Installing Dropbox in Gentoo Linux following the recent restrictions introduced for Dropbox for Linux

In a 2013 post I explained how I installed Dropbox in Gentoo Linux running KDE 4. The Dropbox company has recently imposed some restrictions in the Linux client, so this is to explain what I did to get Dropbox working again in my two Gentoo Linux installations, both using the ext4 filesystem (unencrypted) and, these days, KDE Plasma 5.

Both my laptops running Gentoo Linux had a version of Dropbox installed via the Portage package manager: dropbox-45.3.88 in the case of the laptop running Gentoo amd64, and dropbox-48.3.56 in the case of the laptop running Gentoo ~amd64. Recently a Dropbox window popped up, warning me to upgrade Dropbox to the latest version within seven days otherwise the client would no longer be able to sync with the remote Dropbox server. I also received an e-mail from the Dropbox company titled ‘[Action required] We’re updating Linux system requirements‘ informing me that the only supported Linux distributions from now on would be Ubuntu 14.04 or higher and Fedora 21 or higher, and furthermore that the client will only work on an unencrypted ext4 filesystem. As both my Gentoo installations use unencrypted ext4, I was OK on that score, but I still had the problem that an up-to-date Dropbox ebuild is not available for Gentoo and the old Dropbox versions I was using no longer sync. However, I managed to install the latest version of Dropbox (currently 55.4.171) in Gentoo, and it works fine. The Dropbox client’s icon is on the KDE Plasma 5 Panel, and the local Dropbox directory is being sync’ed correctly. Below I explain what I did.

1. I selected ‘Quit Dropbox’ from the old Dropbox client’s menu, and the Dropbox icon disappeared from the Panel.

2. I removed the Dropbox daemon from the list of script files to be started at login (‘System Settings’ > ‘Startup and Shutdown’ > ‘Autostart’).

3. I unmerged (uninstalled) the dropbox package:

clevow230ss /home/fitzcarraldo # emerge --ask --depclean dropbox

4. I deleted the directories ~/.dropbox and ~/.dropbox-dist but kept the directory ~/Dropbox and its contents.

fitzcarraldo@clevow230ss ~ $ rm -rf ~/.dropbox ~/.dropbox-dist

5. I followed the instructions under ‘Dropbox Headless install via command line‘ on the Dropbox Website to re-install the latest version of the daemon and client:

fitzcarraldo@clevow230ss ~ $ cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64" | tar xzf -

6. I configured KDE Plasma 5 to start ~/.dropbox-dist/dropboxd at login (‘System Settings’ > ‘Startup and Shutdown’ > ‘Autostart’ > ‘Add Script…’).

7. I launched ~/.dropbox-dist/dropboxd manually from a Konsole window. The Dropbox client icon appeared on the Panel and I was prompted to login to my Dropbox account via a Web browser, as per the instructions on the Dropbox Website (see link in in Step 5):

If you’re running Dropbox on your server for the first time, you’ll be asked to copy and paste a link in a working browser to create a new account or add your server to an existing account. Once you do, your Dropbox folder will be created in your home directory.

8. I logged in to my Dropbox account via the Firefox browser. As soon as I had logged in via the browser, a message appeared in the browser window informing me that “Your computer was successfully linked to your account”, and the Dropbox client icon appeared on the Panel and showed that the contents of ~/Dropbox were being synchronised.

Everything seems to be working as before. The Dropbox icon on the Panel has the same menu items it had previously. ‘Preferences…’ shows the Dropbox version as v55.4.171. I have not ticked ‘Start Dropbox on system startup’ under Dropbox Preferences because I configured automatic startup using KDE Plasma 5 ‘System Settings’ as described in Step 6 above, and the Dropbox daemon is indeed started automatically when I login.

The Dropbox Website’s instructions (see link in Step 5) also include the following:

Download this Python script to control Dropbox from the command line. For easy access, put a symlink to the script anywhere in your PATH.

I did download that Python script and made it executable:

fitzcarraldo@clevow230ss ~/Dropbox $ chmod +x dropbox.py

However the Python 3.6 interpreter in my Gentoo Linux installations report a syntax error in the script when I run it, I assume because it was written for a different version of Python:

fitzcarraldo@clevow230ss ~/Dropbox $ ./dropbox.py 
  File "./dropbox.py", line 233
    except OSError, e:
                  ^
SyntaxError: invalid syntax

Anyway, as the Dropbox client icon is on the KDE Plasma 5 Panel and I can control Dropbox from there, I see no need for the Python script.

9. My Gentoo installations have a Bash script ~/dbox.sh that I had created to be launched by a Desktop Configuration file ~/Desktop/Dropbox.desktop with a nice icon which I double-click on if I want to relaunch the Dropbox daemon (if I previously quit Dropbox from the client’s menu, for example). I had to modify ~/dbox.sh by replacing the command ‘dbus-launch dropbox start > /dev/null‘ with the command ‘/home/fitzcarraldo/.dropbox-dist/dropboxd‘ as shown below.

dbox.sh

#!/bin/bash
sleep 20s
ps auxww | awk '$0~/dropbox/&&$0!~/awk/{print $2}' | xargs kill
/home/fitzcarraldo/.dropbox-dist/dropboxd

Dropbox.desktop

[Desktop Entry]
Comment[en_GB]=(re)launch Dropbox daemon
Comment=(re)launch Dropbox daemon
Exec=/home/fitzcarraldo/dbox.sh
GenericName[en_GB]=Dropbox
GenericName=Dropbox
Icon=kipi-dropbox
MimeType=
Name[en_GB]=Dropbox
Name=Dropbox
Path=
StartupNotify=true
Terminal=false
TerminalOptions=
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none
X-KDE-SubstituteUID=false
X-KDE-Username=fitzcarraldo

10. At the moment Dropbox is working fine again in my Gentoo installations. However, I noticed that Gentoo Linux user zsitvaij posted the following comment in a Gentoo Forums thread:

On every dropbox update, I have to remove ~/.dropbox-dist/dropbox-lnx.<version>/libdrm.so.2 to avoid having it crash on launch, works fine after until they update again.

I do not know if that will be necessary in my case, as I have not yet had to upgrade Dropbox from the Version 55.4.171 that I recently installed. When a new version of Dropbox becomes available I will update this post to confirm whether or not I had to do anything to keep Dropbox working.

Addendum (1 October 2018): With reference to my addendum of 2 September 2018, if you are using OpenRC it is possible to automate the deletion of the file ~/.dropbox-dist/dropbox-lnx.x86_64-<version>/libdrm.so.2 by creating a Bash script /etc/local.d/40dropbox.start containing the following:

#!/bin/bash
if [ -e /home/fitzcarraldo/.dropbox-dist/dropbox-lnx.x86_64-*/libdrm.so.2 ]
then
    rm /home/fitzcarraldo/.dropbox-dist/dropbox-lnx.x86_64-*/libdrm.so.2
fi

Replace my username with your username, obviously. Of course the conditional test could be dispensed with and the script could just contain the shebang line and the rm line, which would still work even if the file does not exist, but it feels a bit tidier to only attempt to delete the file if it actually exists.

Addendum (2 September 2018):I have just installed Dropbox Version 56.4.94 in my Gentoo ~amd64 installation and I had to use the command shown below once in order to stop the daemon segfaulting when I entered the command ~/.dropbox-dist/dropboxd in a Konsole window:

fitzcarraldo@clevow230ss ~/Dropbox $ rm ~/.dropbox-dist/dropbox-lnx.x86_64-56.4.94/libdrm.so.2

Addendum (31 August 2018): The Python script dropbox.py that can be downloaded from the Dropbox Web site (see Step 8 above) is old, as can be seen in the comments in the header of the script:

# Dropbox frontend script
# This file is part of nautilus-dropbox 2015.10.28.

It is written in Python 2. Although I do not need to use it, I managed to get it to run in my Gentoo installations by replacing the shebang line ‘#!/usr/bin/python‘ with ‘#!/usr/bin/env python2‘. This works in my Gentoo installations because they have both Python 2.7 and Python 3.6 installed. When I now run dropbox.py I see the following:

fitzcarraldo@clevow230ss ~/Dropbox $ ./dropbox.py 
Dropbox command-line interface

commands:

Note: use dropbox help  to view usage for a specific command.

 status       get current status of the dropboxd
 throttle     set bandwidth limits for Dropbox
 help         provide help
 stop         stop dropboxd
 running      return whether dropbox is running
 start        start dropboxd
 filestatus   get current sync status of one or more files
 ls           list directory contents with current sync status
 autostart    automatically start dropbox at login
 exclude      ignores/excludes a directory from syncing
 lansync      enables or disables LAN sync
 sharelink    get a shared link for a file in your dropbox
 proxy        set proxy settings for Dropbox

fitzcarraldo@clevow230ss ~/Dropbox $ ./dropbox.py status
Up to date
fitzcarraldo@clevow230ss ~/Dropbox $ ./dropbox.py running
fitzcarraldo@clevow230ss ~/Dropbox $ ./dropbox.py filestatus ~/Dropbox/Getting\ Started.pdf 
/home/fitzcarraldo/Dropbox/Getting Started.pdf: up to date
fitzcarraldo@clevow230ss ~/Dropbox $

Notice that the command ./dropbox.py running does not return anything even though the daemon is definitely running, so I do not trust the script anyway.

Advertisements

How to move a mouse pointer automatically in Linux to simulate user activity

My various Linux installations all have Suspend to RAM enabled with a specified timeout. Sometimes I want to override the timeout; for example if I have left something running in a terminal window or I have left the package manager in a virtual machine upgrading the guest installation. I could of course launch the system’s power manager GUI and temporarily disable Suspend to RAM or increase the timeout, but I prefer to use a shell script, launched by double-clicking on a Desktop icon, to move the mouse pointer automatically to fool the OS into believing someone is using the machine. There are various ways of doing this, but the method I prefer is given below.

1. Create a Bash script ‘/home/fitzcarraldo/keep_mouse_moving.sh‘ containing the following:

#!/bin/bash
#
# Script to keep mouse pointer moving so that, for example, Suspend to RAM timeout does not occur.
# 
# The mouse pointer will move around its current position on the screen, i.e. around any position
# on the screen where you place the pointer. However, if you prefer it to move around the centre
# of the screen then change mousemove_relative to mousemove in the xdotool command below.
#
# Set LENGTH to 0 if you do not want the mouse pointer to actually move.
# Set LENGTH to 1 if you want the mouse pointer to move just a tiny fraction.
# Set LENGTH to e.g. 100 if you want to see more easily the mouse pointer move.
LENGTH=1
#
# Set DELAY to the desired number of seconds between each move of the mouse pointer.
DELAY=5
#
while true
do
    for ANGLE in 0 90 180 270
    do
	xdotool mousemove_relative --polar $ANGLE $LENGTH
        sleep $DELAY
    done
done

Do not forget to make the script executable.

As you can see in the above script, it is possible to control how much, if at all, the mouse pointer actually moves on the screen. While the script is running you are not precluded from moving the mouse manually as well.

2. Create a Desktop Configuration File ‘/home/fitzcarraldo/Desktop/keep_mouse_moving.desktop‘ containing the following:

[Desktop Entry]
Comment[en_GB]=Keep mouse moving automatically
Comment=Keep mouse moving automatically
Exec=xterm -iconic -e "bash -c /home/fitzcarraldo/keep_mouse_moving.sh"
GenericName[en_GB]=Keep mouse moving automatically
GenericName=Keep mouse moving automatically
Icon=input-mouse
MimeType=
Name[en_GB]=keep_mouse_moving
Name=keep_mouse_moving
Path=/home/fitzcarraldo
StartupNotify=true
Terminal=false
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none
X-LXDE-SubstituteUID=false
X-LXDE-Username=fitzcarraldo

(In installations that use KDE or GNOME I replace the ‘LXDE‘ above with ‘KDE‘ or ‘GNOME‘, as appropriate.)

