I wanted to share out files from my Ubuntu Gutsy desktop “server” on to my home network. I wanted two different shares:

A private read/write share
Only I will have the credentials to access this share. This will host out my more precious files. I do not want my family either knowing about this share or accessing it and accidentally deleting everything I have.

A public read/write share
This will be used as an anonymous dumping ground to transfer files to/from the server. This will also be the share that my other family members will be using. For ease of use, I do not want them to have to specify a user or password to connect. There should be no password prompt. It should act like a public Windows share.

Every guide I found explained only how to do one kind of share or the other. Either you specified all shares to require a login -or- all shares to be public. I needed both served out at the same time. The key ended up being map to guest. Here’s a stripped down version of my smb.conf, but if you want explanations, read on.

Short Version

/etc/samba/smb.conf on server

[global]
        # Browsing / Identification #
        netbios name = fileserver
        server string = %h server (Samba, Ubuntu)

        # Authentication #
        security = user
        encrypt passwords = true
        map to guest = bad user
        guest account = nobody

        passdb backend = tdbsam
        obey pam restrictions = yes
        invalid users = root

# Public Share.  Mount this on a Unix client with the following.
# sudo mount -t smbfs -o username=[username],password=[password],\
# rw,uid=[your Unix user],gid=[your Unix group] \
# //[netbios or ip of server]/private /path/to/mount/point
#
# Optionally use a credentials file and credentials=/path/to/credentials (see below)

[private]
        comment = Private Share
        path = /mnt/private
        browseable = no
        read only = no
        create mask = 0640
        directory mask = 0750

# Public Share.  Mount this on a Unix client with the following.
# sudo mount -t smbfs -o username=,password=,\
# rw,uid=[your Unix user],gid=[your Unix group] \
# //[netbios or ip of server]/public /path/to/mount/point

[public]
        comment = Public Share
        path = /mnt/public
        read only = no
        create mask = 0640
        directory mask = 0750
        guest only = yes
        guest ok = yes

After this is saved. Restart Samba with sudo /etc/init.d/samba restart

Set up samba user

Here smbprivate is the user that will have access to the Private share. Make sure that this user exists on the server and has appropriate permissions on the share directory. Then let Samba know about this user by executing the following.

$ sudo smbpasswd -a smbprivate

Using a credentials file to mount in Unix

You can create a credentials file so that your username and password aren’t sitting in plain text in /etc/fstab. Create this file on your client Linux machine (I put it in /etc/samba/credentails.fileserver).

username=[username]
password=[password]

Give it only read access to root.

$ sudo chown root:root /path/to/credentials
$ sudo chmod 400 /path/to/credentials

Then the mount command becomes

sudo mount -t smbfs -o credentials=/path/to/credentials,\
rw,uid=[your Unix user],gid=[your Unix group] \
//[netbios or ip of server]/private /path/to/mount/point

Long Version

The Private Share

To set up private shares in Samba we need to do three things.

• Set security = user. This tells Samba that we want to authenticate login attempts based on the Unix users on the server.
• Set encrypt passwords = yes. The newer versions of Windows require that share passwords be encrypted when transmitted over the network. This is default in Samba 3.0.26a, but if you’re running an older version of Samba you may have to define this explicitly.
• Use smbpasswd on the command line to create the encrypted password information for your private share user.

The deal is that you’re going to have to use encrypted passwords unless all the Windows computers on your network are running Windows 95. Samba can’t map directly to the Unix passwd file because Windows encrypts using a different algorithm. This is why the smbpasswd exists. It will store the passwords you supply it in a format that can be understood by Windows.

All of this comes down to putting this under the global section of your smb.conf.

security = user
encrypt passwords = yes

And then executing this on the command line for each user you want access your private share. These users must be legitimate Unix users on the server.

smbpasswd -a username

Note: It is possible to sync your Samba users with your Unix users. Ubuntu Gutsy Gibbon has this enabled with its default configuration of Samba. This can cause unexpected effects if your Windows users names are the same as the user names on your Samba server. See the Public Share section for more details. To see which users already exist in the Samba password database run this in a shell: pdbedit -L

All that is left is to define your private shares in smb.conf.

