SMB/CIFS via FreeNAS / FreeBSD and Windows Mobile 6

Support for PocketPC and WinCE version

Moderators: Hacker, Stefan2, white, sheep

Post Reply
dwellman
Junior Member
Junior Member
Posts: 5
Joined: 2010-11-18, 04:45 UTC
Location: United States

SMB/CIFS via FreeNAS / FreeBSD and Windows Mobile 6

Post by *dwellman » 2010-11-18, 14:02 UTC

Throughout my history using Windows Mobile 6.1, 6.5, and 6.5x, more often than not I have issues connecting to my NAS (Samba on FreeNAS 0.72) via WLAN using TC-CE or the built in File Explorer-- invariably it's the Error 53 / 0 error combination with Total Commander or the error opening path in File Explorer. Before the last couple weeks, I had never been able to connect at all to either a *nix or Windows share. Since I thought well maybe it just isn't possible, I was assured that it was indeed possible and I began to search for answers

This was going to be a question post, but for now it's nothing more than a brain dump.

First, for File Explorer to work at all, one must have the setting "Programs that automatically connect to a private network should connect using:" in Network Management (this is on your Windows phone) set to the same as the "Programs that automatically connect to the Internet", On my device, this is accessed by Start -> Settings -> Connections -> Connections. Choose 'Advanced' tab. Click 'Select Networks' button.

Second, verify these registry settings:

Valid values: 1 or 0 or 2. Recommend 1

Code: Select all

HKEY_LOCAL_MACHINE\Comm\SecurityProviders\NTLM\LmCompatibilityLevelClient
The default of 3 is, for all intents and purposes Microsoft disabling access to shared resources by default, as 3 is 'unsupported' Setting a value of 2 is a choice between ease of use and security as 2 forces NTLM


If not present, add the following. Valid values: 0 or 1. Recommend 0

Code: Select all

HKEY_LOCAL_MACHINE\Comm\SecurityProviders\NTLM\NoLmHash
If you have LmCompatabilityLevelClient set to 0, you most assuredly set this to 0. The LM hash of the user's password is necessary to authenticate downlevel clients that cannot use NTLM or NTLMv2 authentication. If you set LmCompatabilityLevelClient to 2, set this reg value to 1. Again, security over ease of use as this codifies the forcing of NTLM


If not present, add the following

Code: Select all

HKEY_LOCAL_MACHINE\Comm\SecurityProviders\Negotiate\Providers
, which can be created by copying:

Code: Select all

HKEY_LOCAL_MACHINE\Comm\SecurityProviders\Providers
Modify the preceding two registry values (Providers) arranging the list with ntlmssp.dll at the beginning followed by kerberos.dll and then the rest. For example if you Providers value was "schannel.dll, ntlmssp.dll, kerberos.dll, spnego.dll" it should now be ""ntlmssp.dll, kerberos.dll, schannel.dll, spnego.dll"

The sad thing is-- and I'm only speaking of my device-- even with all these modifications, one, from time to time, has connection problems. This I think might have something to do with the way the LAN adapers are enumerated and utilized. Seems that sometimes the 802.11 adapter times out or is skipped and the access stalls. The only work around for that is to keep trying and eventually it will come up.

I've also noticed, in Total Commander, when \\server\folder doesn't work, \\server works, which is odd.

User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 36354
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:

Post by *ghisler(Author) » 2010-11-18, 14:09 UTC

Thanks for all the info!
I've also noticed, in Total Commander, when \\server\folder doesn't work, \\server works, which is odd.
\\server can usually be browsed anonymously, while \\server\folder requires authentication.

In beta 3, you can now force a user name for connecting to a share. You may need to soft-reset your device to remove any existing connections. The command is:
cd \\server\share /user:username
or
cd \\server\share /user:domain_or_host\username
Author of Total Commander
http://www.ghisler.com

dwellman
Junior Member
Junior Member
Posts: 5
Joined: 2010-11-18, 04:45 UTC
Location: United States

Post by *dwellman » 2010-11-18, 14:55 UTC

\\server can usually be browsed anonymously, while \\server\folder requires authentication.
That reminds me.

I avoided the smb.conf side of things. In most cases, the default settings are fine and/or users just don't have access, time, or knowledge to modify. However, Windows Mobile is just too strange a beast to not mention these things.

So to make things easy for WM we just make our Samba shares wide open:

User [face=courier]ftp[/face] is a convenient patsy for anonymous access. As root (or sudo):

Code: Select all

/$ smbpasswd -a ftp
/$ smbpasswd -n ftp
Then having the following is smb.conf's respective sections

Code: Select all

[global]
security = share
dns proxy = no
create mask = 0666
directory mask = 0777
force user = ftp
force group = ftp

[whatever share]
guest ok = yes
inherit permissions = yes

rex_4321
New Member
New Member
Posts: 1
Joined: 2012-01-05, 10:31 UTC
Location: Australia

Post by *rex_4321 » 2012-01-05, 10:49 UTC

Firstly I made the changes suggested above. I still couldn't connect to my NAS SMB shares, but could to my WIN XP shares.
What worked for me on my custom WM6.5 rom connecting to my NAS box
was to force the use of the NTLM protocol by setting

1. HKEY_LOCAL_MACHINE\Comm\SecurityProviders\NTLM\LmCompatibilityLevelClient = 2

and

HKEY_LOCAL_MACHINE\Comm\SecurityProviders\NTLM\NoLmHash = 1

2. I also set HKEY_LOCAL_MACHINE\Comm\Redir\AllowedAuthMethods = 1 (was set to 2 presumably disabled) this setting documented at msdn dot microsoft dot com - en-us - library - aa921092.aspx

I'm not sure at the moment whether just setting step 2 on its own would have allowed my device to connect to the NAS box shares.

I can now connect to my NAS box but not winxp shares (don't mind).
It just shows you how they mashed up the networking from 6.1 to 6.5.

Hope this helps someone else out there.

Post Reply