Category Archives: IT

Wrong user connecting to samba share

Our home network includes 2 servers in the basement. Both run Ubuntu 10.04 (Lucid) server. The older is primarily used as a web server. The newer is used mainly for NAS. When I’m completely happy with the new server I’ll add a web server, transfer our websites, then retire the old server. Both run Samba 3.4.7

The Samba server on the new server worked fine but I was using quick and dirty shares like this:

[storage]
force user = root
writeable = yes
path = /storage
write list = steven

Using ‘force user = root’ is pretty sloppy but it works if I am the only user and I can’t be bothered sorting out linux permissions on the server. After a few days I needed to fix up the samba permissions so our other windows PCs could access the samba shares for file sharing and backing up. So I needed to:

  • make sure the unix users have the correct directory and file permissions
  • the corresponding samba users exist and have the same passwords
  • the Windows hosts and users are set up correctly
  • that is, Linux user <=> Samba user <=> Windows user

All went ok except for one thing: one of the other PCs always (or mostly) connected to the samba server as me. This was a problem because I wanted write access for myself for all the samba shares but I wanted the other PC to have read only access to some of the shares (videos, music etc) but write access to others (eg backup). The samba log reported that the correct host was connecting but the incorrect user. If I deleted my Samba user then the PC would connect to the correct Samba user. Then when I recreated my samba user the PC would again connect as me, which is the incorrect user for that PC.

I tried many fixes, such as

  • created new windows users on various windows PCs – all were able to access the samba shares
  • reinstalled Samba and changed the password backend from smbpasswd to tdbsam
  • at the same time I was sometimes having trouble browsing the shares from all Windows boxes so I disabled the WINS server and instead configured all network IPs manually using hosts/lmhosts files.

At last today I figured it out. Of course the problem was with Windows rather than with Samba or Linux. At some stage I must have logged in to my samba user from the other PC and windows remembered that username and password. Despite numerous restarts and logouts and occassionally connecting to the correct samba user (when mine was not available) windows remembered my username and used it when possible. The solution was “to delete stored user names and passwords“.

Ransomware Trojan

On Saturday the boys’ PC got a bad virus, specifically a type of malware called Trojan.Ransomware. ‘Ransomware’ refers to the technique of holding a PC hostage until a ransom is paid. In practice it is more subtle than it sounds. In our case the PC boots to the normal Windows 7 login screen. When a user enters their credentials they get a full screen error message:

System process at address OxE4783995 have just crashed,
please follow these steps to deactivate it from your system.
1. Call one of the following numbers:
0088213090413
00261221000186
0037190100546
0088213240069
0025270701161
00263778289408
2. Wait for the answer and write down your deactivation key
3. Enter the deactivation keyreceived by phone, click “Next” to continue

Of course this is a bogus error message, but what is the point of making you call these numbers? Well apparently they are international premium service numbers which attract very high charges. You get a recorded message saying hold the line, during which time  you get charged for the wait. Somehow the scammer benefits financially.

During my googling I discovered many variations but this guy seemed the closest. I also found a solution  but it didn’t work for me. I got into windows recovery mode and tried making the suggested registry edits but the changes made by our trojan were quite different. Also it had not created a new user with a numerical username (eg C:\users\Michael\22997148\22997148.EXE). I found some information about related trojans that make multiple registry changes similar to what I was finding but after a while I decided it was easier to reinstall Windows 7 – I’d only rebuilt this PC a few weeks ago so there was not much software on it yet. Luckily I’d used a system partition and a data partition so I could leave the docs, music etc untouched.