3. Use the distribution’s package manager to install xterm and xdotool if they are not already installed.

4. Whenever I want to fool the OS into thinking a user is moving the mouse, I double-click on the mouse icon on the Desktop and the Bash script is launched in a minimised xterm window, which I can see on the Panel. I can then leave the installation knowing that it will not suspend to RAM and that the screensaver will not kick in. When I want to stop the mouse pointer moving automatically, I simply click on the xterm bar on the Panel to open the xterm window, and click on Close (×) on the window’s title bar to terminate xterm and the shell script.

Note that the X Windows Toolkit option -iconic may not work in some Desktop Environments (GNOME, for example), in which case you can minimise the xterm window manually if you want, or use another terminal emulator.

By the way, if you use GNOME and it is currently configured not to display icons on the Desktop, you can change this by using the following command:

user $ gsettings set org.gnome.desktop.background show-desktop-icons true

Of course you are not obliged to have the .desktop file on the Desktop; it could be in any directory.

Getting the lock screen to work reliably when resuming from suspension in a single-seat, multi-user Lubuntu 18.04 installation

In an earlier post I described my attempt at getting the lock screen to work reliably in the single-seat, multi-user Lubuntu 17.10 installation on my family’s desktop PC. Although the modifications described in that post seemed to improve matters somewhat, users were still not always able to login from the LightDM greeter screen after resuming from Suspend to RAM in the following situation:

  1. User_A logs in to User_A’s account but does not log out after using the account.
  2. User_B clicks on ‘Logout’ > ‘Switch User’ to log in to User_B’s account but does not log out.
  3. User_A clicks on ‘Logout’ > ‘Switch User’ to get back to User_A’s account.
  4. User_A allows his/her session to timeout and suspend to RAM.
  5. User_B presses a key on the keyboard to resume from suspension, and the LightDM lock screen is displayed.
  6. User_B enters his/her password and then clicks on ‘Unlock’, but the LightDM lock screen remains on display and nobody can log in any more, although the keys on the lock screen are still clickable.

When this occurs, the only way users can access their Desktop is to click on the Power icon in the top right corner of the lock screen and select ‘Restart…’.

The Software Updater in Lubuntu 17.10 recently offered me the choice of upgrading to Lubuntu 18.04, which I accepted. The upgrade was performed and the only hitch that resulted was an incorrect initramfs, which was simple enough to fix (see my post Lubuntu 18.04 ‘Gave up waiting for suspend/resume device’). However, the above-mentioned problem of unlocking after resuming from suspension still occurred in Lubuntu 18.04. Below are the changes I made since the modifications described in my post Getting the lock screen to work properly when resuming from Suspend-to-RAM with multiple sessions in Lubuntu 17.10 (the other changes in that post remain), which seem to have cured the problem.

Change to Item 2 in my earlier post

I reverted the Exec line in /etc/xdg/autostart/light-locker.desktop back to how it was originally following installation of Lubuntu:

user $ grep Exec /etc/xdg/autostart/light-locker.desktop
Exec=light-locker

Change to Item 3 in my earlier post

I deleted the file /lib/systemd/system-sleep/hang-fix that I had previously created:

user $ sudo rm /lib/systemd/system-sleep/hang-fix

Change to Item 7 in my earlier post

The Xfce Power Manager ‘Security’ tab for each user now has ‘Lock screen when system is going for sleep’ ticked:

Light Locker

  • Automatically lock the session: Never
  • Delay locking after screensaver for: ‘1 Seconds’ is greyed out
  • ‘Lock screen when system is going for sleep’ is ticked

The full Xfce Power Manager settings for each user (see the file ~/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-power-manager.xml in each user’s home directory) are now configured as follows:

<?xml version="1.0" encoding="UTF-8"?>

<channel name="xfce4-power-manager" version="1.0">
  <property name="xfce4-power-manager" type="empty">
    <property name="power-button-action" type="empty"/>
    <property name="show-tray-icon" type="empty"/>
    <property name="brightness-switch-restore-on-exit" type="int" value="1"/>
    <property name="brightness-switch" type="int" value="0"/>
    <property name="presentation-mode" type="bool" value="false"/>
    <property name="inactivity-on-ac" type="uint" value="30"/>
    <property name="blank-on-ac" type="int" value="10"/>
    <property name="dpms-on-ac-sleep" type="uint" value="0"/>
    <property name="dpms-on-ac-off" type="uint" value="0"/>
    <property name="brightness-on-ac" type="uint" value="9"/>
    <property name="lock-screen-suspend-hibernate" type="bool" value="true"/>
    <property name="logind-handle-lid-switch" type="bool" value="false"/>
    <property name="dpms-enabled" type="bool" value="false"/>
    <property name="general-notification" type="bool" value="true"/>
  </property>
</channel>

Additional modifications

In another of my posts (Prevent Lubuntu 17.10 from leaving an external HDD mounted incorrectly for other users) I explained the modifications I made in Lubuntu 17.10 for a single-seat, multi-user installation to work properly with a permanently connected external USB HDD. However, I recently noticed the following problems resulting from those modifications:

A. The following error message in the LightDM log file /var/log/lightdm/lightdm.log:

[SeatDefaults] is now called [Seat:*], please update this configuration

So I changed the contents of the file /etc/lightdm/lightdm.conf.d/10_lubuntu.conf from:

[SeatDefaults]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh

to:

[Seat:*]
session-cleanup-script=/etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh

B. The following error message in the LightDM log file/var/log/lightdm/lightdm.log when the USB external HDD happened to not be mounted at the time:

DEBUG: Launching process 8569: /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh
DEBUG: Process 8569 terminated with signal 11

So I changed the contents of my Bash script /etc/lightdm/lightdm.conf.d/unmount_FREECOM_HDD.sh from:

#!/bin/bash
udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015

to:

#!/bin/bash
STATUS=`mount | grep $(readlink -f /dev/disk/by-uuid/C6576A087368B015 )`
if [[ ! -z $STATUS ]]; then
    udisksctl unmount --block-device /dev/disk/by-uuid/C6576A087368B015
fi
exit 0

Conclusions

It is early days, but so far the login problem for other users after resuming from suspension has not reoccurred since I made the latest changes. I am not sure if the modifications described in my post ‘Prevent Lubuntu 17.10 from leaving an external HDD mounted incorrectly for other users‘ contributed to (or caused) the login problem, or whether one or more of systemd-logind, LightDM, LightDM GTK+ Greeter, Light Locker and Xfce Power Manager are to blame (since they have to work holistically to provide the required functionality). It is frustrating not knowing the root cause of the problem, but at least my family no longer has to worry about being able to log in if a family member has not logged out and left the PC to suspend.

Installing the Onboard on-screen keyboard in Gentoo Linux

Onboard on-screen keyboard with the Compact British English layout, Droid theme and international character selection enabled for the long-press action

Onboard on-screen keyboard configured with the British English layout, Droid theme and international character selection enabled for the long-press action



The most sophisticated and polished virtual keyboard I have seen so far in Linux is Onboard, the on-screen keyboard previously provided in Ubuntu prior to the switch to GNOME 3. The current version of Onboard is 1.4.1 and it can be installed and used in other Linux distributions and desktop environments. Thanks to Gentoo Linux user wjn an ebuild is available in the wjn-overlay overlay and can be installed from there via Portage. However, I prefer to use a local overlay so I copied the ebuild to my local overlay and installed it from there instead. Here is what I did to install app-accessibility/onboard in the Gentoo Stable installation running KDE Plasma 5 on my Clevo W230SS laptop:

1. I first made sure the preferred Python interpreter was selected (I should have done that when the Gentoo Linux developers recently replaced Python 3.5 with Python 3.6 in the default Python targets for Gentoo installations):

root # grep PYTHON /etc/portage/make.conf
PYTHON_TARGETS="python2_7 python3_6"
PYTHON_SINGLE_TARGET="python3_6"
root # eselect python list
Available Python interpreters, in order of preference:
  [1]   python2.7
  [2]   python3.5 (uninstalled)
  [3]   python3.4
  [4]   python3.6 (fallback)
root # eselect python set 4
root # eselect python list 
Available Python interpreters, in order of preference:
  [1]   python3.6
  [2]   python2.7
  [3]   python3.5 (uninstalled)
  [4]   python3.4

2. Then I copied the ebuild to my local overlay:

root # mkdir -p /usr/local/portage/app-accessibility/onboard/files
root # cd /usr/local/portage/app-accessibility/onboard/files/
root # wget https://bitbucket.org/wjn/wjn-overlay/raw/5d7fe162af7c0cde9b401a9a30fb3ab8b2b65e3d/app-accessibility/onboard/files/# onboard-1.4.1-remove-duplicated-docs.patch
root # cd ..
root # wget wget https://bitbucket.org/wjn/wjn-overlay/raw/5d7fe162af7c0cde9b401a9a30fb3ab8b2b65e3d/app-accessibility/onboard/onboard-1.4.1.ebuild
root # ebuild onboard-1.4.1.ebuild manifest

3. As I am using using Gentoo Stable I unmasked the ebuild by keyword:

root # nano /etc/portage/package.accept_keywords/onboard
root # cat /etc/portage/package.accept_keywords/onboard
=app-accessibility/onboard-1.4.1 **

4. Then I installed the package:

root # emerge onboard
root # eix onboard
[I] app-accessibility/onboard [1]
     Available versions:  (~)1.4.1^m {PYTHON_TARGETS="python3_5 python3_6"}
     Installed versions:  1.4.1^m(15:28:57 25/06/18)(PYTHON_TARGETS="python3_6 -python3_4 -python3_5")
     Homepage:            https://launchpad.net/onboard
     Description:         Onscreen keyboard for everybody who can't use a hardware keyboard

[1] "local_overlay" /usr/local/portage

Icons for Onboard and Onboard Settings were added to the KDE Application Launcher’s menu (Applications > Utilities) and they can be launched from there or by entering the command ‘onboard‘ in a Konsole window under the user’s account.

5. The only thing that did not work ‘out of the box’ in KDE Plasma 5.12.5 in Gentoo was selecting ‘Help’ from the pop-up menu displayed by clicking on the Onboard icon on the Plasma 5 Panel:

FileNotFoundError: [Errno 2] No such file or directory: ‘/usr/bin/yelp’: ‘/usr/bin/yelp’

This was simply because the package gnome-extra/yelp had not been installed in my KDE installation. Now, I could have just installed it separately:

root # emerge yelp

but I chose intead to edit the onboard ebuild to add yelp to the list of runtime dependencies:

RDEPEND="${COMMON_DEPEND}
        app-accessibility/at-spi2-core
        app-text/iso-codes
        gnome-extra/mousetweaks
        gnome-extra/yelp
        x11-libs/libxkbfile"

and I then re-installed the package, which then automatically installed yelp and its dependencies:

root # ebuild onboard-1.4.1.ebuild manifest
root # emerge onboard

Onboard is a nice utility, and I hope its developers continue to maintain and develop it even though Ubuntu now uses the GNOME 3 on-screen keyboard instead, as it can be used in other desktop environments and in other Linux distributions.

Getting the lock screen to work properly when resuming from Suspend-to-RAM with multiple sessions in Lubuntu 17.10

Introduction

What is it with Linux and lock screens?! There are umpteen posts on the Web by Linux users having trouble with lock screens, particularly the LightDM session locker Light Locker. Well, here is my contribution.

Lubuntu 17.10 is installed on my family’s desktop PC (single seat, multiple users). Lubuntu 17.10 uses systemd-logind, LightDM, Light Locker and Xfce Power Manager, and they do not work properly holistically in my experience. To confuse matters further, Lubuntu 17.10 also has XScreenSaver installed, which also has lock-screen capabilities.

