A correct method of configuring Samba for browsing SMB shares in a home network

SMB
SMB (Server Message Block) is the underlying protocol that Microsoft Windows computers use to connect to resources, such as file shares and printers, and to transfer information when the connections are established. Samba is the Linux implementation of SMB that allows file and printer information to be transferred between Windows and Linux computers. An early variant of the SMB protocol is known as ‘CIFS’ (Common Internet File System). CIFS is actually obsolete, so the correct term to use these days is ‘SMB’ (see the blog post Why You Should Never Again Utter The Word, "CIFS"), although ‘CIFS’ is still used sometimes when referring to SMB.

Terminology
You are likely to come across several terms when reading about Samba, such as NetBIOS, Active Directory (AD), Lightweight Directory Access Protocol (LDAP), Kerberos, Windows Internet Name Service (WINS) and Winbind, to name but a few. Most are used in larger corporate or enterprise networks but you can ignore most of them – only broadcast NetBIOS name resolution or WINS are necessary to configure Samba in small home networks. For example, my home network uses broadcast NetBIOS name resolution and sometimes has up to 15 devices connected (Linux, Windows 7/10, macOS, Android and iOS), all of which can browse file shares using SMB/Samba.

Note: You should not use Broadcast NetBIOS Name Resolution and WINS at the same time.

To explain the terminology – Active Directory is a central database of user accounts and passwords used primarily in Windows networks to authenticate users, and LDAP is the protocol that clients and servers use to access the Active Directory database. Kerberos is a separate encrypted authentication mechanism used for client-server applications, such as computers that access a specific file or web server, or SQL database. WINS is a mechanism for storing Windows computer name to IP address mappings on a central server – the WINS Server. Computers in a LAN interrogate the WINS server to obtain the IP addresses of other computers. It’s a bit like DNS except that the WINS Server stores Windows computer names rather than URLs or domain names. Winbind is a Unix/Linux mechanism that allows Windows NT accounts to look like a Unix service to Unix/Linux machines.

NetBIOS
How is NetBIOS relevant to Samba? Samba uses NetBIOS in three different ways:

  1. NetBIOS over UDP Port 137 to advertise Windows computer names for name to IP address resolution;

  2. NetBIOS over UDP Port 138 to advertise services that the computer offers and to elect a ‘Master Browser’ (explained below);

  3. SMB over NetBIOS over TCP/IP Port 139 to connect to file shares or printers. Once connected, the computers may negotiate using SMB direct over TCP/IP Port 445 to improve efficiency of the connection.

NetBIOS over UDP (Port 137) is a connectionless broadcast protocol that Windows machines use to advertise over the LAN their names and corresponding IP addresses. Other computers receive the broadcasts and cache the names and IP addresses in a name to IP address mapping table.

NetBIOS over UDP (Port 138) is a connectionless broadcast protocol that Windows machines use to advertise their eligibility to become the Master Browser or Backup Browser for a Windows Workgroup in the LAN. An automatic election process elects only one machine in a Workgroup to become the Master Browser for that workgroup, and elects one or more ‘Backup Browsers’ in the Workgroup. The Master Browser and Backup Browser(s) collate a list of all the computers in the Workgroup and the services that they offer. It is more efficient for a single computer to assume the master role and to collate the information than it is for the information to remain distributed. When you click on ‘Network’ in File Explorer’s ‘Network Neighbourhood’ window, your computer interrogates the Master Browser(s) to obtain a list of the Windows Workgroups in the LAN, the members of the Workgroup(s) and the file and printer services that each Workgroup member offers. If the Master Browser fails or is disconnected, a re-election takes place and a new Master Browser is elected from the list of Backup Browsers in that Workgroup. The same process occurs if you are using a Linux file manager (Dolphin in KDE, Nautilus in GNOME, etc.) with Samba. You can configure the ‘priority’ of the Samba server in each machine in the Workgroup so that it is either more likely or less likely to be elected the Master Browser for the Workgroup. You could even configure Samba on a Linux machine so that it will never be a Master Browser. (It is also possible to configure a Windows machine so that it will never be a Master Browser.)

     Renamed ‘Entire Network’ in some versions of Windows.
     Renamed ‘My Network Places’ or simply ‘Network’ in some versions of Windows.

SMB over NetBIOS over TCP/IP (Port 139) is a connection orientated protocol that Windows computers use to connect to file shares and printers, to retrieve directory listings and to transfer files. Having obtained a list of computers and file shares from the Master Browser, if you click on a particular file share to connect to it, your computer looks up the name of the target computer in the local name table, obtains the target computer’s IP address and initiates a SMB over NetBIOS over TCP/IP connection to it. The target computer then issues a username and password prompt for you to complete the connection. If authentication is successful, the SMB protocol is used to transfer a directory listing of the contents of the share. If you drag and drop a file from the share to your local machine, or vice-versa, SMB is used to transfer the file. Behind the scenes, during the initial connection set-up, your computer and the target carry out a negotiation. If both machines support SMB direct over TCP/IP, the directory listing and subsequent file transfer are transported using SMB over TCP/IP Port 445. This is much more efficient because it eliminates completely the NetBIOS overhead.

When you install and configure Samba on a Linux computer, the ‘smbd‘ and ‘nmbd‘ daemons enable all of the functionality above. In a small network you do not need to enable or use AD, LDAP, Kerberos, WINS, Winbind or anything else for that matter. Samba and its built-in NetBIOS mechanisms will allow you to participate in a Windows Workgroup environment to share and use folders, files and printers.

Workgroups
The majority of Windows computers running in home networks are configured, by default, in a single Workgroup. A Workgroup is a simple way for computers in small networks to advertise and share resources, such as folders and printers, with other members of the same group. You can configure multiple Workgroups in the same LAN but each computer can belong to only one Workgroup. The theory is that different computers can share different resources within their group.

Please Note: A Windows Workgroup is not the same thing as a Windows HomeGroup. The latter concept was introduced in Windows 7 and is an ‘evolution’ of the Workgroup concept, in which you share folders and files but specify a pre-determined group password. All computers wishing to join the HomeGroup specify the same password to connect to the resources in that group. Samba does not participate in Windows HomeGroups because the latter is a Windows-only feature.

Configuring Samba
Firstly, install Samba on the Linux computer. Use Samba 4 and avoid Samba 3, which is obsolete. I have several laptops and a Network Addressable Storage (NAS) server, all running Linux with various releases of Samba 4. I also have a desktop computer running Windows 10 for family use. In addition, family and friends connect various laptops running Windows 7 and Windows 10 to my home network, as well as tablets and smartphones (see How to Access Shared Windows Folders on Android, iPad, and iPhone). This NAS runs 24/7 so I could have configured Samba to always make it the Master Browser but this is not necessary as the remaining computers in the network will elect a new Master Browser should the NAS fail.

Below is a summary of the steps to configure Samba in a Windows Workgroup:

  1. Configure the same Workgroup name on all of the Windows computers (for example, How to Change Workgroup in Windows 10). The default Windows 10 Workgroup is called ‘WORKGROUP‘. In the example further down I used the Windows GUI to change the Workgroup name to ‘GREENGABLES‘. There is plenty of information on the Internet about how to configure Windows file sharing so I won’t repeat any of it here (for example, How to Enable Network Discovery and Configure Sharing Options in Windows 10 and How to set up file sharing on Windows 10 (Share files using File Explorer)).

  2. Configure Samba on the Linux machines by editing the file ‘/etc/samba/smb.conf‘ on each. The contents of the file ‘smb.conf‘ are shown below for a Linux NAS and two Linux laptops. The NetBIOS name of the NAS is ‘akhanaten‘ and the laptops are ‘tutankhamun‘ and ‘smenkhkare‘. You can use either of the smb.conf files of the two laptops as a template for the smb.conf file of any Linux computer in your own home network. You can ignore the smb.conf file of the NAS if you simply want to be able to browse SMB/Samba shares on other computers in your home network.

  3. Use the command ‘pdbedit‘ on each Linux machine to define and configure the Samba users on that machine. The command ‘smbpasswd‘ is an alternative to ‘pdbedit‘ but I recommend you use the latter, as ‘smbpasswd‘ is deprecated. Each Samba user must exist as a Linux user because it is the Linux users who own the shares and are used for authentication.

  4. The NAS has Linux users ‘anne‘, ‘marilla‘, ‘matthew‘ and ‘guest‘, whereas each of the laptops has a Linux user ‘anne‘. The user name does not have to be the same on different computers.

  5. The purpose of each variable in ‘smb.conf‘ is explained on the applicable Samba manual page (enter the command ‘man smb.conf‘ in a terminal window) and the Samba documentation page for smb.conf on the Web.

Furthermore, make sure the Winbind daemon is not running. If Winbind is installed, make sure the service is not running and is disabled.

smb.conf of NAS running Ubuntu Server Edition:

[global]
# SMB uses ports 139 & 445, as explained in this blog post
smb ports = 139 445
netbios name = akhanaten
workgroup = greengables

# Use either NetBIOS broadcast for name resolution or entries in the /etc/hosts file
name resolve order = bcast host

# Don't care if the workgroup name is upper or lower case
case sensitive = no

# User authentication is used to access the shares
security = user
map to guest = bad user
guest account = guest

# Don't allow the use of root for network shares
invalid users = root

# Domain master only applies to LANs that are inter-connected across a WAN
domain master = no

# This machine is eligible to be a Master Browser and its priority is 4
# (the higher the os level, the more preferred to be Master Browser)
# (the maximum allowable value for os level is 255)
preferred master = yes
os level = 4
dns proxy = no

# Always advertise the shares automatically
auto services = global

# Interfaces on which to listen for NetBIOS broadcasts and to allow SMB connections
# Include "lo" because it is the internal interface
# em1 is the name of the Ethernet interface, found using the ifconfig command
interfaces = lo em1
bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0

panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes

# Don't synchronise the Linux and Samba user passwords - they can be different
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes

# This Samba configuration does not advertise any printers
load printers = no

# File to map long usernames to shorter Unix usernames, if necessary
username map = /etc/samba/smbusers

# Allow guest user access if specified in the shares
guest ok = yes

# First user share is called "anne" - only user "anne" specified below can connect to the share
[anne]
comment = "anne share"
path = /nas/shares/anne
writeable = yes
valid users = anne

# Second user share is called "marilla" - only user "marilla" specified below can connect to the share
[marilla]
comment = "marilla share"
path = /nas/shares/marilla
writeable = yes
valid users = marilla

# Third user share is called "matthew" - only user "matthew" specified below can connect to the share
[matthew]
comment = "matthew share"
path = /nas/shares/matthew
writeable = yes
valid users = matthew

# Fourth user share is called "guest" - any user can connect to the share
[guest]
comment = "guest account"
path = /nas/shares/guest
writeable = yes
guest ok = yes

smb.conf of laptop #1 running Gentoo Linux:

[global]
;no need to specify 'smb ports' as ports 139 & 445 used by default
workgroup = GREENGABLES
netbios name = tutankhamun
case sensitive = no
browseable = yes

;If this machine becomes a Master Browser, the following parameter allows it to hold the browse list
browse list = yes

printcap name = cups
printing = cups

log file = /var/log/samba/log.%m
max log size = 50

security = user
map to guest = bad user

encrypt passwords = yes
passdb backend = tdbsam

domain master = no
local master = yes
preferred master = yes
; os level = 6 on the other laptop, so I have made it 5 on this laptop.
os level = 5
name resolve order = bcast
wins support = no
dns proxy = no

;Listen for NetBIOS on Ethernet and Wireless interfaces
;Names of the interfaces found using ifconfig command
interfaces = enp4s0f1 wlp3s0

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = yes
printable = yes
create mask = 0700

[print$]
path = /var/lib/samba/printers
write list = @adm root
guest ok = yes

[anne-share]
path = /home/anne/anne-share/
guest ok = yes
;read only = no
writeable = yes
browseable = yes
valid users = anne

[Public]
path = /home/anne/Public/
guest ok = yes
;read only = no
writeable = yes
browseable = yes

smb.conf of laptop #2 running Gentoo Linux:

[global]
;no need to specify 'smb ports' as ports 139 & 445 used by default
workgroup = GREENGABLES
netbios name = smenkhkare
case sensitive = no
browseable = yes

;If this machine becomes a Master Browser, the following parameter allows it to hold the browse list
browse list = yes

printcap name = cups
printing = cups

log file = /var/log/samba/log.%m
max log size = 50

security = user
map to guest = bad user

encrypt passwords = yes
passdb backend = tdbsam

domain master = no
local master = yes
preferred master = yes
; os level = 5 on the other laptop so I have made it 6 on this laptop
os level = 6
name resolve order = bcast
wins support = no
dns proxy = no

;Listen for NetBIOS on Ethernet and Wireless interfaces
;Names of the interfaces found using ifconfig command
interfaces = eth0 wlan0

[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = yes

[printers]
comment = All Printers
path = /var/spool/samba
guest ok = yes
printable = yes
create mask = 0700

[print$]
path = /var/lib/samba/printers
write list = @adm root
guest ok = yes

[anne-share]
path = /home/anne/share-share/
guest ok = yes
;read only = no
writeable = yes
browseable = yes
valid users = anne

[Public]
path = /home/anne/Public/
guest ok = yes
;read only = no
writeable = yes
browseable = yes

Samba Commands
The following are Samba commands you can use on any of the Linux computers to find information on the Samba shares.

