NUMBER] is the number you wrote down. Windows will say that “disk [NUMBER] is now selected”. Now enter: -

clean

This removes the disk’s partition and signature from the drive. After you are returned to the diskpart prompt, type “exit” and go back to your Disk Management window. Windows should now be aware that the drive is uninitialised and should prompt for the wizard. From here you can reinitialise and format the drive. If you’re using a regular USB drive, you’ll probably want to format it as FAT32 (or exFAT) so that it can be used on older versions of Windows, Mac or Linux. Be aware – this format will take ages. Once it’s done, close the Disk Management window and power cycle your USB device. It should now should up with the assigned drive letter :-)

So you’ve followed the article about how to connect Linux to Windows using Samba, but you have a problem…each time you want to connect to your secure Samba share, Windows keeps asking you for your Linux login details in order to access the user share, even though you’ve checked the box that says “remember my credentials”. Doesn’t actually do that and it’s pretty annoying, right? As it turns out, this is a problem with Windows (surprise), not Linux or Samba. While there are various hacks which involve Registry hacks and Windows command line batch files, there is a simpler way…
It can be fixed with the little-known Windows Credential Manager. Navigate to the Credential Manager under Windows Vista/7 with:-


Control Panel\All Control Panel Items\Credential Manager


Click “Add a new Windows Credential” from the top right and enter the Windows NetBios network name for your Samba share. If this doesn’t show up under your Network Explorer, make sure you have the nmbd daemon running on your Linux server. Add the network address and the user and password to the credentials vault. You should end up with something like: -

Internet or Network Address: [\\Samba NetBios name\Samba share]
User name: [your samba user name]
Password: [your samba password]
Persistence: Enterprise

Now, you should have access to your mapped Samba secure network shares without constantly having to type in your Samba/Windows credentials each time. Once less annoyance :-) You can even backup your Credentials Vault file and save it somewhere secure if you like. Remember, though, using this technique is only going to be as strong as your Windows user account as it’ll connect automatically to Samba using your stored credentials for this user account. But you already figured that out, I’m sure :-) It’s also not a good idea to use this sort of thing outside a local area network for obvious reasons.

This will show you how to access your Linux machine from Windows, essentially turning your Linux server into an excellent home file server that you can access from Windows Explorer using a technology called Samba. It essentially provides file and print services over TCP/IP so that Windows machines can interact with Linux (and many other operating systems).

Now, the things you can configure with Samba is pretty long, but we’ll discuss a few scenarios. First of course, we have to install Samba. Under Fedora/CentOS, this is done with: -

yum install samba

Under Ubuntu/Debian, this is done with: -

sudo apt-get install samba

Once Samba is correctly installed, it needs to be configuring for use. Open up the /etc/smb.conf file (under Fedora, this is actually located under /etc/samba/smb.conf).

First, we’ll start off with the global settings.


[global]
hosts allow = 127.0.0.1 192.168.1.0/24
hosts deny = 0.0.0.0/0
hide dot files = YES
veto files = /.*/
workgroup = MSHOME
server string = MyLinuxServer SMB v%v
netbios name = My.Linux.Server


You can set hosts_allow and hosts_deny to accept or disallow certain IP addresses or IP address ranges. Here, I’m simply allowing any connections that come from either localhost (127.0.0.1) or from any machine on my local network. Obviously, I don’t want to allow anyone from the wider Internet to connect to my Samba server :-) Also, for Windows I’m going to hide dot files – under Linux, this are any files that begin with “.” and are usually hidden in the Linux filesystem unless you specifically request to look at them. Since these will have little relevance to Windows, I’ve opted to hide these files so they don’t show up under Windows Explorer. “Veto files” also takes a regular expression string to hide many other types of files, but regular expressions are beyond the scope of this post, so we’ll just leave these be.

Workgroup should be set to your Windows Workgroup – typically MSHOME unless it’s been changed. The next two lines simply define the server string (the %v merely shows the Samba version number) that will show up under Windows Explorer and the Windows NetBIOS name for the Linux server.

The first share that can be configured are the home directories for all the connecting users. The [homes] section is a special configuration and Samba already knows how to handle all the users different home directories, it really only needs to be specified and Samba will do the rest. This will essentially make all user’s home directories under Linux accessible with read/write access from a Windows client assuming correct login details which the Windows client will prompt for.


[homes]
comment = Home Directory for %S
read only = No
browseable = No
valid users = %S


“browseable” here states that the Linux shared directories are viewable (browseable) from something like “My Network Places” or “Network Neighbourhood” under Windows, but we’ll set this to “No” as otherwise anyone who searches for the Samba server will see every home directory available, regardless if they have the required login details to actually access it.