In Lubuntu 17.10 on my family’s desktop PC, Light Locker displays the LightDM GTK+ Greeter screen when anyone wakes/resumes the PC from suspension by pressing a key on the USB keyboard, and users should then be able to log in by selecting their username from the pull-down list on the LightDM GTK+ Greeter screen and entering their password. However, if only a single user session existed when the PC suspended automatically (i.e. by timeout), upon resuming from suspension a black screen with a white padlock icon and the following message in white/grey text from light-locker would appear:

This session is locked
You’ll be redirected to the unlock
dialog automatically in a few seconds

But then nothing else happened; the above-mentioned message remained on display. I could press Ctrl+Alt+F1, login on TTY1 and enter the command ‘loginctl unlock-sessions‘ to get back to the Desktop, but that is not something the rest of my family would know how to do or be comfortable doing. In any case, I have only given sudo rights to one other member of the family.

Another problem would occur if the PC was left to suspend automatically with more than one user still logged in (i.e. more than one session). Although Light Locker would display the LightDM GTK+ Greeter screen upon resuming from suspension, and users could select their username from the pull-down list and enter their password, the LightDM GTK+ Greeter screen would remain on display and it would no longer be possible to re-enter a password (although it was still possible to select users from the pull-down list of users, and to select ‘Suspend’, ‘Restart…’ and ‘Shutdown…’ from the pull-down power menu). However, if users suspended the PC manually by selecting ‘Logout’ > ‘Lock Screen’ from the Lubuntu Menu, upon waking/resuming it was possible to enter their password on the LightDM GTK+ Greeter screen to return to their Desktop.

In this article I explain what I did to try and rectify these problems.

By the way, note that hibernation is disabled by default in Lubuntu 17.10 and you may need to make further changes if you want to enable hibernation as well. For example, does the PC have a swap partition, and is it large enough to enable hibernation? Also see the article: How to Enable Hibernate in Ubuntu 17.10 for possible help.

Modifications

The package light-locker-settings was not installed in Lubuntu 17.10. Do not install it. If it happens to be installed do not use ‘Preferences’ > ‘Light Locker Settings’, as it makes the Exec entry in the user’s light-locker.desktop file just ‘Exec=‘ or ‘Exec=light-locker‘. In fact, having installed light-locker-settings manually to check what could be configured via its GUI, I uninstalled it in order to stop anyone using it. (Under ‘Screensaver’, the Light Locker Settings GUI displays the following message: ‘Your screensaver settings are managed by Xfce Power Manager.’ and there is a button ‘Open’ to click on to launch the Xfce Power Manager settings GUI.) Presumably this was why it was not included when Lubuntu 17.10 was first installed to the HDD.

1.  I removed any light-locker.desktop files of individual users, leaving only the system-wide file:

$ sudo rm /home/*/.config/autostart/light-locker.desktop
$ sudo updatedb
$ locate light-locker.desktop
/etc/xdg/autostart/light-locker.desktop

2.  I edited the system-wide light-locker.desktop file to contain the following command to execute Light Locker:

$ grep Exec /etc/xdg/autostart/light-locker.desktop
Exec=light-locker --lock-after-screensaver=0 --no-lock-on-suspend --no-lock-on-lid --no-idle-hint

3.  I created the Bash script file /lib/systemd/system-sleep/hang-fix for systemd to run when suspending and resuming from suspension, with the permissions shown:

#!/bin/sh
case "$1" in
    pre|suspend|hibernate)
        date | tr -d '\n' >> /home/fitzcarraldo/sleep.log
        echo " going to sleep." >> /home/fitzcarraldo/sleep.log
        chvt 1
        loginctl unlock-sessions
    ;;
    post|resume|thaw)
        date | tr -d '\n' >> /home/fitzcarraldo/sleep.log
        echo " waking from sleep." >> /home/fitzcarraldo/sleep.log
        loginctl lock-sessions
        chvt 7
    ;;
    *)
        exit $NA
    ;;
esac
exit 0

$ sudo chmod 755 /lib/systemd/system-sleep/hang-fix
$ ls -la /lib/systemd/system-sleep/hang-fix
-rwxr-xr-x 1 root root 581 Apr 14 08:09 /lib/systemd/system-sleep/hang-fix

The above script is a hack to get around the problem of Light Locker resuming and apparently not knowing which session to unlock. I used the loginctl commands in this script rather than the Xfce Power Manager suspend options and Light Locker options such as ‘--late-locking‘ and ‘--lock-on-suspend‘ because I found that the Light Locker options and the Xfce Power Manager options did not fix the problem.

4.  I created two files for Polkit (to cover all Polkit versions to date) with the permissions as shown below.

4.1  The file /etc/polkit-1/rules.d/85-suspend.rules with the following contents:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.suspend" ||
        action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
        action.id == "org.freedesktop.login1.hibernate" ||
        action.id == "org.freedesktop.login1.hibernate-multiple-sessions")
    {
        return polkit.Result.YES;
    }
});

If you do not have a swap partition large enough to enable hibernation, or you do not want to allow the PC to hibernate, use the following instead of the above:

polkit.addRule(function(action, subject) {
    if (action.id == "org.freedesktop.login1.suspend" ||
        action.id == "org.freedesktop.login1.suspend-multiple-sessions")
    {
        return polkit.Result.YES;
    }
});

$ sudo chmod 755 /etc/polkit-1/rules.d
$ sudo chmod 644 /etc/polkit-1/rules.d/85-suspend.rules
$ ls -la /etc/polkit-1/rules.d/85-suspend.rules
-rw-r--r-- 1 root root 359 Apr 19 22:14 /etc/polkit-1/rules.d/85-suspend.rules

4.2  The file /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla with the following contents:

[Allow suspending with lock screen]
Identity=unix-user:*
Action=org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions;org.freedesktop.login1.hibernate;org.freedesktop.login1.hibernate-multiple-sessions
ResultAny=yes
ResultInactive=yes
ResultActive=yes

If you do not have a swap partition large enough to enable hibernation, or you do not want to allow the PC to hibernate, use the following instead of the above:

[Allow suspending with lock screen]
Identity=unix-user:*
Action=org.freedesktop.login1.suspend;org.freedesktop.login1.suspend-multiple-sessions
ResultAny=yes
ResultInactive=yes
ResultActive=yes

$ sudo chmod 644 /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla
$ sudo ls -la /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla
-rw-r--r-- 1 root root 191 Apr 20 10:01 /var/lib/polkit-1/localauthority/50-local.d/50-enable-suspend-on-lockscreen.pkla

The above files are intended to get rid of the following error messages in a pop-up window and pop-up notification ballon, respectively, that prevent the OS from suspending automatically:

Authentication
Authentication is required for suspending
the system while other users are logged in.

Power Manager
GDBus.Error:org.freedesktop.DBus.Error.NoReply:
Method call timed out

By the way, the version of Polkit installed currently is 0.105:

$ pkaction --version
pkaction version 0.105

5.  I added all users to the users group (although I do not think this is essential):

$ sudo usermod -a -G users fitzcarraldo
$ sudo usermod -a -G users molly
$ sudo usermod -a -G users aquilino
$ sudo usermod -a -G users cholo
$ sudo usermod -a -G users paul

6.  I made sure the XScreenSaver settings for each user are as follows:

XScreenSaver (‘Preferences’ > ‘Screensaver’)

The ‘Display Modes’ tab has:

  • ‘Mode: Disable Screen Saver’

The ‘Advanced’ tab has everything unticked on it except for:

7.  I made sure the Xfce Power Manager settings for each user are as follows:

Xfce Power Manager (‘Preferences’ > ‘Power Manager’)

The ‘General’ tab has:
Buttons

  • When power button is pressed: Ask
  • When sleep button is pressed: Do nothing
  • When hibernate button is pressed: Do nothing

Appearance

  • Show notifications is ticked
  • Show system tray icon is ticked

The ‘System’ tab has:
System power saving

  • System sleep mode: Suspend
  • When inactive for 15 Minutes (You can make the number of minutes different for each user, if you want.)

The ‘Display’ tab has:
Display power management settings

  • ‘Handle display power management’ is ticked
  • Blank after: 5 Minutes
  • Put to sleep after: Never
  • Switch off after: Never

The ‘Security’ tab has:
Light Locker

  • Automatically lock the session: Never
  • Delay locking after screensaver for: ‘1 Seconds’ is greyed out
  • ‘Lock screen when system is going for sleep’ is not ticked

8.  I made sure the ‘Default Applications for LXSession’ settings for each user are as follows:

Select ‘Preferences’ > ‘Default Applications for LXSession’, click on ‘Autostart’ and untick ‘XScreenSaver’ if it is ticked. ‘Power Manager’ and ‘Screen Locker’ should already be ticked, so tick them if they are not. I left ‘PolicyKit Handler’ and ‘PolicyKit Authentication Agent’ unticked (Lubuntu 17.10 uses Polkit, the successor to PolicyKit).

9.  Although Lubuntu 17.10 does not use GNOME, I found that gsettings is installed. I did the following just in case, although I believe it is irrelevant in this particular case:

$ gsettings --version
2.54.1
$ gsettings set org.gnome.desktop.screensaver ubuntu-lock-on-suspend 'false'
$ gsettings get org.gnome.desktop.screensaver ubuntu-lock-on-suspend
false
$ gsettings set org.gnome.desktop.screensaver lock-enabled 'false'
$ gsettings get org.gnome.desktop.screensaver lock-enabled
false

Conclusion

After doing all the above, upon resuming from Suspend-to-RAM on most, but not all, occasions it is now possible to select any username on the LightDM GTK+ Greeter screen, enter that user’s password and successfully display the user’s Desktop. The LightDM GTK+ Greeter screen no longer hangs/freezes every time.

When more than one user is logged in (i.e. there is more than one session), the PC will suspend automatically if there is no user activity in a particular session during the configured timeout period for that session. Pressing a key on the USB keyboard will then wake the PC and display the LightDM GTK+ Greeter screen. The desired username can then be selected and the corresponding password entered. The following is an example of the sort of thing that can happen:

  • User fitzcarraldo (timeout configured as 30 minutes) logs in to his account at 09:00 and uses the PC until he locks his session manually (Ctrl+Alt+L) at 09:11.
  • User paul (timeout configured as 15 minutes) logs in to his account at 09:15 and uses the PC until he locks his session manually at 09:23.
  • User molly (timeout configured as 45 minutes) logs in to her account at 09:25 and uses the PC for several hours.
  • At 09:38, while user molly is using the PC, the PC automatically suspends to RAM (15 minutes after user paul stopped using his session). User molly has to wake the PC from suspension. Nothing is lost.
  • At 09:41, while user molly is using the PC, the PC automatically suspends to RAM (30 minutes after user fitzcarraldo stopped using his session). User molly has to wake the PC from suspension. Nothing is lost.

To avoid scenarios such as the above, if a user does not need the session any longer it is better to log out rather than leave the session in existence.

Gentoo Linux: A work-around to be able to Resume from Suspend to RAM when using the NVIDIA closed-source driver

My Clevo W230SS laptop has NVIDIA Optimus graphics hardware (NVIDIA GPU plus Intel IGP). I do not use Bumblebee, preferring to switch between the Intel video driver and the NVIDIA closed-source driver myself (see Switching between Intel and NVIDIA graphics processors on a laptop with NVIDIA Optimus hardware running Gentoo Linux). The laptop can suspend to RAM and resume perfectly when using the Intel video driver (but see Stopping my laptop spontaneously resuming immediately after Suspend to RAM, which is applicable whatever the GPU or IGP).

In order to be able to resume properly from Suspend-to-RAM when using the NVIDIA driver, the laptop needs to disable compositing before suspending, then re-enable compositing after resuming. For how I achieve that, see under Problem 2 in the third link above. If this is not done, the graphics on the Desktop are corrupted after resuming.

However, recently when using the NVIDIA driver and KDE Plasma 5 (I am currently using nvidia-drivers-387.22 and plasma-meta-5.11.5), when resuming from suspension the monitor would briefly display the LightDM wallpaper (I use different wallpapers for the display manager and the lock screen, so I know it was not the KDE lock screen) followed by a blank screen with a mouse pointer (which I could move normally). More recently, in between displaying the display manager’s wallpaper and the blank screen, the monitor would briefly display an earlier image of the Desktop just before the laptop suspended.