The ‘smbtree‘ command lists the computers currently using SMB in the local network:

user $ smbtree
GREENGABLES
        \\AKHANATEN                     Samba 4.3.11-Ubuntu
                \\AKHANATEN\IPC$                IPC Service (Samba 4.3.11-Ubuntu)
                \\AKHANATEN\guest               guest account
                \\AKHANATEN\matthew             matthew share
                \\AKHANATEN\marilla             marilla share
                \\AKHANATEN\anne                anne share
        \\SMENKHKARE                    Samba 4.2.14
                \\SMENKHKARE\Samsung_CLX-8385ND Samsung CLX-8385ND
                \\SMENKHKARE\Canon_MP510_Printer        Canon MP510 Printer
                \\SMENKHKARE\Virtual_PDF_Printer        Virtual PDF Printer
                \\SMENKHKARE\Canon_MP560_WiFi   Canon MP560 WiFi
                \\SMENKHKARE\IPC$               IPC Service (Samba 4.2.14)
                \\SMENKHKARE\Public         
                \\SMENKHKARE\anne-share     
                \\SMENKHKARE\print$         
                \\SMENKHKARE\netlogon           Network Logon Service
        \\TUTANKHAMUN                   Samba 4.2.11
                \\TUTANKHAMUN\Samsung_Xpress_C460FW     Samsung Xpress C460FW
                \\TUTANKHAMUN\Canon_MP560_Printer       Canon PIXMA MP560
                \\TUTANKHAMUN\Canon_MP510_Printer       Canon PIXMA MP510
                \\TUTANKHAMUN\Virtual_PDF_Printer       Virtual PDF Printer
                \\TUTANKHAMUN\IPC$              IPC Service (Samba 4.2.11)
                \\TUTANKHAMUN\Public
                \\TUTANKHAMUN\anne-share
                \\TUTANKHAMUN\print$
                \\TUTANKHAMUN\netlogon          Network Logon Service
HOME
        \\BTHUB5                        BT Home Hub 5.0A File Server
                \\BTHUB5\IPC$                   IPC Service (BT Home Hub 5.0A File Server)

BTHUB5‘ is a BT Home Hub 5 (a network router and broadband modem). Notice that it is configured by default to be in a Windows Workgroup named ‘HOME‘. The BT Home Hub 5 has a USB port to which an external USB HDD could be attached, so I assume computers in the home network could have been configured to use the HOME Workgroup instead of GREENGABLES and hence access that USB HDD, i.e. use it as a NAS. However, no HDD is attached to the BT Home Hub 5, so just ignore the BTHUB5 device and the HOME Workgroup.

The ‘nmblookup‘ command is used to see which services each computer offers. The strings ‘..__MSBROWSE__.‘ and ‘<1d>‘ in the output indicate that the computer is currently the Master Browser (see the Microsoft TechNet article NetBIOS Over TCP/IP for details):

user $ nmblookup akhanaten
192.168.1.70 akhanaten<00>

user $ nmblookup -A 192.168.1.70
Looking up status of 192.168.1.70
        AKHANATEN       <00> -         B <ACTIVE>
        AKHANATEN       <03> -         B <ACTIVE>
        AKHANATEN       <20> -         B <ACTIVE>
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

user $ nmblookup tutankhamun
192.168.1.79 tutankhamun<00>

user $ nmblookup -A 192.168.1.79
Looking up status of 192.168.1.79
        TUTANKHAMUN     <00> -         B <ACTIVE>
        TUTANKHAMUN     <03> -         B <ACTIVE>
        TUTANKHAMUN     <20> -         B <ACTIVE>
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

user $ nmblookup smenkhkare
192.168.1.90 smenkhkare<00>

user $ nmblookup -A 192.168.1.90
Looking up status of 192.168.1.90
        SMENKHKARE      <00> -         B <ACTIVE>
        SMENKHKARE      <03> -         B <ACTIVE>
        SMENKHKARE      <20> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE> 
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1d> -         B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

..__MSBROWSE__.‘ and ‘<1d>‘ in the above output indicates that the laptop named smenkhkare is currently the Master Browser of the Workgroup named GREENGABLES. See the Microsoft TechNet article NetBIOS Over TCP/IP to interpret the output.

Now let’s look at what happens when thutmoseiii, the Windows 10 desktop connected to this home network, is powered up:

user $ smbtree
GREENGABLES
        \\AKHANATEN                     Samba 4.3.11-Ubuntu
                \\AKHANATEN\IPC$                IPC Service (Samba 4.3.11-Ubuntu)
                \\AKHANATEN\guest               guest account
                \\AKHANATEN\matthew             matthew share
                \\AKHANATEN\marilla             marilla share
                \\AKHANATEN\anne                anne share
        \\SMENKHKARE                    Samba 4.2.14
                \\SMENKHKARE\Samsung_CLX-8385ND Samsung CLX-8385ND
                \\SMENKHKARE\Canon_MP510_Printer        Canon MP510 Printer
                \\SMENKHKARE\Virtual_PDF_Printer        Virtual PDF Printer
                \\SMENKHKARE\Canon_MP560_WiFi   Canon MP560 WiFi
                \\SMENKHKARE\IPC$               IPC Service (Samba 4.2.14)
                \\SMENKHKARE\Public
                \\SMENKHKARE\anne-share
                \\SMENKHKARE\print$
                \\SMENKHKARE\netlogon           Network Logon Service
        \\TUTANKHAMUN                   Samba 4.2.11
                \\TUTANKHAMUN\Samsung_Xpress_C460FW     Samsung Xpress C460FW
                \\TUTANKHAMUN\Canon_MP560_Printer       Canon PIXMA MP560
                \\TUTANKHAMUN\Canon_MP510_Printer       Canon PIXMA MP510
                \\TUTANKHAMUN\Virtual_PDF_Printer       Virtual PDF Printer
                \\TUTANKHAMUN\IPC$              IPC Service (Samba 4.2.11)
                \\TUTANKHAMUN\Public
                \\TUTANKHAMUN\anne-share
                \\TUTANKHAMUN\print$
                \\TUTANKHAMUN\netlogon          Network Logon Service
        \\THUTMOSEIII                   Lounge Computer
HOME
        \\BTHUB5                        BT Home Hub 5.0A File Server
                \\BTHUB5\IPC$                   IPC Service (BT Home Hub 5.0A File Server)

user $ nmblookup thutmoseiii
192.168.1.74 thutmoseiii<00>
192.168.56.1 thutmoseiii<00>

user $ nmblookup -A 192.168.1.74
Looking up status of 192.168.1.74
        THUTMOSEIII     <20> -         B <ACTIVE> 
        THUTMOSEIII     <00> -         B <ACTIVE> 
        GREENGABLES     <00> - <GROUP> B <ACTIVE> 
        GREENGABLES     <1e> - <GROUP> B <ACTIVE> 

        MAC Address = AA-BB-CC-DD-EE-FF (anonymised by me)

So Linux computer smenkhkare remained the Master Browser. This is because the Windows 10 computer has its Registry subkey HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\MaintainServerList set to ‘Auto‘, and also there is no subkey \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\Parameters\IsDomainMaster so implicitly its value is False (i.e. the computer is not a Preferred Master Browser). See Microsoft TechNet article Specifying Browser Computers for details.

By the way, notice that two IP addresses are listed for thutmoseiii. This is because thutmoseiii is connected to two network adapters: 192.168.1.74 is the IP address of thutmoseiii in the home network, and 192.168.56.1 is the IP address of the virtual network interface for the virtual computers in VirtualBox installed on thutmoseiii.

If the Samba service on smenkhkare is now stopped from the command line, Windows 10 computer thutmoseiii is elected Master Browser after more than a minute has elapsed:

user $ nmblookup -A 192.168.1.74
Looking up status of 192.168.1.74
        THUTMOSEIII     <20> -         B <ACTIVE> 
        THUTMOSEIII     <00> -         B <ACTIVE> 
        GREENGABLES     <00> - <GROUP> B <ACTIVE> 
        GREENGABLES     <1e> - <GROUP> B <ACTIVE> 
        GREENGABLES     <1d> -         B <ACTIVE> 
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>

        MAC Address = AA-BB-CC-DD-EE-FF (anonymised by me)

If the Samba service on smenkhkare is then restarted from the command line and the Windows 10 computer is allowed to go to sleep, the laptop named smenkhkare becomes the Master Brower again as expected.

NetBIOS Commands in Windows
Now let’s look at some NetBIOS equivalent commands on the Windows 10 computer (Windows computer name: thutmoseiii).

First let’s see which remote computers thutmoseiii detects:

C:\WINDOWS\system32>nbtstat -c

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    No names in cache

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

                  NetBIOS Remote Cache Name Table

        Name              Type       Host Address    Life [sec]
    ------------------------------------------------------------
    AKHANATEN      <20>  UNIQUE          192.168.1.70        381
    TUTANKHAMUN    <20>  UNIQUE          192.168.1.79        407
    SMENKHKARE     <20>  UNIQUE          192.168.1.90        416

WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Four adapters are listed in the above output: ‘VirtualBox Host-Only Network 2‘, ‘Ethernet‘, ‘WiFi‘ and ‘Local Area Connection* 11‘. Let’s look at why they are listed:

  • The first adapter listed exists because VirtualBox is installed on thutmoseiii and has a virtual network adapter to enable virtual computers to be networked together (see What Is A Oracle VM VirtualBox Host-Only Network Adapter? if you don’t know what is a VirtualBox Host-Only Network Adapter).

  • The second adapter listed is the computer’s Ethernet adapter. thutmoseiii is connected to the home network via this interface, and the above output shows that thutmoseiii has correctly detected the three other computers connected to the home network.

  • The third adapter listed is the computer’s wireless adapter. thutmoseiii also has a Wi-Fi interface, currently disabled in Windows, hence no active wireless connection is listed.

  • The fourth adapter is a ‘Microsoft Wi-Fi Direct Virtual Adapter’ according to the output of the ipconfig/all command. As the Wi-Fi interface is currently disabled in Windows, no active connection is listed here either.

Now let’s see what thutmoseiii reports about itself:

C:\WINDOWS\system32>nbtstat -n

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

The above is correct: thutmoseiii is the Master Browser in the Windows Workgroup of VirtualBox Host-Only Network 2, but not a Master Browser in the GREENGABLES Workgroup to which thutmoseiii is connected by Ethernet cable. As the Wi-Fi interface in thutmoseiii is currently disabled, no active wireless connection is listed.

Now let’s take a look at what thutmoseiii reports about akhanaten:

C:\WINDOWS\system32>nbtstat -a akhanaten

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    AKHANATEN      <00>  UNIQUE      Registered
    AKHANATEN      <03>  UNIQUE      Registered
    AKHANATEN      <20>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

The above is also correct, as akhanaten is indeed not a Master Browser.

Now let’s have a look at what thutmoseiii reports about tutankhamun:

C:\WINDOWS\system32>nbtstat -a tutankhamun

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    TUTANKHAMUN    <00>  UNIQUE      Registered
    TUTANKHAMUN    <03>  UNIQUE      Registered
    TUTANKHAMUN    <20>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

The above is also correct, as tutankhamun is indeed not a Master Browser.

