Samba over ssh tunnels again broken

October 19, 2009

Today, I can no longer access the samba through ssh mount. The putty log shows the following error messages:

2009-10-19 17:45:08 Local port 10.0.0.1:139 forwarding to lehre4:139 failed: Network error: Cannot assign requested address
2009-10-19 17:45:08 Local port 10.0.0.1:445 forwarding to lehre4:139 failed: Network error: Cannot assign requested address

Grmpf. Which address? 10.0.0.1 or lehre4:139? what does “assign” mean? – Again an error message which gives no sense. I find nothing useful with google. I do NOT want to look into the source code of putty!

I try reboot, change lehre4 to lehre4.rad.univie.ac.at, etc. Situation unchanged.

I have installed a aon wireless connection on my contryside house recently. This crappy connection needs a special software, it cannot connect with the windows wireless setup. Maybe this corrupts the setup?

Even if the putty is not running,
“c:\Program Files”\nc.exe -l -s 10.0.0.1 -p 445
yields
Can’t grab 10.0.0.1:445 with bind

I should work now, not play around…
I check my loopback adapter. ipconfig /all reveals that it has a strange ip-adress now? DPHC is activated! Refering to http://www.blisstonia.com/eolson/notes/smboverssh.php (what I used for setting it up) it’s ip should be 10.0.0.1 – somehow this has changed? I set the addresses to:
Ethernet-Adapter LAN-Verbindung 4:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft Loopbackadapter
Physikalische Adresse . . . . . . : 02-00-4C-4F-4F-50
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 10.0.0.1(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . :10.0.0.0
DNS-Server . . . . . . . . . . . : 131.130.1.11
131.130.1.12
NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Putty now yields:
2009-10-19 19:00:38 Local port 10.0.0.1:139 forwarding to lehre4:139
2009-10-19 19:00:38 Local port 10.0.0.1:445 forwarding to lehre4:139 failed: Network error: Permission denied

This looks good…
reboot.

Worked!

However, I suspect that there is still a problem: I think the aon stuff needs the loopback-adapter with 10.0.0.1 set to DHPC. Actually, it was no good idea from me to use 10.0.0.1 for my loopback-adapter: the first local ip adress, the chances that some program would collide were for sure high.

I decide to rebuild the stuff for my a new loopback-adapter 10.0.0.137.

I cite from http://www.blisstonia.com/eolson/notes/smboverssh.php with the adress substituted:

1. System->Control Panel->Add Hardware
2. Yes, Hardware is already connected
3. Add a new hardware device (at bottom of list)
4. Install the hardware that I manually select
5. Network adapters
6. Microsoft , Microsoft Loopback Adapter
7. (Go through the installation procedure.)

Now we configure the new localhost adapter.

1. Open up your existing (real) ethernet adapter and write down your gateway and DNS server addresses.
2. Open your new fake ethernet adapter (Network Connections) , enter a made-up IP address (I suggest 10.0.0.1, which is a privately routable address that most folk don’t use.)
3. Enable Client for Microsoft Networks.
4. Disable File and Printer Sharing for Microsoft Networks
5. Enable Interent Protocol (TCP/IP)
6. Click on properties for TCP/IP.
7. Enter your chosen IP address (10.0.0.137), subnet mask (255.255.255.0), and gateway (Peter Steier: I guess 10.0.0.0) and DNS information you got from your real adapter.
8. Under advanced->WINS, Enable LMHosts Lookup and Disable NetBIOS over TCP/IP
9. Enter 9999 for the interface metric. (Necessary?)

At this point I had to reboot; it didn’t tell me to, but it wasn’t working.

Actually, I do not reboot, just disable/enable.

ipconfig /all
yields:
Ethernet-Adapter LAN-Verbindung 5:

Verbindungsspezifisches DNS-Suffix:
Beschreibung. . . . . . . . . . . : Microsoft Loopbackadapter #2
Physikalische Adresse . . . . . . : 02-00-4C-4F-4F-50
DHCP aktiviert. . . . . . . . . . : Nein
Autokonfiguration aktiviert . . . : Ja
IPv4-Adresse . . . . . . . . . . : 10.0.0.137(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . :10.0.0.0
DNS-Server . . . . . . . . . . . : 131.130.1.11
131.131.1.12
NetBIOS über TCP/IP . . . . . . . : Deaktiviert

Putty:
forward 10.0.0.137:139 -> lehre4:139
foward 10.0.0.137:445 -> lehre4:139

(lehre4 is our samba server; it serves only port 139)

I disconnect my Y: network drive and map it new to \\10.0.0.137\data
-> I get a connection! However, it probably woould not work after the next reboot, since vista would grab 10.0.0.137:445 then… change my boot script!