Now, I could simply leave the laptop configured to use the Intel driver. However, sometimes I need to use a CAD application and the performance is better when using the NVIDIA GPU.

There are umpteen posts on the Web about this problem, and the root cause seems to be the closed-source NVIDIA driver. I have seen the KDE lock screen mentioned in some posts as the culprit, so I disabled the lock screen (‘System Settings’ > ‘Desktop Behaviour’ > ‘Screen Locking’) but that did not solve the problem.

I put up with this for several weeks in the hope that the next release of the NVIDIA driver would fix the problem. If I suspended to RAM while the laptop was using the NVIDIA driver, I was able to resume and get to a working Desktop – albeit without the open windows and applications that had been running before suspending – by pressing Ctrl+Alt+F1 to get to TTY1, logging in as the root user and entering the command ‘/etc/init.d/xdm restart‘. However, the final straw was in a meeting a couple of weeks ago when I wanted to resume the laptop and show a worksheet to someone. The laptop monitor of course displayed a blank screen with a mouse pointer, and it took me a couple of minutes to restart the display manager, login to KDE Plasma 5 and open the spreadsheet again. So this week I decided to look into the problem to see if I could at least find a work-around that would enable the laptop to resume without needing to restart X Windows and login to Plasma 5 each time.

I created a Bash script in /etc/pm/sleep.d/ to unload the NVIDIA modules before suspending to RAM and to re-load them when resuming, but that did not solve the problem either.

I switched the rendering background from OpenGL 2.0 to OpenGL 3.1 (‘System Settings’ > ‘Display and Monitor’ > ‘Compositor’), but that did not work either. I switched the rendering backend to XRender, and that did enable the laptop to resume from suspend successfully with the NVIDIA driver, but I do not want to use that work-around. Firstly, with software rendering there is a performance hit, and, secondly, there was no KDE Desktop Cube when using XRender instead of OpenGL. I use the Desktop Cube when working, as I often have a lot of windows open on each virtual desktop (cube side), and I find it easier to use the cube than a flat UI.

Eventually I found that, after resuming, if I pressed Ctrl+Alt+F1 to get to a virtual console, logged into my user account, entered the command ‘DISPLAY=:0 /usr/bin/kwin_x11 --resume‘ and then pressed Ctrl+Alt+F7 to get back to TTY7, my Desktop would appear on TTY7. Even so, I noticed on TTY1 that the following error messages were displayed when I ran that command:

kwin_core: OpenGL 2 compositing setup failed
kwin_core: Failed to initialize compositing, compositing disabled

Anyway, the Plasma 5 Desktop was displayed on TTY7, and with the windows that were open when I suspended the laptop, so restarting KWin would at least be a viable work-around until NVIDIA fix their video driver.

I incoporated the command in my script /etc/pm/sleep.d/02-toggle-compositing like so:

#!/bin/sh
#
# Turn off compositing on hibernate or suspend
# Turn on compositing on thaw or resume

username=fitzcarraldo
userhome=/home/$username
export XAUTHORITY="$userhome/.Xauthority"
export DISPLAY=":0"

case "$1" in
     suspend|hibernate)
          su $username -c "qdbus org.kde.KWin /Compositor suspend" &
     ;;
     resume|thaw)
          su $username -c "qdbus org.kde.KWin /Compositor resume" &
          su $username -c "/usr/bin/kwin_x11 --replace" &
     ;;
     *)
          exit $NA
     ;;
esac

It is an ugly hack, but at least now the laptop can resume properly from Suspend-to-RAM while the NVIDIA driver is being used.

Perhaps Linus Torvalds was correct. I will try to avoid NVIDIA hardware when I replace my current laptop.

Bye bye Windows 10, and good riddance

Up until a couple of days ago my family’s PC, an Acer Aspire XC600 tower purchased in early 2014, had Microsoft Windows 10 Home (64-bit) installed. Because of a problem updating Windows 10 which finally rendered the PC unbootable and the OS unrecoverable, I installed Lubuntu 17.10 (64-bit). It is performing very well and my family are finding it easy to use. Although I had no intention of installing Linux on this machine before the problem updating Windows arose, I’m now glad to be rid of Windows on this machine, as Windows has been a pain to use and maintain.

The Windows update saga

When I bought the Aspire XC600 in February 2014 it came with Windows 8 pre-installed, and I immediately upgraded it to Windows 8.1. I say ‘immediately’, but it actually took me three days to get Windows Update to install it properly; the first attempts resulted in what looked like Windows 8.1 but turned out to be incomplete installations, and several times I had to roll back to a Restore Point and try to update again.

I upgraded the machine to Windows 10 Home when Microsoft offered it free-of-charge to current users of Windows 8.1 and Windows Update informed me the update was available to install. The early Windows 10 Home was buggy, but various updates by Microsoft eventually got it to a reasonably stable state by the time the so-called ‘Anniversary Update’ (Windows 10 Version 1607) was released in 2016. I again had to struggle for several days before I managed to update Windows 10 Home to Version 1607.

In April 2017 Microsoft released the ‘Creators Update’, and in October 2017 the ‘Fall Creators Update’. However, no matter what I did it was simply impossible to upgrade Window 10 Home Version 1607 on the Aspire XC600 to either of those 2017 updates. There are hundreds if not thousands of posts on the Web regarding problems installing these updates on various PC models from various manufacturers, with similar or even identical symptoms to those I was seeing. In my case the update process froze at 33%, 75% and 83%, despite Microsoft’s update utility informing me that the CPU, RAM size and HDD free space were valid for these updates. Furthermore, I only tried to update once Windows Update had informed me the updates were available to install. I should also point out that I regularly made sure the OS had all other updates installed.

I lost count of the number of times and hours spent trying to update to the Creators Update and the Fall Creators Update. Each time I had a go at updating, after two consecutive attempts Windows 10 Home would give up and, when I eventually cycled the mains power in order to exit the frozen state, would roll back to Version 1607. However, during my latest attempt a couple of days ago, Windows 10 Home would no longer complete booting, instead popping up a window informing me the machine needed to be rebooted to complete the installation process. Every time I clicked ‘OK’ in the window, the machine would reboot and the same window popped up again. So I dug out the Windows 10 Home Recovery Disk (actually a USB pendrive) I had carefully created as soon as I had upgraded the installation from Windows 8.1 to Windows 10 in November 2016. (That pendrive had previously been the Windows 8.1 Recovery Disk that I created as soon as I upgraded the installation to Windows 8.1 in February 2014.) But, no matter what I did, the Recovery Disk would only re-install Windows 8, even though the time-date stamp of the files on the pendrive corresponded to the date on which I created the Windows 10 Recovery Disk. And, strangely, there were three so-called Recovery Partitions on the HDD.

Several attempts to re-install using the Recovery Disk had the same outcome, so I decided to install a couple of Linux binary distributions in succession, both of which worked fine and definitely removed all traces of Windows from the HDD, including the three Recovery Partitions (I checked using GParted to make sure). Then I tried again to re-install Windows 10 Home from the Recovery Disk, but it still created three Recovery Partitions and still installed Windows 8.

Clearly it was not going to be possible to re-install Windows 10 Home using the Recovery Disk, so I instead used Windows Update in Windows 8 to update the installation to Windows 8.1, a process that took several hours and reboots. Once Windows 8.1 was installed, I tried to upgrade to Window 10, first using Windows Update and, when that told me there were no updates, by using the Recovery Disk. Neither approach was successful, so I was stuck with a working, fully-updated Windows 8.1. The trouble was, Windows 8.1 is no longer supported by Microsoft (‘Mainstream Support End Date’ is 9 January 2018). Not to mention that Windows 8.1 is even worse than Windows 10.

The move to Linux

At this point I’d had more than enough of Microsoft Windows. Therefore I used my laptop to download the ISO for Lubuntu 17.10 and create a LivePendrive, and I installed Lubuntu on the Aspire XC600. Although I use a source-based Linux distribution on two laptops, for ease and speed of installation and maintenance I opted to install a binary-based distribution on the family PC. I chose Lubuntu specifically because it uses the LXDE desktop environment, which is closer in look and feel to classic Windows than e.g. the Unity or GNOME desktop environments in Ubuntu, and is not as ‘CPU-hungry’ as KDE. I found that Lubuntu worked extremely well out-of-the-box, including scanning and printing using my Canon MP510 MFP. I used the GUI Software utility (‘System Tools’ > ‘Software’ from the LXDE application menu) to uninstall AbiWord and Gnumeric and install the LibreOffice suite. I added user accounts for the members of my family (‘System Tools’ > ‘Users and Groups’). Since the machines on my home network use SMB to share files, I installed samba and sambaclient and edited the smb.conf file via the command line, and browsing SMB shares worked first time. We have a decent family PC again.

There was not much more for me to do to make the installation behave exactly how I wanted it to:

  • I configured the installation so that each user’s avatar appears on the login screen (LightDM GTK Greeter).
  • I have an external USB HDD permanently connected to the PC so that users’ files can be backed up. I configured the installation to unmount automatically this external USB HDD when any user logs out. The USB HDD is automatically mounted anyway when another user logs in, and, by unmounting it automatically at logout, the next user can access the USB HDD properly via the GUI File Manager (the USB drive is mounted as /media/<username>/FREECOM HDD).
  • I installed Language Support so that I can switch to some other languages I use, and I configured LXDE so I can click on an icon on the panel (or use a keyboard shortcut) to switch between the associated keyboard layouts.
  • I installed the anti-virus utility ClamAV, the ClamAV daemon and the ClamTk GUI front-end, and configured the installation to scan automatically any files downloaded to each user’s ~/Downloads directory, and to quarantine infected files and notify the user via a pop-up window and log file.
  • I configured the installation to create a network route when I log in, so that I can access in a Web browser the GoAccess dashboard for database reports produced by my network server.
  • I configured the installation to backup the files in each user’s ~/home directory to an external USB HDD at shutdown (impossible in Windows 10 Home — see my comments further on).
  • I installed Skype Preview for Linux, which worked out-of-the-box with a GUCEE HD92 HD 720p USB Webcam with built-in microphone.

I intend to explain in future posts how I implemented each of the above.

Backing up users’ files at shutdown

Windows XP and Vista on my family’s previous PCs were able to run a batch file (BACKUP.BAT) automatically at shutdown to backup the users’ files to an external USB HDD (and, crucially, to wait until the batch job was completed before powering down the PC). To achieve this I used the utility Xecutor by Xpertdesign Software, which enabled users to use the normal Windows method of shutting down yet allowed the batch file to run to completion. However, such utilities do not work in Windows 8 and onwards. A kludge that is often suggested is to add an extra button on the Desktop or Taskbar to run the backup commands then shutdown the machine afterwards, but I did not want to do that because there is no guarantee my family would click on it rather than shutting down Windows the normal way.

Another method of configuring Windows to run a batch file at shutdown is to use the GPE (Group Policy Editor) a.k.a. GPOE (Group Policy Object Editor) to configure the Registry. However, Windows 10 Home does not include the GPE, so I was unable to use the GPE to configure Windows 10 Home to run a batch file to backup users’ files to an external USB HDD at shutdown. (Actually, as Windows 8/8.1/10 makes it almost impossible to interrupt the shutdown process once the user has initiated shutdown, I wonder if a backup batch file would actually run to completion if the GPE were used in an edition of Windows that provides it, such as Windows 10 Enterprise.) It is possible to configure the Task Scheduler in Windows 10 Home to run a batch file at shutdown, but it is impossible to pause the shutdown process to allow the backup batch file to run to completion. Believe me, I tried everything, and it is impossible to backup automatically all users’ files for multiple user accounts at shutdown with Windows 10 Home (even though it was possible in Windows XP). So I had to resort to a kludge recommended by Microsoft, which is to configure the Task Scheduler to run the batch file at startup instead of shutdown. Clearly this is less safe than backing up before shutting down the PC.