Now let’s have a look at what thutmoseiii reports about smenkhkare:

C:\WINDOWS\system32>nbtstat -a smenkhkare

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    SMENKHKARE     <00>  UNIQUE      Registered
    SMENKHKARE     <03>  UNIQUE      Registered
    SMENKHKARE     <20>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

The above is also correct, as smenkhkare is indeed the Master Browser (notice the ‘☺☻__MSBROWSE__☻‘ and ‘<1D>‘).

Q.E.D.
So there you have it; Browser Elections take place and the Master Browser is any one of the Linux or Windows computers in the home network, thus enabling SMB browsing to take place. No WINS, no LDAP, no AD, no Kerberos. All SMB communication is carried out using NetBIOS over TCP/IP and Broadcast NetBIOS Name Resolution, as shown by the output of the command ‘nbtstat -r‘ on thutmoseiii:

C:\WINDOWS\system32>nbtstat -r

    NetBIOS Names Resolution and Registration Statistics
    ----------------------------------------------------

    Resolved By Broadcast     = 65
    Resolved By Name Server   = 0

    Registered By Broadcast   = 233
    Registered By Name Server = 0

    NetBIOS Names Resolved By Broadcast
---------------------------------------------
           BTHUB5         <00>
           呂啈㕂†††††䱃噅坏㌲匰⁓†
           TUTANKHAMUN    <00>
           AKHANATEN      <00>
           SMENKHKARE     <00>

I assume the line of Chinese and other characters is because of some deficiency in NBTSTAT.EXE, CMD.EXE or Windows 10 generally — despite having entered ‘CHCP 65001‘ and chosen a Unicode TrueType font in CMD.EXE — but the important point is that the statistics listed by the ‘nbtstat -r‘ command clearly show that only broadcasts are used for NetBIOS Name resolution, as promised. NetBIOS name resolution works fine in the home network and all the sharing-enabled computers in the home network can browse SMB shares on other sharing-enabled computers, whether they are running Windows, Linux, macOS, Android or iOS. I reiterate that this is for a typical home network.

Command to find Master Browsers
In Linux you can use the ‘nmblookup‘ command as follows to find out which machine in the home network is currently the Master Browser in each Workgroup:

user $ nmblookup -M -- -
192.168.1.254 __MSBROWSE__
192.168.1.90 __MSBROWSE__
192.168.56.1 __MSBROWSE__

You can see above that there are currently three Master Browsers in this home network. Let’s check the details for these three Master Browsers:

user $ nmblookup -A 192.168.1.254
Looking up status of 192.168.1.254
        BTHUB5          <00> -         B <ACTIVE>
        BTHUB5          <03> -         B <ACTIVE>
        BTHUB5          <20> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
        HOME            <1d> -         B <ACTIVE>
        HOME            <1e> - <GROUP> B <ACTIVE>
        HOME            <00> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

You can see above that the machine BTHUB5 (which is actually the home network’s router) is the Master Browser in the Workgroup named HOME (see earlier).

user $ nmblookup -A 192.168.1.90
Looking up status of 192.168.1.90
        SMENKHKARE      <00> -         B <ACTIVE>
        SMENKHKARE      <03> -         B <ACTIVE>
        SMENKHKARE      <20> -         B <ACTIVE>
        ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE>
        GREENGABLES     <00> - <GROUP> B <ACTIVE>
        GREENGABLES     <1d> -         B <ACTIVE>
        GREENGABLES     <1e> - <GROUP> B <ACTIVE>

        MAC Address = 00-00-00-00-00-00

You can see above that computer SMENKHKARE is currently the Master Browser in the Workgroup named GREENGABLES.

user $ nmblookup -A 192.168.56.1
Looking up status of 192.168.56.1
No reply from 192.168.56.1

You can see above that the network node 192.168.56.1 is inactive, which is not surprising considering that it is a node on a VirtualBox virtual subnet on the Windows 10 computer thutmoseiii (see earlier) and VirtualBox is not running at the moment on that computer.

On a Windows machine it is not quite so easy to find out which machines are currently Master Browsers. However, on the face of it the third-party utility lanscan.exe can do it (see How to Determine the Master Browser in a Windows Workgroup):

C:\WINDOWS\system32>lanscan

LANscanner v1.67 - ScottiesTech.Info

Scanning LAN...

Scanning workgroup: HOME...

Scanning workgroup: GREENGABLES...

BTHUB5            192.168.1.254    11-11-11-11-11-11  HOME         MASTER
THUTMOSEIII       192.168.56.1     22-22-22-22-22-22  GREENGABLES  MASTER
SMENKHKARE        192.168.1.90     aa-bb-cc-dd-ee-ff  GREENGABLES  MASTER
TUTANKHAMUN       192.168.1.79     33-33-33-33-33-33  GREENGABLES
AKHANATEN         192.168.1.70     55-55-55-55-55-55  GREENGABLES

Press any key to exit...

(MAC addresses anonymised by me.)

Notice above that lanscan.exe listed the VirtualBox virtual subnet node 192.168.56.1 in Windows 10 computer thutmoseiii (see earlier) but omitted to list the node 192.168.1.74 (also thutmoseiii) in the real network. Now, in this particular case thutmoseiii on 192.168.1.74 is not a Master Browser. Nevertheless, as lanscan.exe is supposed to list all nodes, its failure to list the node 192.168.1.74 is a shortcoming.

And what happens if thutmoseiii on node 192.168.1.74 becomes a Master Browser? In that case lanscan.exe still omits the node from the list and, in addition, wrongly shows tutankhamun as a Master Browser:

C:\WINDOWS\system32>nbtstat -n

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    THUTMOSEIII    <20>  UNIQUE      Registered
    THUTMOSEIII    <00>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered
    GREENGABLES    <1D>  UNIQUE      Registered
    ☺☻__MSBROWSE__☻<01>  GROUP       Registered

WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

C:\WINDOWS\system32>nbtstat -A 192.168.1.79

VirtualBox Host-Only Network 2:
Node IpAddress: [192.168.56.1] Scope Id: []

    Host not found.

Ethernet:
Node IpAddress: [192.168.1.74] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    TUTANKHAMUN    <00>  UNIQUE      Registered
    TUTANKHAMUN    <03>  UNIQUE      Registered
    TUTANKHAMUN    <20>  UNIQUE      Registered
    GREENGABLES    <00>  GROUP       Registered
    GREENGABLES    <1E>  GROUP       Registered

    MAC Address = 00-00-00-00-00-00


WiFi:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

Local Area Connection* 11:
Node IpAddress: [0.0.0.0] Scope Id: []

    Host not found.

C:\WINDOWS\system32>lanscan

LANscanner v1.67 - ScottiesTech.Info

Scanning LAN...

Scanning workgroup: HOME...

Scanning workgroup: GREENGABLES...

BTHUB5            192.168.1.254    11-11-11-11-11-11  HOME         MASTER
THUTMOSEIII       192.168.56.1     22-22-22-22-22-22  GREENGABLES  MASTER
TUTANKHAMUN       192.168.1.79     33-33-33-33-33-33  GREENGABLES  MASTER
SMENKHKARE        192.168.1.90     aa-bb-cc-dd-ee-ff  GREENGABLES
AKHANATEN         192.168.1.70     55-55-55-55-55-55  GREENGABLES

Press any key to exit...

(MAC addresses anonymised by me.)

Linux appears to have the edge on Windows in this respect, as the Samba command ‘nmblookup -M -- -‘ detects all the Master Browsers correctly in the above situation:

user $ nmblookup -M -- -
192.168.1.254 __MSBROWSE__
192.168.1.74 __MSBROWSE__
192.168.56.1 __MSBROWSE__

So it appears that, from a Windows computer, the only sure way to find all Master Browsers is to use the command ‘nbtstat -a <computer name>‘ to check each remote machine in the home network, plus the command ‘nbtstat -n‘ to check the Windows computer you are using.

Footnote
The ebuild of the current Gentoo Stable Branch package net-fs/samba-4.2.11 (and probably the ebuild of the Testing Branch package net-fs/samba-4.2.14 as well) is not entirely correct, as it pulls in unnecessary dependencies (see Gentoo Bug Report No. 579088 – net-fs/samba-4.x has many hard dependencies, make some optional). For example, Kerberos is not required at all if you are not using LDAP, AD, etc. and are just using NETBIOS Name Resolution by Broadcast in a Windows Workgroup (like most home users). However, the Gentoo samba ebuild forces the user to install Kerberos (either the MIT implementation app-crypt/mit-krb5 or the Heimdal implementation app-crypt/heimdal) even if you specify that Samba should be built without support for LDAP, AD, etc. This does not cause any harm, but it is unnecessary.

user $ eix -I samba
[I] net-fs/samba
     Available versions:  3.6.25^t 4.2.11 ~4.2.14 [M]~4.3.11 [M]~4.4.5 [M]~4.4.6 [M]~4.5.0 {acl addc addns ads (+)aio avahi caps (+)client cluster cups debug dmapi doc examples fam gnutls iprint ldap ldb +netapi pam quota +readline selinux +server +smbclient smbsharemodes swat syslog +system-mitkrb5 systemd test (+)winbind zeroconf ABI_MIPS="n32 n64 o32" ABI_PPC="32 64" ABI_S390="32 64" ABI_X86="32 64 x32" PYTHON_TARGETS="python2_7"}
     Installed versions:  4.2.11(19:40:03 16/09/16)(avahi client cups fam gnutls pam -acl -addc -addns -ads -aio -cluster -dmapi -iprint -ldap -quota -selinux -syslog -system-mitkrb5 -systemd -test -winbind ABI_MIPS="-n32 -n64 -o32" ABI_PPC="-32 -64" ABI_S390="-32 -64" ABI_X86="64 -32 -x32" PYTHON_TARGETS="python2_7")
     Homepage:            http://www.samba.org/
     Description:         Samba Suite Version 4

If you are a Gentoo Linux user, you can merge the package net-fs/samba with the same USE flags shown above (obviously change “-systemd” to “systemd” if you use systemd instead of OpenRC), and use the laptops’ smb.conf files shown in this post as templates, and you will be able to share files and printers using Samba and NetBIOS name resolution. Don’t forget to use pdbedit to define the Samba users, and don’t forget to stop and disable winbindd if it is already installed.

Further reading

ADDENDUM (October 30, 2016): You probably already use the Public folder in Windows. If not, you can find a brief explanation in the article Simple Questions: What is the Public Folder & How to Use it?. There are a number of default sub-folders in C:\Users\Public\ on a Windows machine. There are some differences depending on the version of Windows, but in Windows 10 (Anniversary Update) these sub-folders are named:

C:\Public\Libraries
C:\Public\Public Account Pictures
C:\Public\Public Desktop
C:\Public\Public Documents
C:\Public\Public Downloads
C:\Public\Public Music
C:\Public\Public Pictures
C:\Public\Public Videos

These predefined sub-folders are not ordinary folders, and I have noticed a surmountable minor limitation when accessing them from a Linux machine using Samba, as explained below.

If I enable Public Folder Sharing on a Windows machine (‘Turn on sharing so that anyone with network access can read and write files in the Public folders’) and configure the security permissions of the Public folder for Everyone, from another Windows machine in the Workgroup I can copy files to the first machine’s Public folder and default sub-folders. From a Linux machine in the Workgroup I can copy files to the Public folder on Windows machines in the Workgroup but I cannot copy files to the default sub-folders (the Dolphin file manager displays the error message ‘Access denied. Could not write to .‘). However, this is not a big deal because I can copy files into the Public folder itself and into manually created sub-folders in the Public folder.

How to enable a Windows application in WINE to access a Samba share on a NAS

I recently installed the Windows application PDF-XChange Editor under WINE in Gentoo Linux on one of my laptops. The application works fine but it could not detect the SMB/CIFS (Samba) share folder on my NAS. When I clicked on ‘File‘ > ‘Open...‘ in the application, the left pane of the ‘Open Files‘ dialogue window displayed the following options:

  Favourites
– Desktop
  + My Computer
  + My Documents
    Trash
  + /

If I clicked on ‘My Computer‘, the right pane of the dialogue window then displayed the following options:

Control Panel
(C:)
(D:)
(E:)
(F:)
(G:)
(Z:)

None of the entries in either pane enabled me to get to the Samba shares on my NAS. Anyway, it turned out to be relatively easy to configure the installation on my laptop to enable the Windows application to access the Samba shared folder on the NAS, and the basic procedure was as follows:

  1. Create a mountpoint.
  2. In the directory $WINEPREFIX/dosdevices/ create a symbolic link to the mountpoint.
  3. Mount the network share on the mountpoint.

