This blog is about youngsters finding an old Data General Nova 2 minicomputer, getting it to run, restoring it, learning all about it and having fun with all the stuff that goes along with it.
- SMB Retro Proxyby audiocrush
Have you ever been in the situation to have a very old machine and you wanted it to talk to your modern day fileserver in a secure manner? I know the following presented solution not ideal but better than nothing. Remember that we’re dealing with legacy hardware here that some cheapskate machine shop owner is too thrifty to replace, or with our own personal part time joy of dealing with retro hardware, so this is by far not a secure solution. It is about to come one step closer to “as good as it gets”.
In case you might find almost the same text on github: I posted that there 🙂
Lets go for it! Meet the concept of SMB-Proxy 🙂
Having several Windows for Workstations 3.11 computers in the basement and also several customers running old cnc routers/mills/lathes what have you with old style operating systems, I figured it was time for a somewhat safer solution that just to enable SMBv1 on the Windows fileservers directly.
The idea is very simple: We put something inbetween the old clients and the modern fileserver and make sure, there is no other way for anything in that network with the old clients to leave that network. The only thing possible to do in that network, will be to connect to that SMB Proxy.
Step 1: Get managed switches and replace unmanaged switches.
Step 2: Create a new VLAN for the old clients and make a new subnet for them on your firewall in case you want to route some traffic to somewhere else, which I definitely do not recommend for production machines, other than the case that you might want to have some fun with an Internet Archive Proxy or visiting some BBS.
Step 3: Create a new virtual machine with your favorite flavour of linux (in my case debian) on your server that has one network interface in the subnet of your fileserver and one network interface in the subnet of your old clients.
Step 4: Install Samba 🙂
Step 5: Create a new folder in your filesystem where you want to mount the SMB Share that you want to be proxied, lets say it is called “Software”.
Step 6: Create a file in the /root directory, maybe call it software-share-credentials, that has the credentials to your modern day share in it. They should be in the format:
whereas after the = you have obviously your real credentials.
Step 7: Mount your modern fileserver share to software with fstab like so:
//fileserver.nerdsh.org/Documents/Software /mnt/FileserverProxy cifs user,uid=1000,gid=1000,vers=3.11,credentials=/root/FileserverCredentials,auto 0 0
Step 8: Create a user on your Linux machine that matches the user on your old client. It is important, that this user has a password no longer than 8 letters, best compatibility is given with an all lowercase username with an all lowercase 8 letter password.
Step 9: Make your samba config! I suggest in your smb.conf to be something like this:
bind interfaces only = yes
# this is the interface in the vlan of the old clients! do not bind this SMB daemon to any other network!!! It is dangerous and very insecure!
interfaces = enp0s5
min protocol = CORE
netbios name = smbproxy
lanman auth = yes
client plaintext auth = yes
client lanman auth = yes
ntlm auth = yes
map to guest = bad user
workgroup = WORKGROUP
unix extensions = no
allow insecure wide links = yes
include = /etc/samba/share1.conf
include = /etc/samba/share2.conf
And in the config files for the shares you want to create which would for example be share1.conf
comment = Share1
path = ThisIsThePathToTheMountPointYouCreatedEarlier!
guest ok = yes
public = yes
browseable = yes
writeable = yes
force user = audiocrush #(YourLinuxUserThatHasPermissionsOnTheMountFolder!!!)
force group = audiocrush #(YourLinuxUserThatHasPermissionsOnTheMountFolder!!!)
create mask = 0775
directory mask = 0775
follow symlinks = yes
wide links = yes
case sensitive = no
default case = upper
preserve case = no
short preserve case = no
Step 10: Reboot the whole thing and enjoy!
The “Oh I forgot” section:
Some WfW3.11 machines gave me still some problems.
I was able to overcome them by installing admincfg from WfW3.11 setup disk No. 8 like so:
expand A:\admincfg.ex_ C:\windows\admincfg.exe
Open File Explorer
Find admincfg.exe and start it.
Click on Passwords
Disable Password Cacheing (this is apparently needed when accessing shares with user level security and samba has dropped share level security support already if I got that correctly)
Reboot the machine.
I looked ages for that information and I never want to forget that stuff:
SMB.conf possible values for “min protocol” and “max protocol”:
Possible values are :
- CORE: Earliest version. No concept of user names.
- COREPLUS: Slight improvements on CORE for efficiency.