Actually, it is possible to install/enable the GPE in Windows 10 Home — there are many Web sites explaining how to do this — but Microsoft has restricted many GPOs (Group Policy Objects) in Windows 10 Home, and therefore adding a GPO using the GPE or by editing the Registry directly in Windows 10 Home will have no effect. Even if you enable the GPE in Windows 10 Home, the policies will not work until you buy a licence for the Windows 10 Pro or Enterprise editions. In summary, in Windows 10 Home it is a waste of time either installing/enabling the GPE or editing the Registry directly.

However, now that Lubuntu 17.10 is installed I was able to configure it to run a Bash script automatically to backup all the users’ files before the machine actually actually shuts down or reboots. In a future post I’ll explain how I achieved that.

Summary

In my opinion Microsoft jumped the shark a long time ago. I had plenty of trouble with Windows Vista (to the extent I had to ditch it in the end), but Windows 7 was not bad (although on a couple of occasions I had a big scare with ‘Windows Backup and Restore’ that necessitated restoring the MBR via the command line). Windows 8 and 8.1 were awful, and Windows 10 is not much better in my opinion. Furthermore, I think it is very bad form for Microsoft to release updates to Windows 10 that cannot be installed on a machine that is only four years old and still has a reasonable specification: 64-bit Intel Pentium G2030 @ 3.00GHz, 4GB DDR3 RAM (upgradable to 8GB), Intel HD Graphics (Xeon E3-1200 v2/3rd Gen), and 1TB 7200RPM HDD. I’m now glad Windows 10 is history on this PC and I’m typing this in a Linux installation.

xdotool comes to the rescue

In a previous post I explained how I implemented a method for adding my current location and the local time to my e-mail signature wherever I happen to be in the World, irrespective of the time on the laptop’s hardware clock and system clock. In that post I described how I created a keyboard shortcut using the Linux application AutoKey. Unfortunately AutoKey has not been updated for several years and no longer works properly in KDE Plasma 5 on my laptops. Therefore I decided to replace it with a KDE keyboard shortcut, and this is to explain how I did it.

First create a custom shortcut in KDE:

  1. ‘System Settings’ > ‘Shortcuts’ > ‘Custom Shortcuts’
  2. ‘Edit’ > ‘New’ > ‘Global Shortcut’ > ‘Command/URL’, and name the New Action ‘Insert current time’
  3. On the Comment pane for ‘Insert current time’, add the comment ‘Insert current time at specified location’ (without the quotes)
  4. On the Trigger pane, configure the shortcut to be Ctrl+Alt+Space
  5. On the Action pane, enter the Command/URL as ‘/home/fitzcarraldo/timezone_signature_GeoNames.sh‘ (without the quotes)
  6. Click ‘Apply’

Next modify the Bash script timezone_signature_GeoNames.sh so that it contains the following (obviously change the username and path to suit):

#!/bin/bash

place=$(kdialog --title "Current Location" --inputbox "Enter your location:")

placetime=$(perl /home/fitzcarraldo/now1.pl $place)

# xdotool does not output a space in a string, so we have to extract each field from the string
# and print each field individually, separated by a space character.

city=$(echo $placetime | awk -F "|" '{print $1}')
country=$(echo $placetime | awk -F "|" '{print $2}' | sed 's/[)(]//g')
region=$(echo $placetime | awk -F "|" '{print $4}')

datetime=$(/usr/bin/zdump $region | awk -F " " '{print $2" "$3" "$4" "$5" "$6" "$7}')
dayofweek=$(echo $datetime | awk -F " " '{print $1}')
month=$(echo $datetime | awk -F " " '{print $2}')
day=$(echo $datetime | awk -F " " '{print $3}')
time=$(echo $datetime | awk -F " " '{print $4}')
year=$(echo $datetime | awk -F " " '{print $5}')
timezone=$(echo $datetime | awk -F " " '{print $6}')

activewindow=$(xdotool getactivewindow)

xdotool type --window $activewindow "Sent from:"
for oneword in $city; do
    xdotool key --window $activewindow space
    sleep 0.1s
    xdotool type --window $activewindow --delay 100 $oneword
done
xdotool key --window $activewindow comma
for oneword in $country; do
    xdotool key --window $activewindow space
    sleep 0.1s
    xdotool type --window $activewindow --delay 100 $oneword
done
xdotool key --window $activewindow Return
xdotool type --window $activewindow "Local time now: "
xdotool type --window $activewindow $dayofweek
xdotool type --window $activewindow " "
xdotool type --window $activewindow $month
xdotool type --window $activewindow " "
xdotool type --window $activewindow $day
xdotool type --window $activewindow " "
xdotool type --window $activewindow $time
xdotool type --window $activewindow " "
xdotool type --window $activewindow $year
xdotool type --window $activewindow " "
if [ ${timezone:0:1} = "-" ]; then
    timezone="UTC-"${timezone#*-}
elif [ ${timezone:0:1} = "+" ]; then
    timezone="UTC+"${timezone#*+}
fi
xdotool type --window $activewindow $timezone
xdotool type --window $activewindow " "
xdotool key --window $activewindow Return
xdotool key --window $activewindow Return
echo

The Perl script now1.pl is listed in my my earlier post. Notice that the script timezone_signature_GeoNames.sh in my earlier post was much simpler. This was because the AutoKey shortcut took care of sending the text to the currently active window. Without AutoKey, I now had to do this myself in the script timezone_signature_GeoNames.sh, and the command xdotool came to the rescue. The developer explains what xdotool does as follows:

This tool lets you simulate keyboard input and mouse activity, move and resize windows, etc. It does this using X11’s XTEST extension and other Xlib functions.

Additionally, you can search for windows and move, resize, hide, and modify window properties like the title. If your window manager supports it, you can use xdotool to switch desktops, move windows between desktops, and change the number of desktops.

So I installed xdotool via the Gentoo package manager:

# emerge xdotool
# eix xdotool
[I] x11-misc/xdotool
     Available versions:  3.20150503.1-r1^t ~3.20160805.1^t {examples}
     Installed versions:  3.20150503.1-r1^t(22:51:30 02/04/17)(-examples)
     Homepage:            http://www.semicomplete.com/projects/xdotool/
     Description:         Simulate keyboard input and mouse activity, move and resize windows

Anyway, my Bash script using xdotool works a treat with Thunderbird (and KWrite, LibreOffice Writer, etc.). I used to experience a problem with certain characters, for example a colon was printed as a semi-colon (see the xdotool bug report xdotool writes the wrong case #121), but that no longer happens in my current KDE Plasma 5 installation:

Sent from: Galeão International Airport, Brazil
Local time now: Thu Jul 6 15:11:40 2017 UTC-03

What a useful tool xdotool is!

Using the ClamAV daemon to scan files placed in my Downloads directory in Gentoo Linux

In a previous post I explained how to automatically detect files placed in my Downloads directory in Linux and scan them for viruses. The method I described in that post used clamscan, the command-line anti-virus scanner of ClamAV. Now, in addition ClamAV has a daemon (a program that runs continuously in the background), clamdscan, that you can enable. So I decided to switch to using clamdscan, as its response to downloaded files is much faster because the process waiting for new files to appear in ~/Downloads/ does not have to load clamscan from disk each time a new file arrives. Anyway, if you want to monitor a download directory in Gentoo Linux (running OpenRC) by using the ClamAV daemon — which will also download virus signature database updates automatically — then the procedure to set this up is given below.

1. Install clamav if it is not installed already:

root # emerge clamav

2. Add the service to the default runlevel:

root # rc-update add clamd default

The daemon will be launched automatically next time the computer boots.

3. The first download of the virus database has to be done manually:

root # freshclam

4. Start the daemon now:

root # rc-service clamd start

5. Create the Bash script ~/monitorDownloadsGUI with the following contents:

#!/bin/bash

DIR=$HOME/Downloads

# Get rid of old log file, if any
rm $HOME/virus-scan.log 2> /dev/null

IFS=$(echo -en "\n\b")

# Optionally, you can use shopt to avoid creating two processes due to the pipe
shopt -s lastpipe
inotifywait --quiet --monitor --event close_write,moved_to --recursive --format '%w%f' $DIR | while read FILE
# Added '--recursive' so that a directory copied into $DIR also triggers clamscan/clamdscan, although downloads
# from the Web would just be files, not directories.
do
     # Have to check file length is nonzero otherwise commands may be repeated
     if [ -s $FILE ]; then
          # Replace 'date >' with 'date >>' if you want to keep log file entries for previous scans.
          date > $HOME/virus-scan.log
          clamdscan --move=$HOME/virus-quarantine $FILE >> $HOME/virus-scan.log
          kdialog --title "Virus scan of $FILE" --msgbox "$(cat $HOME/virus-scan.log)"
     fi
done

Make it executable:

user $ chmod +x ~/monitorDownloadsGUI

6. Create the directory ~/virus-quarantine/ to store infected files pending investigation/deletion:

user $ mkdir ~/virus-quarantine

7. Install kdialog if it is not already installed:

root # emerge kdialog

8. Use ‘System Settings’ > ‘Startup and Shutdown’ > ‘Autostart’ to add the script ~/monitorDownloadsGUI to the list of script files that are automatically started each time you log in to KDE.

9. Log out then back in again, and you should see that everything is running as expected:

user $ rc-status | grep clam
 clamd                                                             [  started  ]

user $ ps -ef | grep clam | grep -v grep
clamav    1920     1  0 01:48 ?        00:00:00 /usr/sbin/clamd
clamav    1929     1  0 01:48 ?        00:00:00 /usr/bin/freshclam -d

user $ ps -ef | grep GUI | grep -v grep
fitzcarraldo      9143  8971  0 13:56 ?        00:00:00 /bin/bash /home/fitzcarraldo/.config/autostart-scripts/monitorDownloadsGUI.sh

10. To test, surf to http://www.eicar.org/85-0-Download.html and download one of the EICAR test files into your ~/Downloads/ directory. You should see a pop-up KDialog window with a message similar to the following:

Virus scan of /home/fitzcarraldo/Downloads/eicarcom2.zip — KDialog

Mon 27 Feb 14:05:26 GMT 2017
/home/fitzcarraldo/Downloads/eicarcom2.zip: Eicar-Test-Signature FOUND
/home/fitzcarraldo/Downloads/eicarcom2.zip: moved to ‘/home/fitzcarraldo/virus-quarantine/eicarcom2.zip’

———– SCAN SUMMARY ———–
Infected files: 1
Time: 0.001 sec (0 m 0 s)

Note that the above-mentioned pop-up window may be preceded by one or more pop-up windows with an error message. I’m using the Chrome browser at the moment, but you may get a similar message if you are using another browser. Here is an example:

Virus scan of /home/fitzcarraldo/Downloads/.com.google.Chrome.Uh3oGm — KDialog ?

Mon 27 Feb 14:16:30 GMT 2017
/home/fitzcarraldo/Downloads/.com.google.Chrome.Uh3oGm: Access denied. ERROR

———– SCAN SUMMARY ———–
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

Read the error message and click ‘OK’, as this is not an actual problem; it is inotifywait detecting temporary files in the ~/Downloads/ directory during the download process. With larger files sometimes several such messages are displayed, presumably because the file being downloaded is being opened and closed more than once during the downloading process. This issue does not occur if you copy or move a file into ~/Downloads/ from another directory in your installation; try it and see for yourself. Then you only get the one pop-up window with the scan result for the file you put in ~/Downloads/.

Also have a look in ~/virus-quarantine/ and you will see the EICAR test file in that directory. You can delete it if you want (it is not infected with a real virus, so does no harm).

In future be sure to read the messages in the pop-up windows before clicking ‘OK’, as they will inform you that an infected file has been moved to the quarantine directory.