Let’s look in detail at the procedure…

My Clevo W230SS laptop running Gentoo Linux Stable Branch amd64 currently has KDE Plasma 5.6.5 and WINE 1.9.18 installed. I had used a WINE prefix of ~/.wine-pdfxve6 to install the Windows application in the fitzcarraldo user account. Let us say that the hostname of my Linux NAS is ‘bsfnas1‘, the name of the Samba shared folder on the NAS is ‘brianfolder‘, the Samba username for that shared folder on the NAS is ‘brian‘ and the Samba share password on the NAS is ‘enricocaruso‘.

First I checked which drive letters were already being used by WINE:

$ ls -la ~/.wine-pdfxve6/dosdevices/
total 8
drwxr-xr-x 2 fitzcarraldo fitzcarraldo 4096 Sep 16 23:18 .
drwxr-xr-x 4 fitzcarraldo fitzcarraldo 4096 Sep 17 04:03 ..
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo   10 Sep 16 23:18 c: -> ../drive_c
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    9 Sep 16 23:18 d:: -> /dev/sdb1
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    8 Sep 16 23:18 e:: -> /dev/sdc
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    9 Sep 16 23:18 f:: -> /dev/sdc1
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    8 Sep 16 23:18 g:: -> /dev/sdb
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    1 Sep 16 23:18 z: -> /

As no Windows Y: drive was listed, I decided to use that drive letter for my network Samba share as shown in the steps below.

I created a mountpoint for the share:

$ sudo mkdir -p /media/bsfnas1/brianfolder

Then I created the symlink:

$ ln -s /media/bsfnas1/brianfolder ~/.wine-pdfxve6/dosdevices/y:
$ ls -la ~/.wine-pdfxve6/dosdevices/
total 8
drwxr-xr-x 2 fitzcarraldo fitzcarraldo 4096 Sep 17 15:38 .
drwxr-xr-x 4 fitzcarraldo fitzcarraldo 4096 Sep 17 15:39 ..
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo   10 Sep 16 23:18 c: -> ../drive_c
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    9 Sep 16 23:18 d:: -> /dev/sdb1
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    8 Sep 16 23:18 e:: -> /dev/sdc
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    9 Sep 16 23:18 f:: -> /dev/sdc1
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    8 Sep 16 23:18 g:: -> /dev/sdb
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo   11 Sep 17 15:37 y: -> /media/bsfnas1/brianfolder
lrwxrwxrwx 1 fitzcarraldo fitzcarraldo    1 Sep 16 23:18 z: -> /

Finally, I mounted the network share onto the symlink:

$ sudo mount.cifs //bsfnas1/brianfolder/ -o user=brian,pass=enricocaruso ~/.wine-pdfxve6/dosdevices/y:

As before, I see the following when I click on ‘File‘ > ‘Open...‘ in the Windows application running under WINE:

  Favourites
– Desktop
  + My Computer
  + My Documents
    Trash
  + /

If I click on ‘My Computer‘ in the ‘Open File‘ dialogue window, the following items are displayed in the right pane of the window:

Control Panel
(C:)
(D:)
(E:)
(F:)
(G:)
(Y:)
(Z:)

and I can select the ‘(Y:)‘ and browse the contents of the shared folder brianfolder on the NAS drive.

Although I found it was unnecessary to do it for PDF-XChange Editor, apparently some Windows applications require the use of Windows UNC syntax, so I also did the following:

$ mkdir -p ~/.wine-pdfxve6/dosdevices/unc/bsfnas1
$ ln -s /media/bsfnas1/brianfolder ~/.wine-pdfxve6/dosdevices/unc/bsfnas1/brianfolder

If I wanted to unmount the Samba share explicitly, rather than leaving it to be unmounted automatically when I shutdown the laptop, I would enter the following command:

$ sudo umount ~/.wine-pdfxve6/dosdevices/y\:/

Then the Windows application on my laptop would no longer be able to browse the unmounted network share:

$ ls ~/.wine-pdfxve6/dosdevices/
c:  d::  e::  f::  g::  unc  y:  z:
$ ls -la /media/bsfnas1/brianfolder
total 8
drwxr-xr-x 2 root root 4096 Sep 17 15:35 .
drwxr-xr-x 4 root root 4096 Sep 17 15:35 ..
$

You may be wondering why I did not add an entry in the file /etc/fstab on my laptop, to mount the Samba share automatically when I boot the laptop. The reason I didn’t is because I often use the laptop away from home and the NAS on my home network is then inaccessible in any case. However, to save myself the hassle of having to enter the mount command manually when I am at home and want to use the Windows application to open a file that is in the NAS shared folder, I created two Desktop Configuration files named mount_bsfnas1_brianfolder_share.desktop and umount_bsfnas1_brianfolder_share.desktop with nice icons in my ~/Desktop directory on the laptop:

[Desktop Entry]
Comment[en_GB]=Mount bsfnas1 brianfolder share for PDF-XChange Editor
Comment=Mount bsfnas1 brianfolder share for PDF-XChange Editor
Exec=sh /home/fitzcarraldo/mount_bsfnas1_brianfolder_share.sh
GenericName[en_GB]=Mount bsfnas1 brianfolder share for PDF-XChange Editor
GenericName=Mount bsfnas1 brianfolder share for PDF-XChange Editor
Icon=media-mount
MimeType=
Name[en_GB]=mount_bsfnas1_brianfolder_share
Name=mount_bsfnas1_brianfolder_share
Path=
StartupNotify=true
Terminal=true
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none
X-KDE-SubstituteUID=false
X-KDE-Username=fitzcarraldo

[Desktop Entry]
Comment[en_GB]=Unmount bsfnas1 brianfolder share for PDF-XChange Editor
Comment=Unmount bsfnas1 brianfolder share for PDF-XChange Editor
Exec=sh /home/fitzcarraldo/umount_bsfnas1_brianfolder_share.sh
GenericName[en_GB]=Unmount bsfnas1 brianfolder share for PDF-XChange Editor
GenericName=Unmount bsfnas1 brianfolder share for PDF-XChange Editor
Icon=media-eject
MimeType=
Name[en_GB]=umount_bsfnas1_brianfolder_share
Name=umount_bsfnas1_brianfolder_share
Path=
StartupNotify=true
Terminal=true
TerminalOptions=\s--noclose
Type=Application
X-DBUS-ServiceName=
X-DBUS-StartupType=none
X-KDE-SubstituteUID=false
X-KDE-Username=fitzcarraldo

and the Bash scripts mount_bsfnas1_brianfolder_share.sh and umount_bsfnas1_brianfolder_share.sh launched by the above two Desktop Configuration files are, respectively:

#!/bin/bash
echo "This will mount the Samba share folder brianfolder on the bsfnas1 machine."
echo
echo "Enter your Linux account password below..."
echo
sudo mount.cifs //bsfnas1/brianfolder/ -o user=brian,pass=enricocaruso ~/.wine-pdfxve6/dosdevices/y:
echo
if grep -q "/media/bsfnas1/brianfolder" /proc/mounts; then
  echo "Samba share //bsfnas1/brianfolder is mounted."
else
  echo "Samba share //bsfnas1/brianfolder is not mounted."
fi
echo
echo "You may now close this window."

#!/bin/bash
echo "This will unmount the Samba share folder brianfolder on the bsfnas1 machine."
echo
echo "Enter your Linux account password below..."
echo
sudo umount ~/.wine-pdfxve6/dosdevices/y:
echo
if grep -q "/media/bsfnas1/brianfolder" /proc/mounts; then
  echo "Samba share //bsfnas1/brianfolder is mounted."
else
  echo "Samba share //bsfnas1/brianfolder is not mounted."
fi
echo
echo "You may now close this window."

Don’t forget to make the two shell scripts executable:

$ chmod +x /home/fitzcarraldo/mount_bsfnas1_brianfolder_share.sh
$ chmod +x /home/fitzcarraldo/umount_bsfnas1_brianfolder_share.sh

If I was doing this on a desktop PC instead of a laptop, instead of creating the above-mentioned .desktop files and Bash scripts I would have added the following line in the file /etc/fstab to mount the NAS Samba shared folder automatically at boot:

//bsfnas1/brianfolder  /media/bsfnas1/brianfolder  cifs  rw,iocharset=utf8,user=brian,pass=enricocaruso  0   0

It works (I’ve tried it).

Further reading
WineHQ Forums – Mapped network drive in wine.
Estendendo suporte a UNC no Wine.

BT Broadband and Netflix on a smart TV: a solution at last?

The fix I described in an earlier post stopped working after a couple of weeks, and my family was again unable to access Netflix on our smart TV. Some people had reported that replacing their BT Home Hub 3 with a BT Home Hub 5 resolved the Netflix problem with their smart TVs, so I decided to buy a second-hand BT Home Hub 5 and can report that Netflix is again accessible via the Netflix app on my LG smart TV.

A post by an owner of a Sony smart TV reinforces my suspicion that the problem is due to a combination of providers:

The problem is that netflix app adds 8.8.4.4 as a DNS server. Using anything other than the homehub default gateway as the DNS server returns an error from parental controls as it uses that to apply said controls. No other app on my Sony smart TV does that and just uses what the DHCP server on the homehub hands out. The netflix app has to stop adding that backup IP address for DNS. Is it Sony setting that value or Netflix? Considering it is happening on non-Sony TVs the finger looks to be pointing at Netflix.

Anyway, I just hope the problem is finally solved in my case. The price I paid for the second-hand BT Home Hub 5 was reasonable, and it does have some advantages over the BT Home Hub 3 I was using previously, such as support for 802.11ac Wi-Fi and no need for an external DSL modem, so I am satisfied with the outcome although my opinion of BT is even lower now.

BT Broadband could be cause of Netflix app’s ui-113 message

A couple of months ago I posted regarding a problem with the Netflix app on my LG smart TV (Netflix – Not fit for purpose?). We use BT Infinity broadband with a BT HomeHub 3. The Netflix app on the TV stopped working in early January and always displayed a Netflix ‘ui-113’ message when trying to connect. As we are paying good money to Netflix, we resorted to trying various DNS server addresses posted on the Web for US Netflix, which only work for a short time. Although US Netflix has more content than UK Netflix, we want the latter as it has UK programmes not available on US Netflix. Not to mention that we live in the UK. And it seems my family is not the only one suffering: BT Broadband Users Suffer Problems with Netflix on UK Smart TVs.

Today I found a YouTube video regarding a different Netflix error code (‘nw-2-5’) but, having tried everything else, I tried the suggested fix anyway (Enable Parental Controls then Disable Parental Controls then Delete Parental Controls) and then changed the DNS server address setting in the TV back to the default 192.168.1.254 for the BT Home Hub. Although the Netflix app first displays the ‘ui-113’ or ‘nw-2-5’ messages, if I retry a few times it now manages to connect to UK Netflix. After a couple of months of hassle with Netflix, that is progress.

The fix suggested in the above-mentioned YouTube video consisted of enabling then disabling and deleting BT Parental Controls via the user’s account page on the BT Web site. Even though I had never previously enabled BT Parental Controls, I logged in to the BT Web site, enabled Parental Controls, and then disabled and deleted them as per the instructions given in the aforementioned YouTube video.

So it seems that BT is either the cause of the problem or a major contributor. I suspect the blame may lie with more than one company, though, because: a) the Netflix app’s ‘ui-113’ and ‘nw-2-5’ messages occur even after I made sure BT Parental Controls really are disabled; b) it is touch and go whether the app is successful in accessing the Netflix site at the first attempt; c) other devices accessing Netflix via my home network don’t suffer from the problem. I just hope LG, Netflix and BT are working together to solve it properly, because the current situation is completely unacceptable.