The “Homes” share is a special share under Samba – the “homes” share does create a share called “homes” under Windows. It tells Samba to automatically create home directories on the fly for each individual user home directory. This particular share is a special case. Normally, the “[share name] creates this share that appears to a Windows client as “share name”, whilst “[homes]” creates all shares for all home directories. The comment parameter uses the %S wildcard, which expands to the actual name of the share. This will cause the share for user “tom” to have the comment “Home directory for tom”, the “alice” share to have the comment “Home directory for alice” and so on. We use this “%S” macro in the “valid users” line too so that only the owner of the share and administrator are allowed to access it. Pretty neat, right?

Okay, let’s create a slightly less complex share now that that is out of the way. How about a share that is accessible by anybody to share files? Remember we set Samba to only pay attention to the local network and not accept connections from outside our locla network, so this is good for sharing files between local users.


[Shared]
comment = Global Share - All Users
path = /mnt/shared
read only = No
guest ok = Yes
public = Yes
browseable = Yes
create mask = 0666
directory mask = 0777
security = share
guest account = nobody


The “Shared” shared that we have created above allows access to all of the files and directories within the “/mnt/shared” local directory. The resource can be written to by all guest and public users and the resource can be viewed (browseable) by workstations and clients on the network. Any new directory created in the share will be given the directory permissions of 777, and any new file will have file permissions of 666. These mask settings allow any user to save files to the shared directory, and any other user can read, write or delete the files.

Unlike the special “homes” share before, this will appear simply as “shared” under Windows clients. Now, instead of using “homes”, what about if you want just one user to access their home directory? This is simply done via the below configuration: -


[tom]
comment = Tom Samba Share
security = user
path = /home/tom
read only = no
browsable = yes
guest ok = no


You can also have even more fine-grained than simply “public” and “private” shares for users – you can add small groups of users to a share via something like the following: -


[SmallGroup]
comment = Small Share - Few Users
path = /mnt/smallgroup
read only = No
guest ok = No
browseable = Yes
create mask = 0666
directory mask = 0777
valid users = peter, paul, mary


There are several other share parameters that might be useful. Some of these are listed below.

“available=” – This is “yes” by default, but it can be an easy way to disable a share without deleting it’s configuration.
“valid users=” – By default, any authenticated user will be allowed to access a Samba share. You can refer to a valid NIS netgroup or Unix group by appending an “@” to the group name.
dont descend=” – Specifies directories in the share that Samba should not enter. This can be handy to prevent Samba from entering a directory that contains recursive symlinks, or to restrict access to irrelevant directories like /proc and /dev.
“follow symlinks=” – This normally defaults to ‘yes’ and will cause Samba to follow all symlinks even if they redirect Samba to files or directories outside of the exported directory tree. Setting follow symlinks to ‘no’ will turn off this functionality and prevent symlinks from being followed at all. Turning off follow symlinks does eliminate a potential security hole and should be done when symlinks are not needed or required.

The next thing to do is to start the Samba service.

service samba start

You can also set the Samba service to start on boot in the most common runlevels with: -

chkconfig --levels 345 smb on

You’ll also need to add the following ports to the IPTables firewall with: -


iptables -A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


else you won’t be able to access the Samba shares. Obviously, I wouldn’t recommend adding these ports to your router firewall unless you want to be able to access Samba from the outside world.

The absolute last thing to do is to access this share from Windows and to map a Samba share to a network drive so that it appears to be just another Windows drive letter.
Open a Windows Explorer Window and choose Tools -> Map Network Drive. Choose a suitable drive letter and enter: -


\\[your server IP address]\[your Samba share name]


NOTE: If you cannot connect to your Samba share and get an error something like “The specified domain either does not exist or could not be contacted.” and are using Windows Vista / Windows 7, either update Samba to 3.2.12 or 3.3.5. In addition to the update, the registry changes that are required in Windows Vista/7 to allow the joining of a Samba 3.2.12 or Samba 3.3.5 domain are as follows:


HKLM\SYSTEM\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode 1
DWORD DNSNameResolutionRequired 0


If this doesn’t work, you’ll need to change a couple of settings: -

1. from the run command or from a cmd window run secpol.msc
2. go to “Local Policies” -> “Security Options” -> “Network Security: LAN Manager authentication level”
3. change to “LM and NTLM – use NTLMV2 session security if negotiated”
4. Press the OK button.

You should now be able to access your Samba shares under Windows Vista/7. You don’t need to do anything like this for Windows XP, it should just work right out of the box.

That’s it, really. There are plenty of other things you can do with Samba and these are just basic examples to get you started – you can, for example, share printers over Samba if you wish, but refer to the official Samba documentation for this.