That’s all there is to it. Very simple, and quite handy if you want to check quickly that files you download don’t have a malware payload. Just make sure you download all files into ~/Downloads/ or they will not be checked automatically. Also, if you are given e.g. a USB pen drive with a file on it, you can copy the file to ~/Downloads/ if you want it to be scanned for malware.

A correct method of configuring Samba for browsing SMB shares in a home network

SMB
SMB (Server Message Block) is the underlying protocol that Microsoft Windows computers use to connect to resources, such as file shares and printers, and to transfer information when the connections are established. Samba is the Linux implementation of SMB that allows file and printer information to be transferred between Windows and Linux computers. An early variant of the SMB protocol is known as ‘CIFS’ (Common Internet File System). CIFS is actually obsolete, so the correct term to use these days is ‘SMB’ (see the blog post Why You Should Never Again Utter The Word, "CIFS"), although ‘CIFS’ is still used sometimes when referring to SMB.

Terminology
You are likely to come across several terms when reading about Samba, such as NetBIOS, Active Directory (AD), Lightweight Directory Access Protocol (LDAP), Kerberos, Windows Internet Name Service (WINS) and Winbind, to name but a few. Most are used in larger corporate or enterprise networks but you can ignore most of them – only broadcast NetBIOS name resolution or WINS are necessary to configure Samba in small home networks. For example, my home network uses broadcast NetBIOS name resolution and sometimes has up to 15 devices connected (Linux, Windows 7/10, macOS, Android and iOS), all of which can browse file shares using SMB/Samba.

Note: You should not use Broadcast NetBIOS Name Resolution and WINS at the same time.

To explain the terminology – Active Directory is a central database of user accounts and passwords used primarily in Windows networks to authenticate users, and LDAP is the protocol that clients and servers use to access the Active Directory database. Kerberos is a separate encrypted authentication mechanism used for client-server applications, such as computers that access a specific file or web server, or SQL database. WINS is a mechanism for storing Windows computer name to IP address mappings on a central server – the WINS Server. Computers in a LAN interrogate the WINS server to obtain the IP addresses of other computers. It’s a bit like DNS except that the WINS Server stores Windows computer names rather than URLs or domain names. Winbind is a Unix/Linux mechanism that allows Windows NT accounts to look like a Unix service to Unix/Linux machines.

NetBIOS
How is NetBIOS relevant to Samba? Samba uses NetBIOS in three different ways:

  1. NetBIOS over UDP Port 137 to advertise Windows computer names for name to IP address resolution;

  2. NetBIOS over UDP Port 138 to advertise services that the computer offers and to elect a ‘Master Browser’ (explained below);

  3. SMB over NetBIOS over TCP/IP Port 139 to connect to file shares or printers. Once connected, the computers may negotiate using SMB direct over TCP/IP Port 445 to improve efficiency of the connection.

NetBIOS over UDP (Port 137) is a connectionless broadcast protocol that Windows machines use to advertise over the LAN their names and corresponding IP addresses. Other computers receive the broadcasts and cache the names and IP addresses in a name to IP address mapping table.

NetBIOS over UDP (Port 138) is a connectionless broadcast protocol that Windows machines use to advertise their eligibility to become the Master Browser or Backup Browser for a Windows Workgroup in the LAN. An automatic election process elects only one machine in a Workgroup to become the Master Browser for that workgroup, and elects one or more ‘Backup Browsers’ in the Workgroup. The Master Browser and Backup Browser(s) collate a list of all the computers in the Workgroup and the services that they offer. It is more efficient for a single computer to assume the master role and to collate the information than it is for the information to remain distributed. When you click on ‘Network’ in File Explorer’s ‘Network Neighbourhood’ window, your computer interrogates the Master Browser(s) to obtain a list of the Windows Workgroups in the LAN, the members of the Workgroup(s) and the file and printer services that each Workgroup member offers. If the Master Browser fails or is disconnected, a re-election takes place and a new Master Browser is elected from the list of Backup Browsers in that Workgroup. The same process occurs if you are using a Linux file manager (Dolphin in KDE, Nautilus in GNOME, etc.) with Samba. You can configure the ‘priority’ of the Samba server in each machine in the Workgroup so that it is either more likely or less likely to be elected the Master Browser for the Workgroup. You could even configure Samba on a Linux machine so that it will never be a Master Browser. (It is also possible to configure a Windows machine so that it will never be a Master Browser.)

     Renamed ‘Entire Network’ in some versions of Windows.
     Renamed ‘My Network Places’ or simply ‘Network’ in some versions of Windows.

SMB over NetBIOS over TCP/IP (Port 139) is a connection orientated protocol that Windows computers use to connect to file shares and printers, to retrieve directory listings and to transfer files. Having obtained a list of computers and file shares from the Master Browser, if you click on a particular file share to connect to it, your computer looks up the name of the target computer in the local name table, obtains the target computer’s IP address and initiates a SMB over NetBIOS over TCP/IP connection to it. The target computer then issues a username and password prompt for you to complete the connection. If authentication is successful, the SMB protocol is used to transfer a directory listing of the contents of the share. If you drag and drop a file from the share to your local machine, or vice-versa, SMB is used to transfer the file. Behind the scenes, during the initial connection set-up, your computer and the target carry out a negotiation. If both machines support SMB direct over TCP/IP, the directory listing and subsequent file transfer are transported using SMB over TCP/IP Port 445. This is much more efficient because it eliminates completely the NetBIOS overhead.

When you install and configure Samba on a Linux computer, the ‘smbd‘ and ‘nmbd‘ daemons enable all of the functionality above. In a small network you do not need to enable or use AD, LDAP, Kerberos, WINS, Winbind or anything else for that matter. Samba and its built-in NetBIOS mechanisms will allow you to participate in a Windows Workgroup environment to share and use folders, files and printers.

Workgroups
The majority of Windows computers running in home networks are configured, by default, in a single Workgroup. A Workgroup is a simple way for computers in small networks to advertise and share resources, such as folders and printers, with other members of the same group. You can configure multiple Workgroups in the same LAN but each computer can belong to only one Workgroup. The theory is that different computers can share different resources within their group.

Please Note: A Windows Workgroup is not the same thing as a Windows HomeGroup. The latter concept was introduced in Windows 7 and is an ‘evolution’ of the Workgroup concept, in which you share folders and files but specify a pre-determined group password. All computers wishing to join the HomeGroup specify the same password to connect to the resources in that group. Samba does not participate in Windows HomeGroups because the latter is a Windows-only feature.

Configuring Samba
Firstly, install Samba on the Linux computer. Use Samba 4 and avoid Samba 3, which is obsolete. I have several laptops and a Network Addressable Storage (NAS) server, all running Linux with various releases of Samba 4. I also have a desktop computer running Windows 10 for family use. In addition, family and friends connect various laptops running Windows 7 and Windows 10 to my home network, as well as tablets and smartphones (see How to Access Shared Windows Folders on Android, iPad, and iPhone). This NAS runs 24/7 so I could have configured Samba to always make it the Master Browser but this is not necessary as the remaining computers in the network will elect a new Master Browser should the NAS fail.

Below is a summary of the steps to configure Samba in a Windows Workgroup:

  1. Configure the same Workgroup name on all of the Windows computers (for example, How to Change Workgroup in Windows 10). The default Windows 10 Workgroup is called ‘WORKGROUP‘. In the example further down I used the Windows GUI to change the Workgroup name to ‘GREENGABLES‘. There is plenty of information on the Internet about how to configure Windows file sharing so I won’t repeat any of it here (for example, How to Enable Network Discovery and Configure Sharing Options in Windows 10 and How to set up file sharing on Windows 10 (Share files using File Explorer)).

  2. Configure Samba on the Linux machines by editing the file ‘/etc/samba/smb.conf‘ on each. The contents of the file ‘smb.conf‘ are shown below for a Linux NAS and two Linux laptops. The NetBIOS name of the NAS is ‘akhanaten‘ and the laptops are ‘tutankhamun‘ and ‘smenkhkare‘. You can use either of the smb.conf files of the two laptops as a template for the smb.conf file of any Linux computer in your own home network. You can ignore the smb.conf file of the NAS if you simply want to be able to browse SMB/Samba shares on other computers in your home network.

  3. Use the command ‘pdbedit‘ on each Linux machine to define and configure the Samba users on that machine. The command ‘smbpasswd‘ is an alternative to ‘pdbedit‘ but I recommend you use the latter, as ‘smbpasswd‘ is deprecated. Each Samba user must exist as a Linux user because it is the Linux users who own the shares and are used for authentication.

  4. The NAS has Linux users ‘anne‘, ‘marilla‘, ‘matthew‘ and ‘guest‘, whereas each of the laptops has a Linux user ‘anne‘. The user name does not have to be the same on different computers.

  5. The purpose of each variable in ‘smb.conf‘ is explained on the applicable Samba manual page (enter the command ‘man smb.conf‘ in a terminal window) and the Samba documentation page for smb.conf on the Web.

Furthermore, make sure the Winbind daemon is not running. If Winbind is installed, make sure the service is not running and is disabled.

smb.conf of NAS running Ubuntu Server Edition:

[global]
# SMB uses ports 139 & 445, as explained in this blog post
smb ports = 139 445
netbios name = akhanaten
workgroup = greengables

# Use either NetBIOS broadcast for name resolution or entries in the /etc/hosts file
name resolve order = bcast host

# Don't care if the workgroup name is upper or lower case
case sensitive = no

# User authentication is used to access the shares
security = user
map to guest = bad user
guest account = guest

# Don't allow the use of root for network shares
invalid users = root

# Domain master only applies to LANs that are inter-connected across a WAN
domain master = no

# This machine is eligible to be a Master Browser and its priority is 4
# (the higher the os level, the more preferred to be Master Browser)
# (the maximum allowable value for os level is 255)
preferred master = yes
os level = 4
dns proxy = no

# Always advertise the shares automatically
auto services = global

# Interfaces on which to listen for NetBIOS broadcasts and to allow SMB connections
# Include "lo" because it is the internal interface
# em1 is the name of the Ethernet interface, found using the ifconfig command
interfaces = lo em1
bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0

panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes

# Don't synchronise the Linux and Samba user passwords - they can be different
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes

# This Samba configuration does not advertise any printers
load printers = no

# File to map long usernames to shorter Unix usernames, if necessary
username map = /etc/samba/smbusers

# Allow guest user access if specified in the shares
guest ok = yes

# First user share is called "anne" - only user "anne" specified below can connect to the share
[anne]
comment = "anne share"
path = /nas/shares/anne
writeable = yes
valid users = anne

# Second user share is called "marilla" - only user "marilla" specified below can connect to the share
[marilla]
comment = "marilla share"
path = /nas/shares/marilla
writeable = yes
valid users = marilla

# Third user share is called "matthew" - only user "matthew" specified below can connect to the share
[matthew]
comment = "matthew share"
path = /nas/shares/matthew
writeable = yes
valid users = matthew

# Fourth user share is called "guest" - any user can connect to the share
[guest]
comment = "guest account"
path = /nas/shares/guest
writeable = yes
guest ok = yes
valid users = guest anne marilla matthew

smb.conf of laptop #1 running Gentoo Linux:

[global]
;no need to specify 'smb ports' as ports 139 & 445 used by default
workgroup = GREENGABLES
netbios name = tutankhamun
case sensitive = no
browseable = yes

;If this machine becomes a Master Browser, the following parameter allows it to hold the browse list
browse list = yes

printcap name = cups
printing = cups

log file = /var/log/samba/log.%m
max log size = 50

security = user
map to guest = bad user

encrypt passwords = yes
passdb backend = tdbsam

domain master = no
local master = yes
preferred master = yes
; os level = 6 on the other laptop, so I have made it 5 on this laptop.
os level = 5
name resolve order = bcast
wins support = no
dns proxy = no

;Listen for NetBIOS on Ethernet and Wireless interfaces
;Names of the interfaces found using ifconfig command
interfaces = enp4s0f1 wlp3s0

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = yes
printable = yes
create mask = 0700

[print$]
path = /var/lib/samba/printers
write list = @adm root
guest ok = yes

[anne-share]
path = /home/anne/anne-share/
guest ok = yes
;read only = no
writeable = yes
browseable = yes
valid users = anne

[Public]
path = /home/anne/Public/
guest ok = yes
;read only = no
writeable = yes
browseable = yes

smb.conf of laptop #2 running Gentoo Linux:

[global]
;no need to specify 'smb ports' as ports 139 & 445 used by default
workgroup = GREENGABLES
netbios name = smenkhkare
case sensitive = no
browseable = yes

;If this machine becomes a Master Browser, the following parameter allows it to hold the browse list
browse list = yes

printcap name = cups
printing = cups

log file = /var/log/samba/log.%m
max log size = 50

security = user
map to guest = bad user

encrypt passwords = yes
passdb backend = tdbsam

domain master = no
local master = yes
preferred master = yes
; os level = 5 on the other laptop so I have made it 6 on this laptop
os level = 6
name resolve order = bcast
wins support = no
dns proxy = no

;Listen for NetBIOS on Ethernet and Wireless interfaces
;Names of the interfaces found using ifconfig command
interfaces = eth0 wlan0

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = yes
printable = yes
create mask = 0700

[print$]
path = /var/lib/samba/printers
write list = @adm root
guest ok = yes

[anne-share]
path = /home/anne/share-share/
guest ok = yes
;read only = no
writeable = yes
browseable = yes
valid users = anne

[Public]
path = /home/anne/Public/
guest ok = yes
;read only = no
writeable = yes
browseable = yes

Samba Commands
The following are Samba commands you can use on any of the Linux computers to find information on the Samba shares.