It looks now like:
REM batch file to start the smb service without port 445
REM Peter Steier 2009-02-28
start “bind_port_445” “C:\Program Files\nc.exe” -l -s 10.0.0.137 -p 445 2>C:\temp\bin_port_445.log
net start smb
ping 127.0.0.1 -n 2 -w 1000 > nul
taskkill /fi “Windowtitle eq bind_port_445”
(remember, port 139 wasn’t the problem. So I could go back to the first version only blocking 445 from vista grabbing)

I set loopback-adoptor 10.0.0.1 to DPHC again, to avoid problems with aon wireless.

reboot…

Microsoft Vista SP2 has broken SAMBA through ssh tunnels

August 12, 2009

When trying my samba connections through ssh tunnels today, port 139 could not be forwarded by putty:

2009-08-12 17:13:53 Local port 10.0.0.1:445 forwarding to lehre4:139 failed: Network error: Permission denied

I think, Vista has now also “stolen” port 139 on the loopback devices (see below for port 445). I try to grab it in my script also, before Vista can get it.

Note: I have said “I put it into autostart”. Actually, I use the “Task scheduler”, “Task Scheduler Library”, to run it at startup.

The script look now like:

# batch file to start the smb service without port 445 and 139
# Peter Steier 2009-02-28
start “bind_port_445” “C:\Program Files\nc.exe” -l -s 10.0.0.1 -p 445
start “bind_port_139” “C:\Program Files\nc.exe” -l -s 10.0.0.1 -p 139
net start smb
ping 127.0.0.1 -n 2 -w 1000 > nul
taskkill /fi “Windowtitle eq bind_port_445”
taskkill /fi “Windowtitle eq bind_port_139”

However, still does not work… I just see that port 445 is now again the problem, not port 139. I undo this change.

Following http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/d30d3c98-58c5-47f6-b5a5-f5620882020d/
I create HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\SmbDeviceEnabled = 0x00000000 (0)
Helps nothing. I delete the Key again.
However, maybe I have the solution. I check the recipe to prevent port grabbing at http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/d30d3c98-58c5-47f6-b5a5-f5620882020d/#page:2 again, and see:

Go to “Device Manager” select View and enable “show hidden devices.”; Expand “Non-Plug and Play Drivers” and set “Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)” to start on demand.

I check this – and see that it is set to “System” insted of “on demand”. I change this and reboot…
-> works! Problem solved.

Windows Vista wininit.exe listens on Client-Port 49152

July 12, 2009

I encountered a port conflict between a proprietary server programmed by some university (actually running on my own computer) and Microsoft Vista: Vista wininit.exe listens to port #49152 – actually, servers should use addresses from 0-49151, 49152 onward is for temporary connections of clients. This mistake can be forgiven to non-commercial university groups, but probably not to an international company like microsoft.

Moreover, there is no documentation by microsoft on the web what this wininit is, and whether one can close the port.

How to rename large numbers of .eml files to usful names (e.g. stored with Tunderbird add-on SmartSave)

July 12, 2009

I have written a UNIX bash-shell script which can rename saved e-mail messages to _.eml; it will add version numbers if two e-mails would get the same name, but differ (full text comparison):

file cleansen_eml:

#!/bin/bash
# cleanup .eml file name and date

for THEFILE in *.eml ; do
    # echo >&2 "processing $THEFILE" ;
    if test "${THEFILE%.eml}" = "$THEFILE" ; then
        echo >&2 ;
        echo >&2 "**** $PWD" ;
        echo >&2 "File $THEFILE ignored since no .eml" ;
        continue ;
      fi ;
    THEFROM=$(grep -m 1 "^From: \|^Von: " "$THEFILE") ;
    THETO=$(grep -m 1 "^To: \|^An: " "$THEFILE") ;
    THEDATE=$(grep -m 1 "^Date: \|^Datum: " "$THEFILE") ;
    THESUBJECT=$(grep -m 1 "^Subject: \|^Betreff: " "$THEFILE") ;
    if test -z "$THEFROM" -o -z "$THEDATE" -o -z "$THESUBJECT" ; then
        echo >&2 ;
        echo >&2 "**** $PWD" ;
        echo >&2 "From:, Date:, or Subject: not found in $THEFILE. Ignore, maybe no e-mail." ;
        continue ;
      fi ;

