Vista Hands On #13: Connect to a shared folder on a Linux machine

Vista Hands On #13: Connect to a shared folder on a Linux machine

Summary: Trying to get Vista and Linux to talk to each other? It isn't as easy as it should be. Today I explain what I had to do to make shared folders on a Linux machine reachable from a PC running Windows Vista.

SHARE:
TOPICS: Windows
154

As I noted earlier this week, I’ve been trying to get a Linux box installed on my network so I can explore interoperability issues between Windows and Linux. I can now report that I have succeeded in installing Ubuntu Linux 6.10 and it seems to be running well.

First problem I ran into was that the Vista machine couldn’t access shared resources on the Linux box and vice versa. I had no problem passing files back and forth between the Linux box and one running Windows XP. This post deals with the first problem, connecting to the shared resources on the Linux box. (I’ll tackle the issue of connecting to a Vista share in a follow-up post.)

There are two possible reasons why a Vista user can’t connect to a Linux share:

1. Windows Vista changes the authentication method for password-protected shares. In XP and previous versions, the system by default used two password hashes, the old-style LAN Manager (LM) and the newer NTLM version 2 (NTLMv2). (If you want the gory details, read this excellent article by Windows security guru Jesper Johansson. Although it was written using a beta version of Vista, the information is still accurate.) Older versions of the Samba server in Linux use only the LM hash, which means they have no trouble connecting to a default installation of XP but will fail when trying to talk to a default installation of Vista.

To fix this problem, you need to update the version of Samba on the Linux machine to 3.0.22 or higher. (If you’re using an earlier Samba version, you can downgrade Vista’s authentication to accept LM hashes, using either Local Security Policy Manager or a registry edit. I don’t recommend this option.)

2. Challenge #2 was to get Samba configured on the Ubuntu Linux machine. In my case, the samba-common package was installed and was at the correct revision (3.0.22–1), but the samba package itself was missing. (Update: On a second machine when I tried a clean install, smbfs was missing as well, and I was unsuccessful until I installed it.) After I installed the missing pieces, I had one more step to run through. From a Terminal window, I needed to add a Samba user and password. Windows users are accustomed to having file sharing and authentication handled using the credentials for their user account, but with a Samba server the databases are different. The syntax, in my case, was fairly straightforward:

sudo smbpasswd -a username

In this command, username is the same as my account name. You can create an account for another user as long as they already exist in the user account database.

(Note that you have to respond to three password prompts at this point. The first is for the root password of the logged-on user, and the next two set the SMB password for the user whose account you’re adding.)

After going through these steps, I was able to access shared folders on the Linux machine.

If any Linux experts in the audience want to add any comments or corrections or suggestions, hit the Talkback button and fire away. You can also reach me via e-mail by using the email link on my bio page.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

154 comments
Log in or register to join the discussion
  • My earlier post seems to have vanished....

    ... as these fora are throwing proxy errors and all sorts (again!)

    Ed said: [i]"Windows users are accustomed to having file sharing and authentication handled using the credentials for their user account"[/i]

    Indeed and you can configure Linux to use PAM to administer Samba accounts (amongst other things) or what would be simpler at this stage would be to install [b]Webmin[/b] and administer Samba - and the whole machine - through Webmin. It has an option to let you keep user accounts and Samba accounts synchronised.

    Install webmin and then in your browser type localhost:10000 or from a different machine http://<ip address of linux box>:10000 and login with your root details.

    Also after installing webmin look here

    http://linux.ittoolbox.com/documents/popular-q-and-a/how-to-set-up-a-samba-server-with-encrypted-passwords-2278
    bportlock
  • Why not use Service for Unix in Windows?

    Used to be they charged for this but then they changed it to free in version 3.5 I think. You could try that. Works for Solaris I'd bet it works for Linux too.
    voska
    • Not sure those would help

      Vista has two options:

      Subsystem for UNIX-based Applications and
      Services for NFS

      I read through the docs for each and neither one seems particularly relevant here. If I'm wrong, send me some links to read more, please. Also they're only available in Business, Ultimate, and Enterprise editions, not in the Home editions which are most widely used in non-enterprise settings.
      Ed Bott
      • NFS is Unix/Linux's "workgroup" system

        If you enable NFS on your Linux server then you can export directories to other systems running NFS clients.

        Given that you're running Samba OK I would stick with that for now.

        Install Webmin Ed. You won't regret it. [b]apt-get webmin webmin-core[/b] used to work in Debian so give it a go.
        bportlock
        • Oops! Typo time!

          That should have read

          apt-get insatll webmin webmin-core

          Sorry!
          bportlock
          • Oh b*gger! Another typo!!!!

            "insatll" should of course have been "install"
            bportlock
        • ssh and sshfs is a better option

          Using secure shell (ssh/sshfs) allows for better security then using NFS especially over a wireless network. Ubuntu has the programs in the universe repository. Here's a good wiki on how to install ssh and sshfs:

          http://ubuntuguide.org/wiki/Ubuntu:Edgy#SSH_Server
          MisterMiester
          • Fair point, but...