The ‘smbtree‘ command lists the computers currently using SMB in the local network:

user $ smbtree
GREENGABLES
        \\AKHANATEN                     Samba 4.3.11-Ubuntu
                \\AKHANATEN\IPC$                IPC Service (Samba 4.3.11-Ubuntu)
                \\AKHANATEN\guest               guest account
                \\AKHANATEN\matthew             matthew share
                \\AKHANATEN\marilla             marilla share
                \\AKHANATEN\anne                anne share
        \\SMENKHKARE                    Samba 4.2.14
                \\SMENKHKARE\Samsung_CLX-8385ND Samsung CLX-8385ND
                \\SMENKHKARE\Canon_MP510_Printer        Canon MP510 Printer
                \\SMENKHKARE\Virtual_PDF_Printer        Virtual PDF Printer
                \\SMENKHKARE\Canon_MP560_WiFi   Canon MP560 WiFi
                \\SMENKHKARE\IPC$               IPC Service (Samba 4.2.14)
                \\SMENKHKARE\Public         
                \\SMENKHKARE\anne-share     
                \\SMENKHKARE\print$         
                \\SMENKHKARE\netlogon           Network Logon Service
        \\TUTANKHAMUN                   Samba 4.2.11
                \\TUTANKHAMUN\Samsung_Xpress_C460FW     Samsung Xpress C460FW
                \\TUTANKHAMUN\Canon_MP560_Printer       Canon PIXMA MP560
                \\TUTANKHAMUN\Canon_MP510_Printer       Canon PIXMA MP510
                \\TUTANKHAMUN\Virtual_PDF_Printer       Virtual PDF Printer
                \\TUTANKHAMUN\IPC$              IPC Service (Samba 4.2.11)
                \\TUTANKHAMUN\Public
                \\TUTANKHAMUN\anne-share
                \\TUTANKHAMUN\print$
                \\TUTANKHAMUN\netlogon          Network Logon Service
HOME
        \\BTHUB5                        BT Home Hub 5.0A File Server
                \\BTHUB5\IPC$                   IPC Service (BT Home Hub 5.0A File Server)

BTHUB5‘ is a BT Home Hub 5 (a network router and broadband modem). Notice that it is configured by default to be in a Windows Workgroup named ‘HOME‘. The BT Home Hub 5 has a USB port to which an external USB HDD could be attached, so I assume computers in the home network could have been configured to use the HOME Workgroup instead of GREENGABLES and hence access that USB HDD, i.e. use it as a NAS. However, no HDD is attached to the BT Home Hub 5, so just ignore the BTHUB5 device and the HOME Workgroup.

The ‘nmblookup‘ command is used to see which services each computer offers. The strings ‘..__MSBROWSE__.‘ and ‘<1d>‘ in the output indicate that the computer is currently the Master Browser (see the Microsoft TechNet article NetBIOS Over TCP/IP for details):

user $ nmblookup akhanaten
192.168.1.70 akhanaten<00>

user $ nmblookup -A 192.168.1.70
Looking up status of 192.168.1.70
        AKHANATEN       <00> -         B <ACTIVE>
        AKHANATEN       <03> -         B <ACTIVE>
        AKHANATEN       <20> -         B <ACTIVE>
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

user $ nmblookup tutankhamun
192.168.1.79 tutankhamun<00>

user $ nmblookup -A 192.168.1.79
Looking up status of 192.168.1.79
        TUTANKHAMUN     <00> -         B <ACTIVE>
        TUTANKHAMUN     <03> -         B <ACTIVE>
        TUTANKHAMUN     <20> -         B <ACTIVE>
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

user $ nmblookup smenkhkare
192.168.1.90 smenkhkare<00>

user $ nmblookup -A 192.168.1.90
Looking up status of 192.168.1.90
        SMENKHKARE      <00> -         B <ACTIVE>
        SMENKHKARE      <03> -         B <ACTIVE>
        SMENKHKARE      <20> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE> 
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1d> -         B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

..__MSBROWSE__.‘ and ‘<1d>‘ in the above output indicates that the laptop named smenkhkare is currently the Master Browser of the Workgroup named GREENGABLES. See the Microsoft TechNet article NetBIOS Over TCP/IP to interpret the output.

Now let’s look at what happens when thutmoseiii, the Windows 10 desktop connected to this home network, is powered up:

user $ smbtree
GREENGABLES
        \\AKHANATEN                     Samba 4.3.11-Ubuntu
                \\AKHANATEN\IPC$                IPC Service (Samba 4.3.11-Ubuntu)
                \\AKHANATEN\guest               guest account
                \\AKHANATEN\matthew             matthew share
                \\AKHANATEN\marilla             marilla share
                \\AKHANATEN\anne                anne share
        \\SMENKHKARE                    Samba 4.2.14
                \\SMENKHKARE\Samsung_CLX-8385ND Samsung CLX-8385ND
                \\SMENKHKARE\Canon_MP510_Printer        Canon MP510 Printer
                \\SMENKHKARE\Virtual_PDF_Printer        Virtual PDF Printer
                \\SMENKHKARE\Canon_MP560_WiFi   Canon MP560 WiFi
                \\SMENKHKARE\IPC$               IPC Service (Samba 4.2.14)
                \\SMENKHKARE\Public
                \\SMENKHKARE\anne-share
                \\SMENKHKARE\print$
                \\SMENKHKARE\netlogon           Network Logon Service
        \\TUTANKHAMUN                   Samba 4.2.11
                \\TUTANKHAMUN\Samsung_Xpress_C460FW     Samsung Xpress C460FW
                \\TUTANKHAMUN\Canon_MP560_Printer       Canon PIXMA MP560
                \\TUTANKHAMUN\Canon_MP510_Printer       Canon PIXMA MP510
                \\TUTANKHAMUN\Virtual_PDF_Printer       Virtual PDF Printer
                \\TUTANKHAMUN\IPC$              IPC Service (Samba 4.2.11)
                \\TUTANKHAMUN\Public
                \\TUTANKHAMUN\anne-share
                \\TUTANKHAMUN\print$
                \\TUTANKHAMUN\netlogon          Network Logon Service
        \\THUTMOSEIII                   Lounge Computer
HOME
        \\BTHUB5                        BT Home Hub 5.0A File Server
                \\BTHUB5\IPC$                   IPC Service (BT Home Hub 5.0A File Server)

user $ nmblookup thutmoseiii
192.168.1.74 thutmoseiii<00>
192.168.56.1 thutmoseiii<00>

user $ nmblookup -A 192.168.1.74
Looking up status of 192.168.1.74
        THUTMOSEIII     <20> -         B <ACTIVE> 
        THUTMOSEIII     <00> -         B <ACTIVE> 
        GREENGABLES     <00> - <GROUP> B <ACTIVE> 
        GREENGABLES     <1e> - <GROUP> B <ACTIVE> 

        MAC Address = AA-BB-CC-DD-EE-FF (anonymised by me)

So Linux computer smenkhkare remained the Master Browser. This is because the Windows 10 computer has its Registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList set to ‘Auto‘, and also there is no subkey \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster so implicitly its value is False (i.e. the computer is not a Preferred Master Browser). See Microsoft TechNet article Specifying Browser Computers for details.

By the way, notice that two IP addresses are listed for thutmoseiii. This is because thutmoseiii is connected to two network adapters: 192.168.1.74 is the IP address of thutmoseiii in the home network, and 192.168.56.1 is the IP address of the virtual network interface for the virtual computers in VirtualBox installed on thutmoseiii.

If the Samba service on smenkhkare is now stopped from the command line, Windows 10 computer thutmoseiii is elected Master Browser after more than a minute has elapsed:

user $ nmblookup -A 192.168.1.74
Looking up status of 192.168.1.74
        THUTMOSEIII     <20> -         B <ACTIVE> 
        THUTMOSEIII     <00> -         B <ACTIVE> 
        GREENGABLES     <00> - <GROUP> B <ACTIVE> 
        GREENGABLES     <1e> - <GROUP> B <ACTIVE> 
        GREENGABLES     <1d> -         B <ACTIVE> 
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>

        MAC Address = AA-BB-CC-DD-EE-FF (anonymised by me)

If the Samba service on smenkhkare is then restarted from the command line and the Windows 10 computer is allowed to go to sleep, the laptop named smenkhkare becomes the Master Brower again as expected.

NetBIOS Commands in Windows
Now let’s look at some NetBIOS equivalent commands on the Windows 10 computer (Windows computer name: thutmoseiii).

First let’s see which remote computers thutmoseiii detects:

C:\WINDOWS\system32>nbtstat -c

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type       Host Address    Life [sec]
    ------------------------------------------------------------
    AKHANATEN      <20>  UNIQUE          192.168.1.70        381
    TUTANKHAMUN    <20>  UNIQUE          192.168.1.79        407
    SMENKHKARE     <20>  UNIQUE          192.168.1.90        416

WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Four adapters are listed in the above output: ‘VirtualBox Host-Only Network 2‘, ‘Ethernet‘, ‘WiFi‘ and ‘Local Area Connection* 11‘. Let’s look at why they are listed:

  • The first adapter listed exists because VirtualBox is installed on thutmoseiii and has a virtual network adapter to enable virtual computers to be networked together (see What Is A Oracle VM VirtualBox Host-Only Network Adapter? if you don’t know what is a VirtualBox Host-Only Network Adapter).

  • The second adapter listed is the computer’s Ethernet adapter. thutmoseiii is connected to the home network via this interface, and the above output shows that thutmoseiii has correctly detected the three other computers connected to the home network.

  • The third adapter listed is the computer’s wireless adapter. thutmoseiii also has a Wi-Fi interface, currently disabled in Windows, hence no active wireless connection is listed.

  • The fourth adapter is a ‘Microsoft Wi-Fi Direct Virtual Adapter’ according to the output of the ipconfig/all command. As the Wi-Fi interface is currently disabled in Windows, no active connection is listed here either.

Now let’s see what thutmoseiii reports about itself:

C:\WINDOWS\system32>nbtstat -n

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

The above is correct: thutmoseiii is the Master Browser in the Windows Workgroup of VirtualBox Host-Only Network 2, but not a Master Browser in the GREENGABLES Workgroup to which thutmoseiii is connected by Ethernet cable. As the Wi-Fi interface in thutmoseiii is currently disabled, no active wireless connection is listed.