[private]
        comment = Private Share
        # Path to directory you want to share out
        path = /mnt/private
        # Allow writing to the share
        read only = No
        # Do not allow computers on the network to see that this share
        # exists while browsing (i.e. Network Neighborhood)
        browseable = No
        # These two are optional.
        # Sets the umask for files/directories created on this share.
        create mask = 0640
        directory mask = 0750
        # This is also optional.  Restrict access to only certain users.
        # This gives access to Harry and to anyone in the group Family
        valid users = harry @family

After restarting Samba with sudo /etc/init.d/samba restart, you should be able to access this private share.

• Windows Browse to \\[netbios or ip of server\private and provide a valid user and password
• Linux Mount the share with sudo mount -t smbfs -o username=[username],password=[password],rw,uid=[your Unix user],gid=[your Unix group] //[netbios or ip of server]/private /path/to/mount/point

If this doesn’t work, I would suggest reading through this excellent troubleshooting guide. If you find something wrong with how I did things, drop me a comment.

Note: In Linux, if you can successfully mount the share but do not have write permissions to it, make sure that you have write permissions on the mount point on the client side. That is, if you specified the user smbuser as the uid in the mount command, make sure smbuser has write permissions to /path/to/mount/point.

Using a credentials file

You’re probably going to want to mount this share automatically at boot by putting it in your /etc/fstab file. Storing a password in plain text in fstab is probably a bad idea. Samba lets you specify a credentials file in the mount command to get around this. The format is a set of simple name=value pairs.

username=[username]
password=[password]

Store this file where ever you want. I put it in /etc/samba/ because that seemed convenient. Give it only read access to root.

$ sudo chown root:root /path/to/credentials
$ sudo chmod 400 /path/to/credentials

Then the mount command becomes sudo mount -t smbfs -o credentials=/path/to/credentials,rw,uid=[your Unix user],gid=[your Unix group] //[netbios or ip of server]/private /path/to/mount/point

The Public Share

This was actually the hard part to figure out, even though in the end there isn’t much configuring to do. The key is the map to guest directive in smb.conf. This allows you to map invalid user/password attempts to the guest account. The guest account can be specified globally or per-share. map to guest has four options.

• never (default) If you give a bad user/password, the connection is rejected
• bad userIf a bad user is given, map the connection to the guest account
• bad password If a valid user but bad password is given, map the connection to the guest account.
• bad uid This is only applicable when you are using security = domain or security = ads

What we want here is map to guest = bad user. You see, when Windows connects to a Samba share it will provide the user and password of the currently logged on user. Since, usually, the account names on the Windows machine will not exist on the Samba server, the map to user directive will be triggered and the connection will be mapped to the guest account you specify. This lets Windows machines connect to the share with no password prompt. What’s even better, this will only work if you specify guest = ok in your share definition. Your private shares can remain private.

To set this up add this to the [global] section of smb.conf

map to guest = bad user
# Optionally, specify a global default guest
guest account = nobody

Here is the public share definition

[public]
        comment = Public Share
        # Path to directory you want to share out
        path = /mnt/nas/public
        # Allow writing to the share
        read only = No
        # Force connections as guests
        guest only = Yes
        guest ok = Yes
        # Optionally, specify the guest account here
        guest account = nobody
        # These two are optional.
        # Sets the umask for files/directories created on this share.
        create mask = 0640
        directory mask = 0750

After restarting Samba with sudo /etc/init.d/samba restart, you should be able to access this public share.

• Windows Browse to \\[netbios or ip of server\private. You shouldn’t be prompted for a password. Booyah.
• Linux Mount the share with sudo mount -t smbfs -o username=,password=,rw,uid=[your Unix user],gid=[your Unix group] //[netbios or ip of server]/public /path/to/mount/point. Note the blank user and password.