Thunderbird’s defective method of enabling anti-virus software to scan incoming POP3 e-mail messages

Thunderbird’s method of enabling anti-virus software to scan incoming e-mail messages is explained in the mozillaZine article ‘Download each e-mail to a separate file before adding to Inbox‘ and in Mozilla bug report no. 116443 (the bug report that resulted in the functionality being implemented). It is my contention that the design is deficient and is actually not a solution. In this post I explain why I believe this to be the case. Although here I will discuss Thunderbird in Linux, I believe the deficiency applies to Thunderbird in all OSs.

By default, Thunderbird inserts new incoming e-mail messages into an Inbox file. However, it is possible to configure Thunderbird to first create a temporary file containing each individual e-mail message in the /tmp directory, to enable external anti-virus software to scan each message before Thunderbird inserts it into the Inbox file. This approach only works for POP3 e-mail. The developers’ rationale for implementing this approach was to avoid the possibility of anti-virus software deleting or quarantining an entire Inbox.

In summary, if you want to scan incoming e-mails on your machine without running the risk of losing the entire Thunderbird Inbox, you must:

  1. configure Thunderbird so it creates temporary files /tmp/newmsg* (each file contains a single e-mail message containing ASCII characters);
  2. configure the anti-virus software not to scan the directory containing the Inbox;
  3. configure the anti-virus software to scan the /tmp directory.

Nevertheless, it seems Thunderbird developers would prefer you to disable local scanning of e-mail messages entirely: ‘mozillaZine – Email scanning – pros and cons‘.

Nowadays e-mail servers scan e-mail messages before you even download them. Some e-mail servers even send you an automated e-mail to inform you about an infected incoming e-mail or about an infected outgoing e-mail rejected by a receiving e-mail server. So local scanning of e-mail messages is far less important. Furthermore, I am not sure if the anti-virus software I use (ClamAV) is capable of detecting viruses in e-mail attachments encoded as ASCII characters. Anyway, purely out of curiosity I decided to investigate whether it would be possible to scan Thunderbird’s temporary files reliably.

To configure Thunderbird to create the temporary message files, it is necessary to select ‘Edit’ > ‘Preferences’ > ‘Security’ > ‘Antivirus’ and tick ‘Allow anti-virus clients to quarantine individual incoming messages’ (which sets mailnews.downloadToTempFile to true). Once that option has been selected, Thunderbird creates a temporary file /tmp/newmsg per message, which exists for a very brief (and inconstant) time before Thunderbird deletes it. When downloading several e-mail messages in very rapid succession, Thunderbird creates temporary files with different names (‘newmsg‘, ‘newmsg-1‘, ‘newmsg-2‘, ‘newmsg-3‘ and so on) to avoid overwriting messages, but usually one file named newmsg is sufficient to cater for the message download rate, as Thunderbird only keeps the temporary files for a very short time until it moves the message to the Inbox.

The problem with this approach is that Thunderbird does not provide any handshake mechanism to inform external anti-virus software that it has finished writing to a temporary file and that the file is available for scanning, nor does Thunderbird provide any handshake mechanism for external anti-virus software to inform Thunderbird when the scan of each temporary message file has finished (i.e. to tell Thunderbird that it can go ahead and delete the temporary file). In other words, the Thunderbird ‘solution’ is not a solution at all. In fact, I have found empirically that, if the anti-virus software is not fast enough, it can scan an incomplete temporary message file (i.e. the evaluation of the e-mail message would not be thorough and hence would be invalid). The Bash script below, for example, is sometimes able to scan an entire Thunderbird temporary file but at other times only manages to capture part of the file (it appears Thunderbird opens and closes the temporary file more than once) before Thunderbird deletes it:

#!/bin/bash

# This script only works with Thunderbird.
# This script only works for POP3 e-mail.
#
# You must configure Thunderbird to create temporary files /tmp/newmsg*.
# To do that, set Edit > Preferences > Security > Antivirus and tick
# 'Allow anti-virus clients to quarantine individual incoming messages'
# which sets mailnews.downloadToTempFile to true.

WORK=$HOME/clamtmp
mkdir $WORK 2> /dev/null
rm $WORK/* 2> /dev/null

counter=1

# Watch for newmsg* file(s) created by Thunderbird in /tmp
inotifywait -q -m -e close_write --format '%f' /tmp | while read FILE
do
     if [ "${FILE:0:6}" = "newmsg" ] && [ -s /tmp/$FILE ]; then
          TMPFILE=${counter}$FILE
          cp -p /tmp/$FILE $WORK/$TMPFILE
          # Do not let clamscan write temporary files to /tmp as inotifywait will detect them!
          clamscan --tempdir=$WORK $WORK/$TMPFILE
          counter=$((counter+1))
     fi
done

Below is an example of an incomplete newmsg file that the above script copied to the directory $WORK when Thunderbird downloaded an e-mail message:

From - Sun Feb 21 09:40:58 2016
X-Account-Key: account8
X-UIDL: AAAAAKlA+Ah2LghLoJE4Le5Z5U0BAI04UNOj2gdNjwPO57yvmrIAATVHik4AAA==
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:

I began to wonder if a valid scan would be possible if the script were to lock the temporary file (e.g. using the chattr +i command) until it has completed copying it. The use of the chattr command in the script means it has to be executed by the root user. When I first did that with a modified version of the script using KDialog to display the result of ClamAV’s scan, the following error message was displayed and the script aborted:

kdialog(xxxxxx)/kdeui (kdelibs): Session bus not found
To circumvent this problem try the following command (with Linux and bash)
export $(dbus-launch)

I therefore added the line ‘export $(dbus-launch)‘ to the script as follows:

#!/bin/bash

# This script must be launched by the root user.
export XAUTHORITY="/home/fitzcarraldo/.Xauthority"
export DISPLAY=":0"
export $(dbus-launch)

WORK=$HOME/clamtmp
mkdir $WORK 2> /dev/null
rm $WORK/* 2> /dev/null

inotifywait -q -m -e modify --format '%f' /tmp | while read FILE
do
     # If file name begins with "newmsg" then copy it to work directory and scan it.
     if [ "${FILE:0:6}" = "newmsg" ] && [ -f /tmp/$FILE ]; then
          chattr +i /tmp/$FILE # Stop Thunderbird opening/deleting file.
          cp -p /tmp/$FILE $WORK/
          chattr -i /tmp/$FILE # Allow Thunderbird to open/delete file.
          clamscan --tempdir=$WORK $WORK/$FILE >> $WORK/$FILE.log
          kdialog --msgbox "$(cat $WORK/$FILE.log)"
     fi
done

However, when the above script was running, Thunderbird displayed a pop-up window if it attempted to copy the temporary file to the Inbox before the script released the lock on the file:

There was an error copying the downloaded message from the temporary download file. Perhaps it contained a virus, or you are low on disk space.
From:
Subject: Test to see what happens if script locks newmsg file
Do you want to skip this message?

I clicked ‘No’ and the e-mail message in the file /tmp/newmsg was deleted without being copied to the Inbox, and the message was not deleted from the e-mail server. Subsequent attempts to re-download the message resulted in the same behaviour if the script had not finished processing the message before Thunderbird tried to move the message to the Inbox. Had I clicked ‘Yes’ I assume Thunderbird would simply have deleted the message on the mail server.

I did not bother looking into it further, but presumably the chattr command triggers inotifywait, in which case the script could cycle several times for the same file.

An approach that would probably work would be for Thunderbird to provide some sort of interlock so that it waits to delete newmsg* files until an anti-virus application gives the go-ahead.

An alternative approach would be for Thunderbird not to delete a temporary file after it writes the message to the Inbox and just leave it in the /tmp directory without overwriting it. An anti-virus application would quarantine infected temporary files and leave uninfected temporary files in /tmp, and therefore the anti-virus application would have to be written so that it deletes the temporary file once it has finished scanning it.

The second approach mentioned above would not be as good as the first approach for the following reasons:

  1. It would not stop Thunderbird adding a message to the Inbox (which would mean the user would have to delete a message manually from the Thunderbird Inbox if the virus scanner reported a message as infected).
  2. Thunderbird would have to use a different file name to any existing temporary files (at present it reuses ‘newmsg‘ if a file of that name does not already exist).
  3. The user would have to ensure the temporary files do not accumulate ad infinitum. In my case, the contents of the /tmp directory are deleted each time I reboot, but, in theory, a partition could become full if a user never switched off a machine and received a lot of e-mails.

Regarding the second reason listed above, Thunderbird already names the temporary files ‘newmsg‘, ‘newmsg-1‘, ‘newmsg-2‘ etc., so perhaps the existing Thunderbird code would automatically use a different file name if a file with the same name were still present, rather than overwriting it. If e.g. files newmsg and newmsg-2 happened to exist, I would hope Thunderbird would name the next temporary file ‘newmsg-1‘ or ‘newmsg-3‘.

I wondered if it would be possible to catch up with Thunderbird by just copying the temporary message files from the /tmp directory to another directory (see the script below), and then processing them afterwards with another script. However, even if a script just copies the temporary files to another directory without running ClamAV or KDialog, I found it is still not fast enough to catch all temporary files before Thunderbird deletes them. If Thunderbird downloads a single message and no others are waiting on the server(s) to be downloaded, it seems a script can copy the temporary messages successfully. However, if there are several messages waiting to be downloaded from the e-mail server(s) and Thunderbird downloads them in rapid succession, Thunderbird deletes some of the temporary messages before the script can copy them fully.

#!/bin/bash

WORK=$HOME/clamtmp
# Create work directory if it does not already exist
mkdir $WORK 2> /dev/null
# Delete old working files if they exist
rm $WORK/* 2> /dev/null

counter=1

inotifywait -q -m -e close_write --format '%f' /tmp | while read FILE
do
     if [ "${FILE:0:6}" = "newmsg" ] && [ -s /tmp/$FILE ]; then
          TMPFILE=${counter}$FILE
          cp -p /tmp/$FILE $WORK/$TMPFILE
          counter=$((counter+1))
     fi
done

Consider the following six messages copied to $HOME/clamtmp by the above script (the script adds the first character to the name of the copied file):

-rw-------   1 fitzcarraldo fitzcarraldo    3829 Feb 23 02:24 1newmsg
-rw-------   1 fitzcarraldo fitzcarraldo    3107 Feb 23 02:25 2newmsg
-rw-------   1 fitzcarraldo fitzcarraldo 1158576 Feb 23 02:26 3newmsg
-rw-------   1 fitzcarraldo fitzcarraldo     237 Feb 23 02:28 4newmsg
-rw-------   1 fitzcarraldo fitzcarraldo    2106 Feb 23 02:28 5newmsg-1
-rw-------   1 fitzcarraldo fitzcarraldo    3107 Feb 23 02:28 6newmsg-2

The first three messages were each the sole message on all three e-mail servers accessed, and the copied files newmsg -> 1newmsg, newmsg -> 2newmsg and newmsg -> 3newmsg were all complete messages. However, the last three messages were on three e-mail servers simultaneously waiting to be downloaded, and when I clicked on ‘Get All New Messages’ in Thunderbird, the copied files newmsg -> 4newmsg, newmsg-1 -> 5newmsg-1 and newmsg-2 -> 6newmsg-2 were downloaded by Thunderbird in rapid succession. The copy 4newmsg was incomplete, the copy 5newmsg-1 was complete and the copy 6newmsg-2 was complete. So, even with a faster script, there is no guarantee that a script can catch all the temporary message files. Therefore, as I mentioned earlier, the only way to guarantee that temporary message files are properly scanned would be to modify Thunderbird to provide either a handshake (e.g. a file lock or inter-application flag) or to leave each temporary message file on /tmp and give it a unique file name.

The downside with both the above-mentioned approaches would be that the anti-virus software developer would need to know about the method, and write the software to perform the appropriate actions. If the first approach were adopted, the anti-virus software would need to signal to Thunderbird that it had completed scanning the file (e.g. by releasing a file lock or by an inter-application message). If the second approach were adopted, the anti-virus software would need to delete the message file from /tmp once it had completed scanning the file. The second approach would be easier for a simple Bash script to use, and, had the Thunderbird source code not been so complicated, I would have had a go at patching it to leave temporary message files in the /tmp directory after Thunderbird copies their contents to the Inbox file. But, as e-mail servers already do a good job of scanning messages before Thunderbird downloads them, I will not spend more time on this. Some e-mail servers even send an e-mail to the user informing them about an infected e-mail (see examples below), so it is not worth bothering.