Now let’s take a look at what thutmoseiii reports about akhanaten:

C:\WINDOWS\system32>nbtstat -a akhanaten

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    AKHANATEN      <00>  UNIQUE      Registered
    AKHANATEN      <03>  UNIQUE      Registered
    AKHANATEN      <20>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

The above is also correct, as akhanaten is indeed not a Master Browser.

Now let’s have a look at what thutmoseiii reports about tutankhamun:

C:\WINDOWS\system32>nbtstat -a tutankhamun

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    TUTANKHAMUN    <00>  UNIQUE      Registered
    TUTANKHAMUN    <03>  UNIQUE      Registered
    TUTANKHAMUN    <20>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

The above is also correct, as tutankhamun is indeed not a Master Browser.

Now let’s have a look at what thutmoseiii reports about smenkhkare:

C:\WINDOWS\system32>nbtstat -a smenkhkare

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SMENKHKARE     <00>  UNIQUE      Registered
    SMENKHKARE     <03>  UNIQUE      Registered
    SMENKHKARE     <20>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

The above is also correct, as smenkhkare is indeed the Master Browser (notice the ‘☺☻__MSBROWSE__☻‘ and ‘<1D>‘).

Q.E.D.
So there you have it; Browser Elections take place and the Master Browser is any one of the Linux or Windows computers in the home network, thus enabling SMB browsing to take place. No WINS, no LDAP, no AD, no Kerberos. All SMB communication is carried out using NetBIOS over TCP/IP and Broadcast NetBIOS Name Resolution, as shown by the output of the command ‘nbtstat -r‘ on thutmoseiii:

C:\WINDOWS\system32>nbtstat -r

    NetBIOS Names Resolution and Registration Statistics
    ----------------------------------------------------

    Resolved By Broadcast     = 65
    Resolved By Name Server   = 0

    Registered By Broadcast   = 233
    Registered By Name Server = 0

    NetBIOS Names Resolved By Broadcast
---------------------------------------------
           BTHUB5         <00>
           呂啈㕂†††††䱃噅坏㌲匰⁓†
           TUTANKHAMUN    <00>
           AKHANATEN      <00>
           SMENKHKARE     <00>

I assume the line of Chinese and other characters is because of some deficiency in NBTSTAT.EXE, CMD.EXE or Windows 10 generally — despite having entered ‘CHCP 65001‘ and chosen a Unicode TrueType font in CMD.EXE — but the important point is that the statistics listed by the ‘nbtstat -r‘ command clearly show that only broadcasts are used for NetBIOS Name resolution, as promised. NetBIOS name resolution works fine in the home network and all the sharing-enabled computers in the home network can browse SMB shares on other sharing-enabled computers, whether they are running Windows, Linux, macOS, Android or iOS. I reiterate that this is for a typical home network.

Command to find Master Browsers
In Linux you can use the ‘nmblookup‘ command as follows to find out which machine in the home network is currently the Master Browser in each Workgroup:

user $ nmblookup -M -- -
192.168.1.254 __MSBROWSE__
192.168.1.90 __MSBROWSE__
192.168.56.1 __MSBROWSE__

You can see above that there are currently three Master Browsers in this home network. Let’s check the details for these three Master Browsers:

user $ nmblookup -A 192.168.1.254
Looking up status of 192.168.1.254
        BTHUB5          <00> -         B <ACTIVE>
        BTHUB5          <03> -         B <ACTIVE>
        BTHUB5          <20> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
        HOME            <1d> -         B <ACTIVE>
        HOME            <1e> - <GROUP> B <ACTIVE>
        HOME            <00> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

You can see above that the machine BTHUB5 (which is actually the home network’s router) is the Master Browser in the Workgroup named HOME (see earlier).

user $ nmblookup -A 192.168.1.90
Looking up status of 192.168.1.90
        SMENKHKARE      <00> -         B <ACTIVE>
        SMENKHKARE      <03> -         B <ACTIVE>
        SMENKHKARE      <20> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1d> -         B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

You can see above that computer SMENKHKARE is currently the Master Browser in the Workgroup named GREENGABLES.

user $ nmblookup -A 192.168.56.1
Looking up status of 192.168.56.1
No reply from 192.168.56.1

You can see above that the network node 192.168.56.1 is inactive, which is not surprising considering that it is a node on a VirtualBox virtual subnet on the Windows 10 computer thutmoseiii (see earlier) and VirtualBox is not running at the moment on that computer.

On a Windows machine it is not quite so easy to find out which machines are currently Master Browsers. However, on the face of it the third-party utility lanscan.exe can do it (see How to Determine the Master Browser in a Windows Workgroup):

C:\WINDOWS\system32>lanscan

LANscanner v1.67 - ScottiesTech.Info

Scanning LAN...

Scanning workgroup: HOME...

Scanning workgroup: GREENGABLES...

BTHUB5            192.168.1.254    11-11-11-11-11-11  HOME         MASTER
THUTMOSEIII       192.168.56.1     22-22-22-22-22-22  GREENGABLES  MASTER
SMENKHKARE        192.168.1.90     aa-bb-cc-dd-ee-ff  GREENGABLES  MASTER
TUTANKHAMUN       192.168.1.79     33-33-33-33-33-33  GREENGABLES
AKHANATEN         192.168.1.70     55-55-55-55-55-55  GREENGABLES

Press any key to exit...

(MAC addresses anonymised by me.)

Notice above that lanscan.exe listed the VirtualBox virtual subnet node 192.168.56.1 in Windows 10 computer thutmoseiii (see earlier) but omitted to list the node 192.168.1.74 (also thutmoseiii) in the real network. Now, in this particular case thutmoseiii on 192.168.1.74 is not a Master Browser. Nevertheless, as lanscan.exe is supposed to list all nodes, its failure to list the node 192.168.1.74 is a shortcoming.

And what happens if thutmoseiii on node 192.168.1.74 becomes a Master Browser? In that case lanscan.exe still omits the node from the list and, in addition, wrongly shows tutankhamun as a Master Browser:

C:\WINDOWS\system32>nbtstat -n

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

C:\WINDOWS\system32>nbtstat -A 192.168.1.79

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    TUTANKHAMUN    <00>  UNIQUE      Registered
    TUTANKHAMUN    <03>  UNIQUE      Registered
    TUTANKHAMUN    <20>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

C:\WINDOWS\system32>lanscan

LANscanner v1.67 - ScottiesTech.Info

Scanning LAN...

Scanning workgroup: HOME...

Scanning workgroup: GREENGABLES...

BTHUB5            192.168.1.254    11-11-11-11-11-11  HOME         MASTER
THUTMOSEIII       192.168.56.1     22-22-22-22-22-22  GREENGABLES  MASTER
TUTANKHAMUN       192.168.1.79     33-33-33-33-33-33  GREENGABLES  MASTER
SMENKHKARE        192.168.1.90     aa-bb-cc-dd-ee-ff  GREENGABLES
AKHANATEN         192.168.1.70     55-55-55-55-55-55  GREENGABLES

Press any key to exit...

(MAC addresses anonymised by me.)

Linux appears to have the edge on Windows in this respect, as the Samba command ‘nmblookup -M -- -‘ detects all the Master Browsers correctly in the above situation:

user $ nmblookup -M -- -
192.168.1.254 __MSBROWSE__
192.168.1.74 __MSBROWSE__
192.168.56.1 __MSBROWSE__

So it appears that, from a Windows computer, the only sure way to find all Master Browsers is to use the command ‘nbtstat -a <computer name>‘ to check each remote machine in the home network, plus the command ‘nbtstat -n‘ to check the Windows computer you are using.

Footnote
The ebuild of the current Gentoo Stable Branch package net-fs/samba-4.2.11 (and probably the ebuild of the Testing Branch package net-fs/samba-4.2.14 as well) is not entirely correct, as it pulls in unnecessary dependencies (see Gentoo Bug Report No. 579088 – net-fs/samba-4.x has many hard dependencies, make some optional). For example, Kerberos is not required at all if you are not using LDAP, AD, etc. and are just using NETBIOS Name Resolution by Broadcast in a Windows Workgroup (like most home users). However, the Gentoo samba ebuild forces the user to install Kerberos (either the MIT implementation app-crypt/mit-krb5 or the Heimdal implementation app-crypt/heimdal) even if you specify that Samba should be built without support for LDAP, AD, etc. This does not cause any harm, but it is unnecessary.

user $ eix -I samba
[I] net-fs/samba
     Available versions:  3.6.25^t 4.2.11 ~4.2.14 [M]~4.3.11 [M]~4.4.5 [M]~4.4.6 [M]~4.5.0 {acl addc addns ads (+)aio avahi caps (+)client cluster cups debug dmapi doc examples fam gnutls iprint ldap ldb +netapi pam quota +readline selinux +server +smbclient smbsharemodes swat syslog +system-mitkrb5 systemd test (+)winbind zeroconf ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32" PYTHON_TARGETS="python2_7"}
     Installed versions:  4.2.11(19:40:03 16/09/16)(avahi client cups fam gnutls pam -acl -addc -addns -ads -aio -cluster -dmapi -iprint -ldap -quota -selinux -syslog -system-mitkrb5 -systemd -test -winbind ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32" PYTHON_TARGETS="python2_7")
     Homepage:            http://www.samba.org/
     Description:         Samba Suite Version 4

If you are a Gentoo Linux user, you can merge the package net-fs/samba with the same USE flags shown above (obviously change “-systemd” to “systemd” if you use systemd instead of OpenRC), and use the laptops’ smb.conf files shown in this post as templates, and you will be able to share files and printers using Samba and NetBIOS name resolution. Don’t forget to use pdbedit to define the Samba users, and don’t forget to stop and disable winbindd if it is already installed.

Further reading

ADDENDUM (October 30, 2016): You probably already use the Public folder in Windows. If not, you can find a brief explanation in the article Simple Questions: What is the Public Folder & How to Use it?. There are a number of default sub-folders in C:\Users\Public\ on a Windows machine. There are some differences depending on the version of Windows, but in Windows 10 (Anniversary Update) these sub-folders are named:

C:\Public\Libraries
C:\Public\Public Account Pictures
C:\Public\Public Desktop
C:\Public\Public Documents
C:\Public\Public Downloads
C:\Public\Public Music
C:\Public\Public Pictures
C:\Public\Public Videos

These predefined sub-folders are not ordinary folders, and I have noticed a surmountable minor limitation when accessing them from a Linux machine using Samba, as explained below.

If I enable Public Folder Sharing on a Windows machine (‘Turn on sharing so that anyone with network access can read and write files in the Public folders’) and configure the security permissions of the Public folder for Everyone, from another Windows machine in the Workgroup I can copy files to the first machine’s Public folder and default sub-folders. From a Linux machine in the Workgroup I can copy files to the Public folder on Windows machines in the Workgroup but I cannot copy files to the default sub-folders (the Dolphin file manager displays the error message ‘Access denied. Could not write to .‘). However, this is not a big deal because I can copy files into the Public folder itself and into manually created sub-folders in the Public folder.

ADDENDUM (February 13, 2018): Windows 10 Version 1709 and later have the SMBv1/CIFS protocol disabled by default, so the Lanscan utility will no longer work in Windows 10 Version 1709. That is not a big deal if you also have Linux machines on your home network; just use the Samba commands from one of those Linux machines instead. If you have devices on your home network that only support SMBv1/CIFS protocol and they cannot be configured to use the SMBv3 protocol, your only option is to configure Windows 10 Version 1709 to use the SMBv1 protocol, which is less secure than the later SMB protocols. See e.g. the article Cannot browse network neighborhood under Windows 10 Fall Creators update 1709 and newer for how to configure Windows 10 Version 1709 to use the SMBv1 protocol. In my case, all my Linux machines using Samba can be configured via the smb.conf file to use a newer version of the SMB protocol (see ‘server min protocol’ and ‘server max protocol’ in the Samba documentation for smb.conf).