If this doesn’t work, I would again suggest reading through this excellent troubleshooting guide.

Again, in Linux, make sure that your client-side user has write permissions to the mount point.

Caveat with duplicate user names and Unix/Samba password sync

This took me forever to figure out. With the public share does…

• Windows still prompt for a username and password when connecting?
• Linux successfully mounts the public share without specifying a user or password?
• Your Windows user name match your Unix user name on the Samba server?
• Your Windows password does not match your Unix password?

What is happening is that Windows is silently attempting to authenticate with the current Windows username and password. When that fails, it prompts for another set of credentials. But why is it failing? Because you are silently trying to login with a valid Samba user name.

Remember what map to guest = bad user does? It will map to the guest account if a bad user name is provided. However, Windows is giving the Samba server a valid user name with a invalid password. Samba will straight up reject the connection. The mount command given above will still work because you are giving an invalid user name (null).

But I didn’t explicitly use smbpasswd to set up this user? If password sync is enabled, which it is by default in Ubuntu Gutsy, all of your Unix users are already part of the Samba password database. Check out pdbedit -L to confirm. This is what perplexed me the longest. I ended up specifying debug level = 3 in the [global] section of smb.conf. In the logs I found when Windows tried to connect Samba would respond to NT_STATUS_WRONG_PASSWORD.

I find this terribly lame. This means if I have a friend over that brings their laptop and their Windows login happens to exist on the Samba server they won’t be able to access the public share. The easiest solution I found was to remove the duplicate user name from Samba’s database.

# See what users are set up with Samba
pdbedit -L
# Remove the duplicate user name
smbpasswd -x [username]

There is still a problem though. We just removed the Samba user that I was going to use to access my private shares. What I did was create a Unix and Samba user on the server, smbprivate. I use this account to access all of my private shares. Just make sure that this user has correct permissions on the files and directories that are shared.

References

Samba Security and Troubleshooting at linuxhomenetworking.com

O’Reilly’s excellent online Samba book

Official Samba HOWTO collection

Short and Sweet

sudo apt-get install virtualbox-ose
gpasswd -a yourusername vboxusers
# Log out and back in at this point
sudo /etc/init.d/vboxdrv restart
# See below for instructions on tweaking an Ubuntu Guest OS

My terrible experience getting Rails installed on Ubuntu prompted me to toy around with virtualization. Virtualization allows me to test installation and setup procedures off of a fresh install of Ubuntu. I like this idea because it means I can make my setups repeatable. I’ve had too many installation projects (especially with Gentoo) where I get it working, but have no idea how I got there. But the best part of virtualization is if I screw up the virtual machine, I can load up an earlier snapshot and retry. This is much better than nuking my entire laptop.

My hard time installing Rails made me want to install VirtualBox. As luck would have it, this install was not straight forward either. A plain sudo apt-get install virtualbox-ose did not successfully install VirtualBox for me on my Ubuntu install. Here are the extra steps I had to take to get it working.

Install VirtualBox

This page on the Ubuntu wiki makes out the VirtualBox install to be a simple apt-get and then adding yourself to the vboxusers group. Easy enough.

sudo apt-get install virtualbox-ose

This install went ok for a while but then I saw this scroll by in the console

chown: `:vboxusers': invalid group
* Cannot change owner vboxusers for device /dev/vboxdrv.

Well that’s not cool. What was even more perplexing was that post-install I checked my system and the vboxusers group did exist. I’m not sure if this is a quirk with my system or an actual bug. I went ahead and added myself to the vboxusers group anyway.

gpasswd -a yourusername vboxusers

I logged out and back in, then gave running VirtualBox a try. I started creating a virtual machine, which went well for a while until it gave me an error about the vboxdrv kernel module. After some snooping I came across this Ubuntu bug report which didn’t apply to me but did give me the idea of restarting the module.

sudo /etc/init.d/vboxdrv restart

I tried creating a virtual machine again and VIOLA! Everything worked!