Example 1
Automated e-mail server message to john@smith.com warning him that the e-mail with an infected attachment he sent to dave@hotmail.com was blocked by the receiving e-mail server.

Subject: Mail delivery failed: returning message to sender
Date: Wed, 17 Feb 2016 11:30:10 +0100
From: Mail Delivery System
To: john@smith.com

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:

Reason:
virus/suspect content found

— The header of the original message is following. —

Example 2
Automated e-mail server message to john@smith.com warning him that an e-mail with an infected attachment sent to him by dave@hotmail.com was blocked by the receiving e-mail server.

Subject: VIRUS SUSPECTED: “Dave (Hotmail)”
Date: Wed, 17 Feb 2016 11:46:07 +0100 (CET)
From: Mail Delivery System
To: john@smith.com

A virus was detected in the following e-mail!

Mail details:

From: “Dave (Hotmail)”
TO: John Smith
Date: Wed, 17 Feb 2016 10:45:55 +0000
Subject: EICAR test file attachment

The concerned e-mail has been handled according to your Virus Protection Settings.

Sincerely
Your E-mail Service Provider Team

[ This is an automatically generated email, do not reply to this sender. You may find more
information in the online help of your client. ]

Other articles of interest: mozillaZine – Antivirus software.

Automatically detecting files placed in my Downloads directory in Gentoo Linux and scanning them for viruses

I have been using Linux for almost a decade and have never been unduly concerned about viruses on my machines running Linux. However, I do receive files from people who use Windows and Mac OS, and some of those files might contain Windows or Mac OS viruses, so, as a matter of courtesy and assistance to others, it would make some sense to scan those files before passing them on. Furthermore, as I use some Windows applications under WINE, it would also make sense to scan received files for Windows viruses if I am going to use those files with a Windows application running under WINE.

External files could get into my Gentoo Linux installations via pen drives, memory cards, optical discs, e-mails, my Dropbox directory and downloads from Web sites. In this post I am going to concentrate on the last of these. All the various e-mail account providers I use already scan e-mails for viruses on their e-mail servers before I even download e-mail into the e-mail client on my laptop (standard practice these days), so e-mail is not a particular worry.

I have had ClamAV and its GUI, ClamTk, installed for a long time. Whilst ClamTk can be used to schedule a daily update of virus signatures and a daily scan of one’s home directory by ClamAV, I normally run ClamTk and ClamAV ad hoc. However, I can see some benefit in launching ClamAV automatically when I download a file from the Internet, so I decided to do the following …

Automatically scan a file downloaded via a Web browser

I use Firefox to browse the Web, and had configured it to download files to the directory /home/fitzcarraldo/Downloads/. I decided to monitor automatically the Downloads directory for the addition of any file. As I use the ext4 file system, the method I opted to use is inotify, specifically the inotifywait command which is available once you install the package sys-fs/inotify-tools.

It is surprisingly easy to create a shell script to detect files downloaded into a directory. The following script, running continuously in a terminal, would detect any files created in my /home/fitzcarraldo/Downloads directory, scan the new files with ClamAV and display a report in the terminal window:

#!/bin/bash

echo
DIR=$HOME/Downloads

inotifywait -q -m -e create --format '%w%f' $DIR | while read FILE
do
     date
     echo "File $FILE has been detected. Scanning it for viruses now ..."
     clamscan $FILE
     echo
done

A usable script would need to be a bit more sophisticated than the one shown above, because an existing file in the directory could be overwritten by one with the same name, or opened and amended. Furthermore, the script above would need a permanently open terminal window. Therefore I created a script to run in the background and use a GUI dialogue tool to pop up a window with the virus scanner’s report when the script detects a new or changed file in the Downloads directory. As this laptop has KDE 4 installed I opted to use KDialog to display the pop-up window, but I could instead have used Zenity. The final script is shown below.

#!/bin/bash

DIR=$HOME/Downloads

# Get rid of old log file
rm $HOME/virus-scan.log 2> /dev/null

inotifywait -q -m -e close_write,moved_to --format '%w%f' $DIR | while read FILE
do
     # Have to check file length is nonzero otherwise commands may be repeated
     if [ -s $FILE ]; then
          date > $HOME/virus-scan.log
          clamscan $FILE >> $HOME/virus-scan.log
          kdialog --title "Virus scan of $FILE" --msgbox "$(cat $HOME/virus-scan.log)"
     fi
done

Now when I download a file in Firefox, a window pops up, displaying a message similar to the following:

Virus scan of /home/fitzcarraldo/Downloads/eicar_com.zip – KDialog

Fri 19 Feb 23:42:02 GMT 2016
/home/fitzcarraldo/Downloads/eicar_com.zip: Eicar-Test-Signature FOUND

———– SCAN SUMMARY ———–
Known viruses: 4259980
Engine version: 0.98.7
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 4.595 sec (0 m 4 s)

Notice in the above message that ClamAV detected a virus in a file eicar_com.zip that I downloaded from the European Expert Group for IT Security Web site (originally ‘European Institute for Computer Antivirus Research’). In fact the executable eicar.com does not contain a real virus; it was designed to contain a known signature that virus scanner creators and users can use in checking anti-virus software. You can find out more about the virus test files on the EICAR Web site.

Of course, if I use applications other than Firefox to download files, I need to make sure they download the files into the applicable directory so that the script can detect and scan the files:

fitzcarraldo@clevow230ss ~ $ cd Downloads/
fitzcarraldo@clevow230ss ~/Downloads $ youtube-dl -o Carnavalito.mp4 -f 18 https://www.youtube.com/watch?v=ZDUL3w7zFD4
ZDUL3w7zFD4: Downloading webpage
ZDUL3w7zFD4: Downloading video info webpage
ZDUL3w7zFD4: Extracting video information
ZDUL3w7zFD4: Downloading MPD manifest
[download] Destination: Carnavalito.mp4
[download] 100% of 16.61MiB in 00:05

So, now I have a shell script that pops up a window informing me whether or not any file I put in $HOME/Downloads/ contains a virus. But I would like the script to be launched automatically when I login to the Desktop Environment. Therefore, as I use KDE 4, I selected ‘System Settings’ > ‘Startup and Shutdown’ and, in the ‘Autostart’ pane, clicked on ‘Add Script…’ and entered the path to my shell script (I left ‘create as symlink’ ticked). Now, every time I use KDE, any file placed (automatically or manually) into $HOME/Downloads/ is scanned for viruses automatically and a window pops up giving the result.

As my laptop is not always connected to the Internet, I prefer to update the ClamAV virus signatures database manually, which I do either using the ClamTk GUI or via the command line using the freshclam command:

fitzcarraldo@clevow230ss ~ $ su
Password:
clevow230ss fitzcarraldo # freshclam
ClamAV update process started at Sat Feb 20 10:51:01 2016
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98.7 Recommended version: 0.99
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
Downloading daily-21375.cdiff [100%]
Downloading daily-21376.cdiff [100%]
Downloading daily-21377.cdiff [100%]
Downloading daily-21378.cdiff [100%]
Downloading daily-21379.cdiff [100%]
Downloading daily-21380.cdiff [100%]
Downloading daily-21381.cdiff [100%]
Downloading daily-21382.cdiff [100%]
Downloading daily-21383.cdiff [100%]
Downloading daily-21384.cdiff [100%]
Downloading daily-21385.cdiff [100%]
Downloading daily-21386.cdiff [100%]
Downloading daily-21387.cdiff [100%]
Downloading daily-21388.cdiff [100%]
Downloading daily-21389.cdiff [100%]
Downloading daily-21390.cdiff [100%]
Downloading daily-21391.cdiff [100%]
daily.cld updated (version: 21391, sigs: 1850214, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 271, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (4274486 signatures) from db.UK.clamav.net (IP: 129.67.1.218)
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.sock: No such file or directory

KDE Connect on a hotel Wi-Fi network

KDE Connect

I am a fan of KDE Connect (see my 2014 post about an earlier version), but had previously been unable to use it with a hotel network. However today I managed to do that, and here is how I did it …

I first connected my laptop and my Samsung Galaxy Note 4 to the hotel’s Wi-Fi network, then used the ifconfig command in Linux on my laptop to find the IP address of my laptop on the hotel’s network. Note that the IP address one sees if one uses a Web site such as WhatIsMyIPAddress will be the laptop’s outward-facing IP address, not the IP address of the laptop on the hotel network. For example, the ifconfig command has just shown me that my current DHCP-allocated IP address is 10.154.245.40 on this hotel’s network for this session whereas the Web site WhatIsMyIPAddress is showing my IP address as 78.100.57.102.

By the way, I can also use the excellent Android utility Fing on my Galaxy Note 4 to find the IP address of my laptop on the hotel’s network. It is quite interesting to use Fing to see what other devices (their hostname and IP address) are currently connected to the hotel’s network.

Anyway, then I launched KDE Connect on the Galaxy Note 4, tapped and ‘Add devices by IP’, and entered the laptop’s IP address (10.154.245.40 in this specific case). I was able to pair with KDE Connect running on my laptop and send files from my phone to the laptop, and vice versa.

Netflix – Not fit for purpose?

One of my family has a Netflix account. The account is accessible from any of the desktop and laptop computers in the house, whichever OS they are running.

Recently we bought a so-called ‘smart TV’ (an LG 40UF770V 4K Ultra HD TV, as it happens), and are pleased with it. It runs WebOS 2.0 (yay, Linux!) and the LG Content Store contains a Netflix app, which we promptly installed. The app worked perfectly for several weeks but then stopped being able to access Netflix. When the app was launched, the usual screen with the Netflix logo and the ‘Loading’ rotating indicator would appear but, after a minute or so, an error message would be displayed informing us that Netflix error ‘ui-113’ had occurred. One of the on-screen options then offered by the app was to check the network connection, which we tried, but everything was reported to be working correctly. Not to mention that all the other apps that require an Internet connection work fine. In order to watch a film using Netflix over the Christmas period we had to resort to connecting a laptop to the TV via an HDMI cable and accessing Netflix in a Web browser on the laptop. It is ridiculous to have to resort to such measures to view content on smart TVs which have Netflix apps.

I searched the Web and discovered that many, many people experience the same problem with Netflix and smart TVs. As in our case, they had no trouble accessing their Netflix account on their home network with other devices such as computers, tablets and smart phones. I came across reports by owners of smart TVs made by LG, Philips, Samsung, Sony, Toshiba, and other manufacturers. People who had contacted the relevant TV manufacturer were often told the problem is caused by Netflix, and people who had contacted Netflix were often told the problem is caused by the TV manufacturer.

Netflix has a Help page for this error message, but none of the steps Netflix listed worked, and neither did any of the remedies suggested by others on the Web (including in various YouTube videos). Resetting the TV did not solve the problem. Neither did cycling the mains power to the TV, broadband modem and router (however long the power was off). Nor did changing the TV’s setting for the IP address of the DNS server to one of the well-known public DNS servers such as Google’s. Nor did suggestions such as un-installing and re-installing the Netflix app. Nor did configuring the router to perform port forwarding for Netflix on the TV (not that this should be necessary, but I tried it anyway). Several people wrote that the parental lock in their routers caused the problem, but the parental lock is definitely not enabled in my router. I also tried to access Netflix via the TV’s Web browser; it can log-in to the Netflix account but cannot play content as it does not support the Microsoft Silverlight plug-in or HTML5 required by Netflix.

Nothing we tried solved the problem, and two weeks of this messing around was exasperating. Some people reported that changing the DNS server address in the TV to Google’s DNS servers worked, whereas others reported it didn’t. Even if some lucky person managed to get Netflix working on their smart TV using a certain procedure, other people in the same country with the same model of TV could not, even if they used the same procedure.

In addition to people in a given country trying to get the Netflix app in their smart TV to access their Netflix account in that country, I came across posts by people wanting to access Netflix in a different country (mostly people not in the USA wanting to access US Netflix because it offers a wider range of films and programmes, but also expatriates wanting to access Netflix for their home country with their home-country Netflix account). So I tried recommendations to configure the TV to use a DNS server in the US that some people in the UK had recently indicated would give the Netflix app access to US Netflix rather than UK Netflix (even though we wanted to access UK Netflix from the UK). But that didn’t work either.