            ... Ed was talking about Windows services for dealing with *nix and he didn't sound too sure about them. That's why I was explaining NFS in terms that Windows people would be familiar with.

            As I said, if he's not plugging *nix boxes togther then Samba is probably as good an option as any.
            bportlock
          • Right on!

            SSH is the best option. For managing users and.. editing the smb.conf file..

            login, su root, and

            Vi, vim, joe, pico (an editor) /etc/samba/smb.conf
            xstep
          • Forgot about puTTy

            You can also use puTTy for windows clients to access your linux machines via ssh:

            http://www.putty.nl/download.html
            MisterMiester
  • Correction

    [i]Note that you have to respond to three password prompts at this point. The first is for the root password, and the next two set the SMB password for the user whose account you?re adding.[/i]

    Ed, [b]sudo[/b] doesn't require the root password (and in fact Ubuntu doesn't even [i]have[/i] a root account -- which IMHO is a Good Thing.) The password for [b]sudo[/b] is the password of the user invoking it.

    This is to prevent "drive-by" access, where someone is away from an unlocked session, and also to make sure that the user "realy means it." However, the actions that can be performed by [b]sudo[/b] are also constrained in that only certain users, by policy, can invoke it. If necessary, even the "sudoers" can be constrained in what they are allowed to do; for instance, all users might be allowed to invoke the [b]wpa_gui[/b] utility for network authentication.
    Yagotta B. Kidding
    • Thanks

      I edited the post.

      In briefly using Suse Linux I noticed that sudo did require a root account and password, whereas Ubuntu as you point out uses password prompts as a layer of security.
      Ed Bott
      • Apples and Pears

        [i]In briefly using Suse Linux I noticed that sudo did require a root account and password, whereas Ubuntu as you point out uses password prompts as a layer of security.[/i]

        Close. SuSE uses both [b]sudo[/b] and [b]su[/b]. [b]su[/b] is the older command (it's been around roughly since Thompson was in diapers) and allows a user to become another user (by default root) by providing the password for that account; if invoked by the root user no password is required.

        [b]sudo[/b] is much more secure in that it only applies to one command at a time and can be further restricted as I describe.

        I suspect that your memories of SuSE are of using [b]su[/b] (which [i]would[/i] require the root password.)
        Yagotta B. Kidding
        • sudo and su - a precision

          first, the root account still exists in Ubuntu - it's just that you can't log in as root by default (this can be set on any distribution - I know I did on Mandriva, for example).
          su is not an 'older version' of su - it caters to one who needs to have temporary root access and act as root for a while. You have to be authorized to use su to run it.
          sudo allows a user to use a single command with root rights; which command depends on how sudo is set up.
          sudo allows you to allow certain users to use only certain commands with root access; su allows you to allow only certain users to act as root.
          Combining both leads to this:
          - user has no sudo access and no su access: no damage
          - user has su access but no sudo access: that's useless
          - user has sudo access but no su access: only some areas are endangered.
          - user has both su and sudo access: user can act as root.

          When you go that way, you usually make sure that users need to have access to 'sudo su' - if a user can 'sudo command' except su, then damage is very limited if su is not even readable by user (meaning that you'd need a damn code exploit to gain root access).
          Mitch 74
    • re: Correction

      "Ed, sudo doesn't require the root password (and in fact Ubuntu doesn't even have a root account -- which IMHO is a Good Thing.) The password for sudo is the password of the user invoking it."

      Actually there is a root account. It is just that you do not know the random generated password. To change the password so that you know it, you would type in "sudo gdmsetup". Type in your password and then you can alter accounts. Clear out the random password and type in something identically in both spaces. You also have to check the box to login as root.

      Since you can type in Alt+F2 and enter gksudo nautilus and enter your regular password and have a master file manager there is no need to login as root to do convenient maintainence or trouble shooting. As for drive-bys like you stated, you will only get them if you are a reckless user just like in Windows. Mostly as a attractive trojan horse. But a user account can be used as a zombie just as effectively as root if the user is a novice, that Ubuntu is targeting for a user base.
      osreinstall
    • Ubuntu does have a root user

      Actually Ubuntu does have a root user. If you wish to use it just use sudo to set a password for it. Then you can sign in as root.
      maldain
      • This has been covered already...

        several posters pointed this out in detail earlier, so Ed surely knows to enable root by now ;)
        Tony Agudo
    • Sudo requires admin

      "The password for sudo is the password of the user invoking it."

      Which will not work unless the user has admin rights.
      Mikael_z
    • Depends on your setup, different distros

      default to different behaviors.

      e.g. Ubuntu's default is to allow users all commands via sudo with their password. In SuSE, all commands are available but require the [b]root[/b] password by default.

      sudo is highly configurable and you can change the behavior very easily, or even set some commands to not require any password (useful in say laptops with ever changing network connections).
      D-cat
  • Message has been deleted.

    Harry Bardal