After installing Ubuntu on a virtual machine it’s a good idea to install VirtualBox Guest Additions as well. The below instructions, unless specified otherwise, deal with an Ubuntu Guest OS / virtual machine. Don’t run these commands in your Host OS.

Install VirtualBox Guest Additions

The Guest Additions package installs some add-ons into the Guest OS. The most noticeable of these is Mouse Integration which allows the mouse to function without the need to ‘lock’ it into the VM. I also believe that the Guest Additions install special display drivers. This is important if you want your VirtualBox to run in higher resolutions. I pulled these instructions from the official VirtualBox documentation. It’s a PDF. I don’t know why. They also want you to run the script with sh but why bother?

In the Guest window, that is, the window that is displaying your Guest OS, do Devices -> Install Guest Additions. VirtualBox will prompt you to download the .iso if you haven’t already. After the download finishes you will be prompted to mount the ISO in your VM. Say yes. Run this on the command line of the Guest OS.

sudo /media/cdrom0/VBoxLinuxAdditions.run

The VirtualBox documentation says you can choose which drivers you want to install. If you’re interested in this take a look at sudo /media/cdrom0/VBoxLinuxAdditions.run help

I shut down the Guest OS and took a snapshot at this point. I planned on fiddling with Xorg configurations next and it is much easier to load up a VM snapshot than it is to restore a backup xorg.conf.

Change the VirtualBox Resolution

After my Ubuntu install, Xorg was configured to only support 800×600. This was way too small for me. My main machine is a widescreen laptop running at 1680×1050. I want two options.

• 1024×768 for running VirtualBox windowed
• 1680×1050 for running VirtualBox fullscreen

The VirtualBox documentation has the following to say about running higher resolutions in your VM (page 50 if you’re curious)

VirtualBox can use any default X graphics mode which fits into the virtual video memory allocated to the virtual machine, as described in chapter 3.7.1, General settings, page 37. You can also add your own modes to the X server configuration file. You simply need to add them to the “Modes” list in the “Display” subsection of the “Screen” section.

In your Guest OS, edit your xorg.conf file by running sudo gedit /etc/X11/xorg.conf. Here is what I ended up with.

Section "Screen"
  Identifier    "Default Screen"
  Device        "Generic Video Card"
  Monitor       "Generic Monitor"
  DefaultDepth  24
  SubSection    "Display"
    Modes         "1680x1050" "1024x768" "800x600"
  EndSubSection
EndSection

I rebooted to make sure things worked. I then shut down the Guest OS and took another snapshot.

I am not an Xorg expert. I found if I listed 1680×1050 first Ubuntu’s login screen would be 1680×1050. After logging into my user account I was able to do System -> Preferences -> Screen Resolution and change to 1024×768 without problems. If instead I listed 1024×768 first Ubuntu’s login screen would be 1024×768. After logging in if I attempted to change the Screen Resolution to 1680×1050 (I believe) the horizontal sync would be set incorrectly. By this I mean I couldn’t see jack. I tried figuring out a way to have the default be 1024×768 with the option of switching to 1680×1050, but after an hour of tweaking I gave up. If you are more familiar with Xorg and know what I’m doing wrong, please leave a comment.

Notes

• The Ubuntu install DVD decided that the VM’s max resolution should be 800×600. This, hilariously, is too small to click on the Forward and Ok buttons in the install wizard. I had to figure out that Alt-F went forward in the dialogs. The final dialog needed an Enter to start the install.
• As of this writing, the version of VirtualBox that is installed by virtualbox-ose is 1.5.0.

  $ dpkg-query --show virtualbox-ose
  virtualbox-ose  1.5.0-dfsg2-1ubuntu3

  It looks like the Ubuntu guys are currently working on getting a VirtualBox 1.5.4 package up. I suppose if you really wanted to, you could install VirtualBox 1.5.4 from source. I found this guide to install from source, but didn’t bother with it.

• I still need to figure out how VirtualBox network bridging works. My VM does have net access because it is able to download packages from online repositories with apt-get. At the same time I couldn’t do something simple like ping my web server. Apparently this is expected. Page 58 of the VirtualBox documentation says: Please note that the ping utility does not work over NAT. There is another option, host interface networking, that might give me more control over the VM’s networking.

” set options
set    background=dark
set    nocompatible
set    hlsearch
set    incsearch
set    ignorecase
set    ruler
set    showcmd
set    showmatch
set    showmode
set    tabstop=2
set    shiftwidth=2
set    expandtab
set    wmh=0
set   cindent

colorscheme torte

” set mappings

” control n kills search hilighting
nmap <silent> <C-N> :silent noh<CR>

” control j and control k switch panes and maximize
nmap <C-J> <C-W>j<C-W>_
nmap <C-K> <C-W>k<C-W>_

” moving over wrapped lines moves to next visual not physical line
imap <silent> <Down> <C-o>gj
imap <silent> <Up> <C-o>gk
nmap <silent> <Down> gj
nmap <silent> <Up> gk
nmap <silent> j gj
nmap <silent> k gk

” block commenting mappings , and comment characteer will add lhs comment
” character ,c will clear
map ,# :s/^/#/<CR>
map ,/ :s/^/\/\//<CR>
map ,> :s/^/> /<CR>
map ,” :s/^/\”/<CR>
map ,% :s/^/%/<CR>
map ,! :s/^/!/<CR>
map ,; :s/^/;/<CR>
map ,- :s/^/–/<CR>
map ,c :s/^\/\/\\|^–\\|^> \\|^[#”%!;]//<CR>

tl;dr version

sudo apt-get install ruby rdoc irb libyaml-ruby libzlib-ruby ri libopenssl-ruby
wget http://rubyforge.org/frs/download.php/29548/rubygems-1.0.1.tgz
tar xzvf rubygems-1.0.1.tgz
cd rubygems-1.0.1
sudo ruby setup.rb
sudo ln -s /usr/bin/gem1.8 /usr/bin/gem
sudo gem update --system
sudo gem install rails
sudo apt-get install build-essential ruby1.8-dev
sudo gem install mongrel
sudo apt-get install mysql-client mysql-admin mysql-query-browser libmysqlclient15-dev
sudo gem install mysql
sudo apt-get install sqlite3 swig libsqlite3-ruby libsqlite3-dev
sudo gem install sqlite3-ruby
echo "export RUBYOPT=rubygems" >> ~/.profile
rails path/to/your/app

Coming from Gentoo, I thought installing anything on Ubuntu would be a breeze. Especially something with so much Internet-hype as Ruby on Rails. Unfortunately, the process isn’t completely intuitive. After breaking my teeth on my first few Ubuntu installs (sudo apt-get install vlc…wow that worked?), I was expecting something along the following to work for Rails:

sudo apt-get install ruby rubyonrails

At which point Ubuntu’s magical installer gnomes would pop a working installation of Rails onto my laptop.

This, to my dismay, was not the case. From what I can gather, this is because you want to use RubyGems to manage your Ruby…gems. Ubuntu, on the other hand, really wants to use Aptitude to manage your Ruby gems. It wants to do this so much, in fact, that if you install RubyGems using Aptitude pretty much nothing will work. You can work around this by installing RubyGems to your home directory. I tried out that method, but found sudo gems update –system calls would try to update to /usr/lib.

For those playing at home, /usr/lib is not your home directory.

I would expect the open source super-nerds to figure this out. Leaving me, being a dumb end-user, only to do a single apt-get command, make a cup of tea, and then while still waiting for the water to boil Rails would finish installing. I would come back to an impatient laptop who is wondering why I thought the whole process would take so long.

The open-source nerds have instead decided — as far as I can tell by this nerd fight from October of this year — to just bitch about who is putting what in the wrong place. This leaves us longing for a Rails install; and that cup of tea now that we mentioned it. Hold on one minute…

Mmmm. Chai tea. Ok. We’re going to install Ruby using apt-get. Then we will install RubyGems from source, forgoing Aptitude altogether. Read the rest of this entry »