However, I didn’t give up. I trawled the Web for lists of DNS servers that some people claimed would give access to Netflix in the UK. I found various Web sites listing IP addresses for DNS servers and tried several of them. Eventually I found one that actually enables the Netflix app in the TV to work, but it accesses US Netflix instead of UK Netflix. Given that the Netflix app has not worked for several weeks, I’m not complaining, but it is not what we were trying to achieve (US Netflix does not provide all the UK TV series available on UK Netflix). Furthermore, according to some of the posts I’ve read, periodically you have to change the DNS server address in the TV because Netflix stops working with the existing address.

Now, I’m a technically-oriented person and it took me several hours over a two-week period to find a solution (well, a work-around). Someone with little or no IT knowledge in the same situation would be at a complete loss as to how to get their Netfix account working. In order for streaming media services to become as ubiquitous as e.g. terrestrial TV, they have to be reliable and be accessible easily to paying customers. Use of Geolocation, GeoDNS and other complex techniques should not cause such a headache to bona fide users. Someone with a Netflix account in his/her country of residence and who simply wants to access Netflix on a smart TV should not have to jump through hoops or hit a brick wall. Clearly this is happening to many people.

On top of that, people such as myself who have to travel internationally frequently because of their work need to be certain that, if they subscribe to a streaming media service, it will work in whatever country they happen to be in at the time (except if blocked by Great Firewalls or content filters on proxy servers, of course) and not be purposely or inadvertently prevented from working by the media service provider’s network concept.

I myself had considered signing up for a Netflix account so that I could view films and TV programmes during my overseas work trips, but, after having to struggle for days to help a family member access a valid Netflix account on a smart TV in the country where the account was set up, will definitely not be giving Netflix my business. In this day and age it is ridiculous that users should have to try umpteen DNS server addresses and reset TVs, routers and modems in order to access their account with a media provider. Services such as Netflix will never have my business until their networking and DRM are sorted out properly and made to work reliably. Until Netflix changes its network delivery model, its service will remain a curate’s egg in my opinion.

NetworkManager: Failed to activate – The name org.freedesktop.NetworkManager was not provided by any .service files

Because I need to connect quickly and easily to numerous wired and wireless networks (DHCP or static IP addressing), I use NetworkManager in my Gentoo Linux amd64 installation running OpenRC and KDE 4. My Clevo W230SS laptop has an Intel Dual Band Wireless-AC 7260 Plus Bluetooth adapter card, and my installation uses the iwlwifi module:

# lspci -knn | grep Net -A2
03:00.0 Network controller [0280]: Intel Corporation Wireless 7260 [8086:08b1] (rev bb)
        Subsystem: Intel Corporation Dual Band Wireless-AC 7260 [8086:4070]
        Kernel driver in use: iwlwifi
# lsmod | grep iwl
iwlmvm                143919  0
iwlwifi                75747  1 iwlmvm

As I am using NetworkManager instead of netifrc, in accordance with the instructions in the Gentoo Wiki article on NetworkManager I do not have any net.* services enabled (not even net.lo):

# rc-update show -v
       NetworkManager |      default                 
                acpid |                              
            alsasound |                              
         avahi-daemon |                              
       avahi-dnsconfd |                              
               binfmt | boot                         
            bluetooth |      default                 
             bootmisc | boot                         
         busybox-ntpd |                              
     busybox-watchdog |                              
                clamd |                              
          consolefont |                              
           consolekit |      default                 
               cronie |      default                 
         cups-browsed |      default                 
                cupsd |      default                 
                 dbus |      default                 
                devfs |                       sysinit
               dhcpcd |                              
                dhcpd |                              
             dhcrelay |                              
            dhcrelay6 |                              
                dmesg |                       sysinit
              dropbox |                              
           fancontrol |                              
                 fsck | boot                         
                 fuse |                              
           git-daemon |                              
                  gpm |                              
              hddtemp |                              
             hostname | boot                         
              hwclock | boot                         
            ip6tables |                              
             iptables |                              
              keymaps | boot                         
            killprocs |              shutdown        
    kmod-static-nodes |                       sysinit
           lm_sensors |                              
                local |      default                 
           localmount | boot                         
             loopback | boot                         
      mit-krb5kadmind |                              
          mit-krb5kdc |                              
       mit-krb5kpropd |                              
              modules | boot                         
             mount-ro |              shutdown        
                 mtab | boot                         
                mysql |                              
                  nas |                              
         net.enp4s0f1 |                              
               net.lo |                              
             netmount |      default                 
           ntp-client |                              
                 ntpd |                              
           nullmailer |                              
              numlock |                              
  nvidia-persistenced |                              
           nvidia-smi |                              
              osclock |                              
              pciparm |                              
               procfs | boot                         
              pwcheck |                              
            pydoc-2.7 |                              
            pydoc-3.4 |                              
               rfcomm |                              
                 root | boot                         
               rsyncd |                              
            s6-svscan |                              
                samba |      default                 
                saned |                              
            saslauthd |                              
            savecache |              shutdown        
                 sntp |                              
                 sshd |      default                 
             svnserve |                              
                 swap | boot                         
            swapfiles | boot                         
              swclock |                              
               sysctl | boot                         
                sysfs |                       sysinit
            syslog-ng |      default                 
        teamviewerd10 |                              
         termencoding | boot                         
             timidity |                              
         tmpfiles.dev |                       sysinit
       tmpfiles.setup | boot                         
               twistd |                              
                 udev |                       sysinit
                  ufw | boot                         
              urandom | boot                         
       wpa_supplicant |                              
                  xdm |      default                 
            xdm-setup |

I have left the netmount service enabled in case I want to use network-attached file shares at home or in one of the various office locations where I work.

Networking works fine on my laptop with the many wired and wireless networks I have used except for one particular public wireless network (it is in an airport, has multiple Access Points, and its Access Points only support 802.11a/b/g, which may or may not be relevant) for which the following message would usually appear in a pop-up window when I tried to connect to the network from the KDE network management GUI after start-up:

Failed to activate
The name org.freedesktop.NetworkManager was not provided by any .service files

Error message displayed by KDE when trying to connect to one specific network

Error message displayed by KDE when trying to connect to one specific network


This occurred with both networkmanager-1.0.2-r1 and networkmanager-1.0.6, the two Stable Branch releases of NetworkManager currently available in Gentoo Linux.

The wireless network is not the only network at that particular location, and the ‘Failed to activate’ message occurred whichever network (wireless or wired) I tried to access at that location. When this problem occurred, it transpired that the NetworkManager service was not running (it had crashed):

$ nmcli d
Error: NetworkManager is not running.
$ rc-status
Runlevel: default
 dbus                   [  started  ]
 NetworkManager         [  crashed  ]
 netmount               [  started  ]
 syslog-ng              [  started  ]
 cupsd                  [  started  ]
 samba                  [  crashed  ]
 consolekit             [  started  ]
 cronie                 [  started  ]
 bluetooth              [  started  ]
 xdm                    [  started  ]
 cups-browsed           [  started  ]
 sshd                   [  started  ]
 local                  [  started  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed
 xdm-setup              [  started  ]
 avahi-daemon           [  started  ]
Dynamic Runlevel: manual

(I am not bothered that Samba crashes in that particular location. It crashes even if a connection is established, because the public wireless network does not provide network file systems. Samba works fine when I connect the laptop to an office network or to my home network.)

Even if the ‘Failed to activate’ message occurred, sometimes (but not always) the laptop could still connect to networks after I restarted the NetworkManager service (albeit sometimes it was necessary to restart it more than once):

# /etc/init.d/NetworkManager restart

When it is possible to connect to networks, the NetworkManager service is of course running:

$ nmcli d
DEVICE    TYPE      STATE        CONNECTION           
sit0      sit       connected    sit0                 
wlp3s0    wifi      connected    Free_Airport_Internet
enp4s0f1  ethernet  unavailable  --                   
lo        loopback  unmanaged    --        
$ rc-status
Runlevel: default
 dbus                   [  started  ]
 NetworkManager         [  started  ]
 netmount               [  started  ]
 syslog-ng              [  started  ]
 cupsd                  [  started  ]
 samba                  [  crashed  ]
 consolekit             [  started  ]
 cronie                 [  started  ]
 bluetooth              [  started  ]
 xdm                    [  started  ]
 cups-browsed           [  started  ]
 sshd                   [  started  ]
 local                  [  started  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed
 xdm-setup              [  started  ]
 avahi-daemon           [  started  ]
Dynamic Runlevel: manual

I searched the Web for the error message and, based on a recommendation on the Web page ‘nm-applet gives errors‘ claiming the problem is due to the iwlwifi driver when used with an Intel 7260 controller, I created a file /etc/modprobe.d/iwlwifi.conf containing the following line, and rebooted:

options iwlwifi power_save=0

However, the error message still occurred. So I changed the iwlwifi module options line to the following, as also recommended on that page, and rebooted:

options iwlwifi 11n_disable=1 power_save=0

However, the error message still occurred.

The default value for OpenRC’s rc_depend_strict variable is YES if rc_depend_strict is not declared in the file /etc/rc.conf, but I do not think that is the cause of the problem:

# Do we allow any started service in the runlevel to satisfy the dependency
# or do we want all of them regardless of state? For example, if net.eth0
# and net.eth1 are in the default runlevel then with rc_depend_strict="NO"
# both will be started, but services that depend on 'net' will work if either
# one comes up. With rc_depend_strict="YES" we would require them both to
# come up.
#rc_depend_strict="YES"

As already mentioned, sometimes just restarting the NetworkManager service once or more did enable the laptop to connect to the network. This made me wonder whether the problem had something to do either with the timing of the launch of the NetworkManager service or with the timing of the service establishing a connection. As netmount is the only other network-related service enabled at start-up, I checked the netmount service’s configuration file /etc/conf.d/netmount to see what it contained (it’s the same in both the latest stable openrc-0.17 and the latest testing openrc-0.18.2):

# You will need to set the dependencies in the netmount script to match
# the network configuration tools you are using. This should be done in
# this file by following the examples below, and not by changing the
# service script itself.
#
# Each of these examples is meant to be used separately. So, for
# example, do not set rc_need to something like "net.eth0 dhcpcd".
#
# If you are using newnet and configuring your interfaces with static
# addresses with the network script, you  should use this setting.
#
#rc_need="network"
#
# If you are using oldnet, you must list the specific net.* services you
# need.
#
# This example assumes all of your netmounts can be reached on
# eth0.
#
#rc_need="net.eth0"
#
# This example assumes some of your netmounts are on eth1 and some
# are on eth2.
#
#rc_need="net.eth1 net.eth2"
#
# If you are using a dynamic network management tool like
# networkmanager, dhcpcd in standalone mode, wicd, badvpn-ncd, etc, to
# manage the network interfaces with the routes to your netmounts, you
# should list that tool.
#
#rc_need="networkmanager"
#rc_need="dhcpcd"
#rc_need="wicd"
#
# The default setting is designed to be backward compatible with our
# current setup, but you are highly discouraged from using this. In
# other words, please change it to be more suited to your system.
#
rc_need="net"

As I am using NetworkManager rather than netifrc, I followed the instructions in the file’s comments and changed the file’s contents from:

rc_need="net"

to:

rc_need="networkmanager"

After making the above change, the console messages at boot-up included a new message:

* ERROR: netmount needs service(s) networkmanager

That message made sense: rc_need had been set to "networkmanager" and, obviously, netmount can only do its job if NetworkManager is running (AND a network connection has been established). However, notice that the name of the NetworkManager service initscript is /etc/init.d/NetworkManager, not /etc/init.d/networkmanager. In other words, the instructions in /etc/conf.d/netmount are wrong: the name of the service is actually ‘NetworkManager‘, not ‘networkmanager‘. So I changed /etc/conf.d/netmount to contain rc_need="NetworkManager" instead of rc_need="networkmanager" and, unsurprisingly, the above-mentioned error message no longer occurs. I have filed Gentoo Bugzilla Bug Report No. 564846 requesting that the comment in the configuration file be changed.