- LANMAN1: First modern version of the protocol. Long filename support.
- LANMAN2: Updates to Lanman1 protocol.
- NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.
- SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and later versions of Windows. SMB2 has sub protocols available.
- SMB2_02: The earliest SMB2 version.
- SMB2_10: Windows 7 SMB2 version.
- SMB2_22: Early Windows 8 SMB2 version.
- SMB2_24: Windows 8 beta SMB2 version.
By default SMB2 selects the SMB2_10 variant.
- SMB3: The same as SMB2. Used by Windows 8. SMB3 has sub protocols available.
- SMB3_00: Windows 8 SMB3 version. (mostly the same as SMB2_24)
- SMB3_02: Windows 8.1 SMB3 version.
- SMB3_10: early Windows 10 technical preview SMB3 version.
- SMB3_11: Windows 10 technical preview SMB3 version (maybe final).
By default SMB3 selects the SMB3_11 variant.
(Thank you Jeff Schaller on Reddit)
- Taking Inventoryby audiocrush
So the other day I was over at the storage site where we keep the old Nova 2 to check out in detail what we got in terms of hardware in the computer and maybe establish a serial Connection.
For making the serial connection I prepared an old Amstrad ALT-386SX portable computer my dad had still laying around. I figured the serial connection on that thing might be more compatible to old things than modern serial chips that mostly are just used with TTL voltages. I installed a copy of Kermit by the University of Columbia since it supports already a tonne of protocols and is able to emulate a very wide range of terminals, including a couple from Data General.
After several attempts to figure out where the serial connection of the Nova 2 is, we found an important clue in the manual:
Now unfortunately we found out, that the pin assignments point us to something called a current loop serial connection. And since the contemporal terminals we got with this machine are not (YET) working. We are now unable to connect them to our software emulated terminal, due to a lack of hardware compatibility.
A next hint was a sticker on the basic IO board that says TTY 20mA. This means, that the serial connection does not require the usual TX, RX and Ground pins, but a VccTX, TX, VccRX and RX pin. A common ground is not necessary in this scenario, since the bits are not determined by voltage level like in a RS232 connection, but rather than by the flow of 20mA of electrical current.
So since this was quite a show stopper for the day, I decided to order a Wieseman und Theis current loop adapter for 30 bucks on ebay, since 20mA current loops seemed to be quite common in industry for machinery and automation, so these things can be found quite cheaply. While waiting for this to arrive, we showcase below an inventory of the boards in the computer with a short description of what they (supposedly) do:
And now as a special treat, we carefully took the time to open one of the core memory modules, to show you the beautiful art and great craftsmanship that went into these things.
If I’m correct, this thing is able to store 4000 words of data, in this computer since it is a 16-Bit system, this would mean 64000 bits of memory, or 8 kilobytes per core memory module (we have two).
- That Ominous Keyboardby audiocrush
Starting the project, I picked the supposedly easiest piece of hardware out ot the bunch: The Keyboard!
It was in a very sorry state, at least by the looks of it. Unfortunately I don’t have a picture of it in that state but it was really dirty and crusty. I took it home to disassemble it and give it a good clean as well. I took a picture of the keyboard layout, disassembled everything, pulled the keycaps and washed every single one individually with a brush, some soda and windex. Afterwards I let everything dry and removed all the dust and dirt from the pcb, the keyswitches, vacuumed the case and so on. The pcb was, apart from the dirt in a very healthy state. no corosion or broken tracks. Even the lacquer was not crumbling on the traces. I remember C64s that looked like a plowed field in atumn.
Then it was puzzle time and at first I tried to put the keys back from memory but that didn’t take me very far. That was probably because the layout is a bit different from modern keyboards. Also notice the unmarked keys on the top. I wonder what they were used for. Maybe they are user programmable. According to the datasheet, at least the keyboard of the newer D100 Terminal has a ASCII code assigned to every key it seems.
Also one of the turqoise keycaps had a broken alignment shaft. Fortunately some CA-glue made quick work of it and now it works reliable.
Here are some shots of the stripped keyboard before and after cleaning:
A few things I noticed along the way:
The keyboard connector indicates to me, that it does not belong to the Dasher D100 terminal I got with the computer. According to some documents I found on the web, it should be an older model. This one features a 15 pin AMP connector, whereas the terminal just has a 9-Pin 2.54mm pitch single-in-ine dupont connector on it as depicted in the manual here: