Tuesday, February 19, 2008

Getting Vista to work with Samba

Steven J. Vaughan-Nichols Dec. 15, 2006 Linux-Watch

I was tinkering with my Vista system the other day, when I found it wouldn't connect with a pair of NAS (Network Attached Storage) drives. I was not a happy camper.


The drives, a pair of Seagate 400GB USB2.0 External Hard Drives, were connected to my Fast Ethernet network by a Linksys NSLU2, aka Slug, network storage link. All my other systems, which include XP Pro, MEPIS 6.01, Fedora 6, openSUSE 10.2, and SLED (SUSE Linux Enterprise Desktop) 10, had no trouble at all accessing these drives, so what was the problem?

After staring for much too long at network traffic logs, it suddenly hit me, I've seen a variation of this problem years ago. Vista defaults to using the NTLMv2 authentication. NTLMv2 is a 128-bit encrypted authentication protocol that has been around for over a decade. It was first introduced back in NT4 SP4.

Back in those days of stone-axes and bear-skins, I'd run into trouble with Windows 95 clients being unable to connect with "secured" NT4 SP4 servers. I fixed it then by setting the servers back to using NTLM.

Today, my problem was that by default Vista only used NTLMv2, and not NTLM or LM authentication. My NAS setup, like many NAS appliances, relies on a firmware-based Linux and Samba for its CIFS (Common Internet File System) file server.

The NSLU2 uses Samba 2.x, and that version doesn't speak NTLMv2. That's not too surprising. While NTLMv2 has been around for ages, almost no one, until now, has deployed it as a client operating system default protocol. Consequently, in addition to the NSLU2, you can expect many other such Linux/Samba-based devices, like the Iomega StorCenter Pro NAS 100d/160GB, the D-Link DSM-G600, and the Buffalo HD-H1.0TGL/R5-1 Terastation 1.0 Terabyte NAS, to not work with Vista.

It doesn't help any in working with NTLM2 that Microsoft has changed how it worked over time and its documentation is, to be kind, awful. For more on how NTLM2 actually works, see The Most Misunderstood Windows Security Setting of All Time. This is must reading for any network administrator who will be dealing with Vista.

Fortunately, there are two ways to fix this problem. The first is just to force Vista to use the NTLM protocol as well as NTLM2. To do that, use these commands:

Click "Start -> Run." Then, type in the Run field: "secpol.msc." That will bring you to Vista's security policy system. Once there, use "Go to: Local Policies > Security Options" and then find "Network Security: LAN Manager" authentication level. Once there, change the Setting from "Send NTLMv2 response only" to "Send LM & NTLM -- use NTLMv2 session security if negotiated."

Ta-da! My Vista workstation could use my Seagate drives.

The better long-term solution is to upgrade any of your Samba servers to 3.0.22 or higher, since they can handle NTLMv2. 3.0.21 will also do the trick, but it has a security hole in it, so if you're still using it, upgrade as soon as possible. The most recent stable version of Samba is 3.0.23d, and I highly recommend it.

I'd already done that with my SLES (SUSE Linux Enterprise Server) and RHEL (Red Hat Enterprise Linux) servers, so that's why I didn't immediately consider a Samba authentication problem when I first had trouble with the Vista box.

Unfortunately, upgrading the NSLU2, like any network appliance, isn't so easy. Upgrading almost any appliance requires you to change the firmware. However, in the case of the NSLU2, its most recent firmware dates from July, 2005 and it doesn't do the job.

So, what I did instead was head over to the NSLU2 Linux site. Once there, I installed an alternative firmware, Unslung. With that up and working -- they're not kidding, by the way, about following all the instructions -- I then used OptWare, a software package system for Unslung, to install an up-to-date version of Samba.

If that sounds complicated, well, yes, it is. I recommend only users who are very comfortable with getting their hands dirty with deep, down technology give it a try. For the rest of you, and there will be many of you soon, who want to get Vista and your network appliances on the same page, I recommend changing Vista's settings as described above, for now, and bugging your device vendors for upgraded firmware for the long-run.

-- Steven J. Vaughan-Nichols

===
This comment was written in Dec 2005.
In Erele/2008, I got a Vista present and tried to prepare it for conversion to Linux. First I could not find "Run" when I clicked on Microsoft's "Start" logo. SI will shortly be reformating the hardrive and enlighten the computer. Meanwhile, here is a workaround that might work for you.

Monday, February 04, 2008

Virtualisation with Ubuntu Server

How to Develop Virtual Appliances Using Ubuntu JeOS

Must look at using virtualisation to get soft-appliances in widespread use across Afrika. The technology promises to lower the cost of building hardware data-centres.
Would this work on Debian, or does it require have proprietary Ubuntu dependencies?

The African Executive

Comments made to the African Executive do not appear on the site, so I have decided to keep a log here.

Kenya Must Expand Her Middle Class by Samuel Imende, in The African Executive
If by 'middle class', Imende means business owner-manages and the professional trades, then it is the middle class that must expand itself by creating and building wealth opportunities that can be supported, because benefits and risks are shared, by the governing and by the greater community.

Because wealth does not trickle down unless public governance imposes limits on private markets. Thomas Friedman was wrong. His work at the University of Chicago continues to misinform and misdirect efforts at socio-economic development into mastering global markets rather than the intended ensuring sufficient standards and security of lives and livelihoods. If you think Kenya is bad, wait to see what is coming to the USA: there the top 1% now hold 53% of the stock market wealth (de-facto: of USA's globalisation assets), up from 33% in 1980 when Reagan took the Friedman machete to the USA New Deal.


Food Security: New Technologies Will Save AFrica

Pete Veal is the former MD Syngenta East Africa Limited. He is currently Head of Strategy and Planning for Europe, Africa and Middle-East based in Basel, Switzerland. Syngenta is an "agribusiness" that employs over 21,000 people in some 90 countries worldwide, including many in Africa, South America and Asia.

It is convenient then for Syngenta that
factors are suddenly pushing up the price of basic food items.
or that
food aid entering the local market not only destroys the value of local produce, but also the livelihoods of local farmers, removing their incentive to product.
. He recommends more Green Revolution technology. But that is not likely to benefit African communities who need to guarantee food security.

What Africa needs for food security are local food stocks, guaranteed minimum prices so that farmers can afford a living wage, and more efficient distribution systems. Get rid of food technology multinationals who insist on selling genetically modified 'terminator' seeds that can only grow with massive and continuous doses of their fertilizers, pesticides, technical aid, debt bondage, and corrupting of government.
It is better to cook than to buy a microwave. African countries should stop starving for foreign currency while selling crops to 'global-gambling' markets controlled by export-marketing businesses of these scented multinationals. You already know the small farmers' families of USA's MidWest or India's Pradesh what benefits they got from the latest 'Green Revolution'. Farmer suicides and bankruptcies are up at historical levels. Their children have abandoned poisoned farms and migrated to the cities or abroad.