    # echo >&2 "$THEFROM" ;
    CLEANFROM="$(echo ${THEFROM#*: } | sed -f $PSROOT/Arbeit/shell_scripts/clean_mailer.sed | cut -c 1-20)" ;
    CLEANTO="$(echo ${THETO#*: } | sed -f $PSROOT/Arbeit/shell_scripts/clean_mailer.sed | cut -c 1-20)" ;
    CLEANSUBJECT="$(echo ${THESUBJECT#*: } | sed -f $PSROOT/Arbeit/shell_scripts/clean_subject.sed )" ;
    CLEANFILENAME="$(echo -n "$CLEANFROM to $CLEANTO, $CLEANSUBJECT" | tr -c "A-Za-z0-9.,@ " "_" | sed -e "s/__/_/g" | cut -c 1-100).eml" ;
    # echo >&2 "-> $CLEANFILENAME" ;
    VERCOUNT=1 ;
    while test -e "$CLEANFILENAME" ; do
        echo >&2 ;
        echo >&2 "**** $PWD" ;
        echo >&2 "FILE $CLEANFILENAME exists." ;
        if cmp "$THEFILE" "$CLEANFILENAME" ; then
            echo >&2 "The files are the same:" "$THEFILE", "$CLEANFILENAME" ;
            break ;
          fi ;
        echo >&2 "I add a version number to the filename: " ;
        CLEANFILENAME="${CLEANFILENAME%.eml}" ;
        CLEANFILENAME="${CLEANFILENAME%.[0-9]}" ;
        CLEANFILENAME="${CLEANFILENAME%.[0-9][0-9]}" ;
        CLEANFILENAME="${CLEANFILENAME}.$VERCOUNT.eml" ;
        VERCOUNT=$(($VERCOUNT+1)) ;
      done ;
    # echo mv "$THEFILE" "$CLEANFILENAME" ;
    mv "$THEFILE" "$CLEANFILENAME" ;
    touch -d "${THEDATE#*: }" "$CLEANFILENAME" ;
    echo -n . ;
  done ;

exit 0 ;

It needs two helper files:

clean_mailer.sed:

s/=[?][A-Za-z]*-[-0-9]*[?]Q[?]//g
s/[?]=//g
s/^"\([^"]*\)" <\([^>]*\)>.*/\1 <\2>/g
s/^\([A-Z]\)\([a-z]*\) \([A-Za-z]*\) <\([-a-zA-Z0-9._]*@[-a-zA-Z0-9._]*\)>.*/\1.\3/
s/^\([A-Za-z]*\), \([A-Z]\)\([a-z]*\) <\([-a-zA-Z0-9._]*@[-a-zA-Z0-9._]*\)>.*/\2.\1/
s/^\([A-Z]\)\([a-z]*\) \([A-Za-z]\)\([A-Za-z]*\) \([A-Za-z]*\) <\([-a-zA-Z0-9._]*@[-a-zA-Z0-9._]*\)>.*/\1.\3.\5/
s/^<\([a-zA-Z]\)\([a-zA-Z]*\)[.]\([a-zA-Z]*\)@\([-a-zA-Z0-9._]*\)>/\1.\3/
s/^\([a-zA-Z]\)\([a-zA-Z]*\)[.]\([a-zA-Z]*\)@\([-a-zA-Z0-9._]*\)/\1.\3/
s/^\([-A-Za-z0-9_][-A-Za-z0-9_ ]*\)<\([^>]*\)>/\1/
s/^<\([-a-zA-Z0-9_][-a-zA-Z0-9]*\)@\([-a-zA-Z0-9._]*\)>/\1@\2/
s/  / /g
s/^ //g

clean_subject.sed:

s/=[?][A-Za-z]*-[-0-9]*[?]Q[?]//g
s/[?]=//g
s/=E4/ae/g
s/=FC/ue/g
s/=F6/oe/g
s/=DF/ss/g
s/="E/./g
s/  / /g
s/^ //g

Unfortunately, I do not understand much about Windows batch programming. I’m sure it could be also done in Windows. However I have installed cygwin and use a batch file:

cleansen_eml.bat:

cd "%1"
echo "%1"
C:\cygwin\bin\bash -ic "cleansen_eml"

I have put the batch in the context menu of Vista folders. Unfortunately I have lost my notes how I did it, but I had it from the web…

(2012-02-14) Ok, after reinstalling my Vista, I also had to look into this again, it can be done resonably well witH FileMenu Tools from LopeSoft.

I’ve got an IRISnotes 1.0

May 27, 2009

did not cost a lot of money, and the harware seems good, but the software is crap and thus the device is not useful for me.

What the device should do:

* produce notes files which are the page image as .pdf or some other common format, with automatically created hand script recognition hidden from the eyes from the user under the page image, but which allows full test searches, and copy and paste to MS Word, etc.

* interface with Windows Journal (which does this job perfectly if used with a Tablet PC).

Actually, there is no useful way to produce anything similar with the present software. What the device can’t do:

* it does not provide any useful dat exchange properties which keep the hand script information. It just allows you to export the notes as proprietary .pegvf, which can be read by no other software in the world, and as JPEG. JPEG is just a bitmap, and does not preserve the strokes of the handwriting. It is not feasible in the next few years that there will be a techology to do OCR on bitmap hand script. Thus, you can as well delete the note, you will not be able to use it again.