Nevertheless, the ‘Failed to activate’ message still occurred when I tried to connect to any network at that location by using the DE’s network management GUI, and therefore I still needed to restart the NetworkManager service manually in order to be able to connect to any network there. Although I am not yet sure of the root cause and solution, I have found a work-around which avoids me having to manually restart the NetworkManager service, as explained below.

Although OpenRC correctly launches the NetworkManager service, that service remains inactive until it actually establishes a network connection. This is not a bug, it is the way OpenRC and NetworkManager work (see the explanation in the Gentoo Forums thread NetworkManager has started, but is inactive). This is why the following console message appears during boot-up:

* WARNING: NetworkManager has already started, but is inactive

If you did not configure NetworkManager to connect automatically to a network, after logging-in to the DE you will need to use the DE’s network management GUI (plasma-nm in the case if KDE, nm-applet in the case of e.g. Xfce) to tell NetworkManager to connect to the desired network. However, I found that waiting that long before trying to connect is too late to avoid the ‘Failed to activate’ problem, i.e. NetworkManager crashes after a while. I do not know why this happens, but it usually happens only when I am at the location covered by one specific wireless network (which is why I wonder if the problem is a result of that network only supporting 802.11a/b/g). By configuring NetworkManager to connect automatically to the wireless network which seemed to trigger the problem, the NetworkManager service tries to connect earlier. It is possible to configure NetworkManager to do this either by using the DE network GUI and ticking ‘Automatically connect to this network when it is available’ for the relevant network connection, or by directly editing the relevant connection’s file in the directory /etc/NetworkManager/system-connections/.

Of the various wired and wireless connections I had configured on the laptop, I had named the problematic wireless network’s connection ‘Free_Airport_Internet’. So I edited the file /etc/NetworkManager/system-connections/Free_Airport_Internet and deleted the line ‘autoconnect=false‘ in the [connections] section of the file (the default value of the autoconnect variable is TRUE – see man nm-settings). I could instead have done this by using the DE’s network manager GUI and ticking ‘Automatically connect to this network when it is available’ for that network connection. Now, when the laptop boots, NetworkManager tries to connect to that network and the ‘Failed to activate’ problem is avoided. This works with or without the iwlwifi driver options I mentioned above, so, despite the claim on the Web page I referenced above, the root cause of the problem does not appear to be the iwlwifi driver. What I don’t understand is why the problem only seems to occur with one particular network (a public wireless network which happens to only support 802.11a/b/g), i.e. even if none of the NetworkManager connection files in my installation have been configured to try to establish a connection automatically, with all the other wireless networks I have used in other locations (I believe those all support at least 802.11a/b/g/n) I have been able to establish a connection manually by using the DE’s network management GUI.

The bottom line

If your installation uses NetworkManager and you experience the ‘Failed to activate’ message when trying to connect to networks from the DE’s network management GUI, check if the NetworkManager service is running. You can check by using the command ‘nmcli d‘ in a console. If it is not running, try to restart the NetworkManager service from the command line. If the connection is not already configured to start automatically, configure it to start automatically in order to try to make NetworkManager become active at an early stage.

POSTSCRIPT (November 6, 2015)

The two links below are to old bug reports regarding earlier versions of NetworkManager having trouble using wireless networks with multiple Access Points. I wonder if the problem I saw with NetworkManager crashing when not configured to connect automatically to the specific network I mentioned above is somehow related to those problems:

background scanning causes drivers to disassociate – WiFi roaming causes NetworkManager to lose routing

network-manager roams to (none) ((none)) – background scanning

Roaming to BSSID “(none)” certainly happens with this particular network too, as shown by the messages in the laptop’s system log from yesterday when I was using the laptop with that network (the laptop was stationary the whole time):

# cat /var/log/messages | grep "Nov  5 11" | grep NetworkManager | grep \(none\)
Nov  5 11:01:22 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID 04:C5:A4:C3:F9:EE (Free_Airport_Internet) to (none) ((none))
Nov  5 11:01:22 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID (none) ((none)) to B8:BE:BF:69:89:6E (Free_Airport_Internet)
Nov  5 11:13:23 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID B8:BE:BF:69:89:6E (Free_Airport_Internet) to (none) ((none))
Nov  5 11:13:23 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID (none) ((none)) to 04:C5:A4:C3:F9:EE (Free_Airport_Internet)
Nov  5 11:15:23 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID 04:C5:A4:C3:F9:EE (Free_Airport_Internet) to (none) ((none))
Nov  5 11:15:23 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID (none) ((none)) to B8:BE:BF:69:89:6E (Free_Airport_Internet)
Nov  5 11:19:22 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID B8:BE:BF:69:89:6E (Free_Airport_Internet) to (none) ((none))
Nov  5 11:19:23 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID (none) ((none)) to B8:BE:BF:69:89:6E (Free_Airport_Internet)
Nov  5 11:49:50 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID B8:BE:BF:69:89:6E (Free_Airport_Internet) to (none) ((none))
Nov  5 11:49:50 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID (none) ((none)) to 68:BC:0C:A1:3C:DE (Free_Airport_Internet)
Nov  5 11:51:51 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID 68:BC:0C:A1:3C:DE (Free_Airport_Internet) to (none) ((none))
Nov  5 11:51:51 clevow230ss NetworkManager[2459]:   (wlp3s0): roamed from BSSID (none) ((none)) to B8:BE:BF:69:89:6E (Free_Airport_Internet)

Today I’m using a hotel network in my hotel room, and that does not roam to BSSID “(none)”, but I don’t know if my room is within range of more than one Access Point:

# cat /var/log/messages | grep "Nov  6" | grep NetworkManager | grep \(none\)
#

Anyway, with the work-around described in this post I have not had any further trouble accessing the particular network, but it would be interesting to know the root cause.

Using a keyboard shortcut in Linux to add an e-mail signature giving current location and local time

In my previous post I showed how to find the current time at any town or city Worldwide from the command line in Gentoo Linux. My interest in a command to do this is not to use it on the command line per se, but to use the command in a keyboard shortcut to insert a signature at the end of my e-mails.

I have to travel internationally frequently because of my work, but I leave my laptop’s hardware clock set to UTC and the system clock set to the local time of my home town. This means that, irrespective of where I am in the World, the e-mail client (Thunderbird, in my case) uses the local time of my home town in e-mail headers and calenders. It is not practical to reconfigure Linux for each timezone I happen to be in (see my post Configuring the Linux clock), and, in any case, I want the file system’s timestamps to use one timezone only and all the timestamps in my e-mails and the e-mail client’s calender to use one timezone only, so there is less chance of me getting confused. I could have configured the installation to use UTC for the system clock, but I prefer the system clock to use the timezone of my home town. Of course, even though the system clock is always set to the timezone of my home town, on the Panel clock I select the timezone of the location where I happen to be, so that the Panel clock displays the local time in that timezone.

I wanted to be able to insert a signature at the end of each e-mail, stating my current location and the current time at that location, so that the person receiving the e-mail could tell from where in the World I sent the e-mail and the local time it was sent, as that local time could differ from the time shown in the e-mail header. For example, let us assume that Jane, who lives in the UK and whose system clock is configured for the timezone Europe/London, is making a brief visit to Perth, Australia and sends an e-mail to Dave in the UK at 06:36 on 11 October (Perth time). The e-mail below illustrates the type of signature I wanted to achieve.

Subject: Site visit
From: Jane <jane@acompany.com>
To: Dave <dave@acompany.com>
Date: Sat Oct 10 2015 23:36:40 GMT+0100 (BST)

Hello Dave,

This is to let you know that I have just arrived in Perth and will be
visiting site at 09:00 local time to speak to the client. Tomorrow p.m.
I have a meeting scheduled with our local project manager, so I would
appreciate it if you would e-mail the latest documentation to me. I will
not have spare time until I’m in my room at the hotel tonight but will
read the documents tomorrow a.m. in readiness for the meeting with
the local project manager. Thanks in advance.

Regards,
Jane
Current location: Perth (Australia)
Local time now: Sat Oct 11 06:36:31 2015 AWST

As you can see above, because the OS on Jane’s and Dave’s laptops is configured for the timezone Europe/London, the e-mail header shows the current time in the UK when the e-mail was sent, which was October 10, 23:36 British Summer Time (22:36 UTC), and the signature shows the corresponding local time in Perth, Australia, which was October 11, 06:36 Australian Western Standard Time. It becomes even more confusing if the computer of the person receiving the e-mail is configured for a third timezone. For example, let’s say Dave is based in Seattle, USA rather than the UK. His e-mail client would then display the time in that timezone when the e-mail was sent. This is usually my case, i.e. my Linux installation is configured for Timezone1 but I happen to be in Timezone2 when I send an e-mail to someone who is based in Timezone3 and whose OS is configured for that timezone.

I wanted to use a keyboard shortcut to add a signature to the end of my e-mails, as shown above. I therefore created the Bash script listed below, which I named timezone_signature_GeoNames.sh:

#!/bin/bash

location=$(kdialog --title "Current Location" --inputbox "Enter your location:")

localtime=$(perl /home/fitzcarraldo/now1.pl $location)
place=`echo $localtime | cut -d'|' -f1`
place=$place" "`echo $localtime | cut -d'|' -f2`
timezone=`echo $localtime | cut -d'|' -f4`

if [ $location != "" ]; then
  echo -n "Current location: "
  echo $place
  echo -n "Local time now:"
  /usr/sbin/zdump ${timezone} | cut -d' ' -f2-
fi
echo

Notice that the Bash script uses the GUI dialogues utility kdialog to display a pop-up window prompting me to enter the name of a town/city. As I am using KDE I opted to use a dialogues utility developed for use in KDE, but I could have used Zenity instead.

The Perl script now1.pl is a variant of the Perl script now.pl described in my previous post, modified very slightly in order to facilitate formatting of the output by the Bash script, and is listed below.

#!perl

use strict;
use warnings;

use DateTime;
use Geo::GeoNames;
use URI::Escape;
use Encode;

binmode STDOUT, ':encoding(UTF-8)';

my $city = decode("UTF-8", @ARGV ? shift : 'London');
# N.B. Replace London with your home town/city.

my $geo = Geo::GeoNames->new( username => '************' );
# N.B. Replace the asterisks with your GeoNames user name.

my $result = $geo->search(
q       => uri_escape_utf8($city),
maxRows => 1,
style   => 'FULL'
);

defined $result->[0] or die "Unrecognized city '$city'\n";

my $city_name    = $result->[0]->{name};
my $country_name = $result->[0]->{countryName};
my $time_zone    = $result->[0]->{timezone}{content};
my $time_now     = DateTime->now( time_zone => $time_zone );

#print "$city_name ($country_name) $time_now ($time_zone)\n";

print "$city_name|($country_name)|$time_now|$time_zone\n";

exit 0;

The only thing remaining was to configure a keyboard shortcut to launch the Bash script. I opted to use the key combination Ctrl-Alt-z for the shortcut. As I am using KDE I could have used KDE’s ‘System Settings’ > ‘Shortcuts and Gestures’> ‘Custom Shortcuts’ to specify the shortcut and the name of the script it launches. However, as I also use AutoKey for various shortcuts, I opted to use that instead, so I used the AutoKey GUI to create a shortcut named ‘Insert Current Time’ to use the following command:

output = system.exec_command("/home/fitzcarraldo/timezone_signature_GeoNames.sh")
keyboard.send_keys(output)

Use

I compose my e-mails as usual, and, after entering my name at the end of the e-mail, I press Ctrl-Alt-z. A window then pops up prompting me to enter my current location, which I do and then click on ‘OK’. The location and current time at that location are then added to the end of the e-mail, and it just remains for me to click on the ‘Send’ button in the e-mail client’s window. As the Perl script now1.pl uses the Internet to access the GeoNames database, my laptop must be connected to the Internet when I use the shortcut.

KDialog window that pops up when I use the keyboard shortcut

KDialog window that pops up when I use the keyboard shortcut

If the town/city name consists of more than one word (Rio de Janeiro, for example) then replace spaces with hyphens when you enter the location name in the pop-up window (Rio-de-Janeiro, for example) and then the keyboard shortcut will return the correct location and local time:

Current location: Rio de Janeiro (Brazil)
Local time now: Fri Oct 16 09:28:19 2015 BRT