* It does not support Tablet PC hand script recognition. Thus, all training you have done to the Windows Vista hand script engine is ignored. Thus, the recognition quality (MyScript) is low.

* You have to send the notes individually to hand script recognition with MyScript, and then save the result. The connection between the hand script file and the recognized text is thus lost.

* Full text search on the documents does not work.

Thus, I suggest that you refrain from buying the product until it supports the Windows hand script recognition engine, and stores the files in .jnt (Windows Journal) format.

I hope somebody from the company reads my blog.

2009-05-27,22:24
I have to correct myself: one can send a complete set of notes to MyScript, and save the results as one .notes file. This is a plain text file, one can add it to the windows search index. The .notes files contains also the lines strokes. Thus, an utility to convert .notes to .jnt should be possible…

Save e-mails as folders

May 19, 2009

I do not like the MIME-encoded .eml files. They hamper access to the contents (e.g. for search engines, and for my Nokia N810). I think the best format would be just a folder with the name of the message, containg the text as .txt file and the decoded attachments.

Research done already:
munpack: Version 1.5 available for DOS at
ftp://ftp.andrew.cmu.edu/pub/mpack/old/mpack15d.zip
Unzip into C:\Programme\mpack\
Start from command line with
C:\Programme\mpack\munpack.exe -t <test.eml
Works, but writes the result into the original directory. A little batch programming is needed to create the prope subdirectory. The text-only parts are saved without proper extension (.txt or .html)

Major disadvantages yet to be solved:
* The headers are lost
* Clicking in the mail does not open a mail program

I will continue.

2011-08-31

Unfortunately, the utility destroys the file names, since it uses 8-char DOS abbreviations. MIME::Explode – Perl extension for explode MIME messages might be an option.

Please invent ssh tunnels which do not break

May 1, 2009

I suffer from network connections which often break: mainly, the “eduroam” wireless goes down for a few seconds. This breaks all my tcp connections.

However, most of my connections are tunneled through ssh (with putty on one side, and a linux server on the other). I see no reason why the connections should break when the network is interrupted: ssh client and server could just leave the local ports open, wait until the network is repaired and the ssh connection re-established, and then continue as before. This could be done completely transparent to all applications, which allow for sufficiently long timeouts. Should be almost trivial to implement.

For sure, it would be reasonable to clean up connections which are not re-established after a few weeks.

Please, developers, implement these unbreakable tunnels!

Vista broke localhost

May 1, 2009

Today, Putty did no longer work with X-forwarding. The reason was that Vista Update had corrupted the hosts file…

See
http://iam-jla.blogspot.com/2009/03/putty-x11-forwarding-stopped-working-on.html
for a solution.

Mount Vista network drive through ssh tunnel through VPN

February 28, 2009

I can access a linux computer at my office through vpn. I want start a ssh connection and tunnel the smb port(s) to samba server (another computer at the office). Then I want to map a network drive on my laptop to the samba disk. I think I finally got it. However, Microsoft sometimes really seems to make things difficult.

My solution:

Create a loopback adaptor at 10.0.0.1, and map ports 10.0.0.1:445 and 10.0.0.1:139 to <samba-server>:139
http://www.blisstonia.com/eolson/notes/smboverssh.php

Prevent that the smb service grabs the 10.0.0.1:445 port
http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/d30d3c98-58c5-47f6-b5a5-f5620882020d/#page:2

I have in improvement that works automatically at startup:
create the following start_smb file and put it in the autostart:

# batch file to start the smb service without port 445
# Peter Steier 2009-02-28
start “bind_port_445” “C:\Program Files\nc.exe” -l -s 10.0.0.1 -p 445
net start smb
ping 127.0.0.1 -n 2 -w 1000 > nul
taskkill /fi “Windowtitle eq bind_port_445”

How to get this running with the task scheduler on startup with administrator privileges with UAC dialog is explained here:
http://forums.phoenixlabs.org/showthread.php?t=17871

Additinally, I had to set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Lsa\LmCompatibilityLevel to 1 (from 3). See http://www.mcseboard.de/windows-vista-forum-55/vista-sambalaufwerke-108079.html

After every start, I have to start the vpn, and then the ssh connection with the forwarding.

Map a network drive to \\10.0.0.1\<share>

-> it works!

Not really easy, isn’t it?

Phishing filter makes internet slow

September 30, 2008

Switching the Microsoft Phishing Filter to automatic makes web browsing (at least firefox) about 5 times slower than usual, taking about 10 sec to start up and display google. When I looked into task manager, McAffee virus scanner was blamed for using 50% CPU time. When either phisihing or McAffee were switched off, everything was fast. I decided against phising. I do not now whether this is enabled by default.