After creating a CIFS/SMB share on a Windows PC on my LAN, and after setting the properties for that Windows share to be openly visible by "Everyone" with "Read/Write" permission with no password, what non-root Android client do you suggest I install so that Android can connect to that Windows share over the Wi-Fi network in order to edit files in that share?
Android edit smb://username:password@192.168.0.2/share/path/filename.txt
I use Total Commander with its Lan plugin:
Thanks for that suggestion of using Total Commander on non-root Android to access public Windows SMB shares at home on your own LAN over Wi-Fi.
I went to the suggested site
Clicking on the Android image shows an updated page dated (May 31, 2023)
On the bottom of that page it says it's freeware with no ads, and it provides many links to very many useful-sounding plugins on this page.
When I bring up Total Commander in Android, I see a line item for "LAN (Windows shares)" & another line item for "WebDAV (WEB Folders)"
Clicking on the "LAN (Windows shares)" there are two items listed "<New server>" & "<Settings>" with only two things in "Settings" (both of which it suggests to leave alone so I left them alone).
The only thing I could do was tap on "<New server>" where it asks "New Server, Enter new name for list:" which I wasn't sure what it wanted so I typed in the local 192.168 IP address for the Windows PC.
It then came up with "Edit Server: 192.168.x.y" with three fields. Server name/directory: 192.168.x.y/share (I typed the full IP address) User name: <blank>
Password: <blank>
That creates a new line item in the previous list described above. "192.168.x.y" (it shows the full IP address, not the letters)
But when I tap on that "192.168.x.y" line item, Total Commander says "Getting directory, Error connecting to server! Reported error: STATUS_ACCESS_DENIED (0xc0000022): Create failed for \\192.168.x.y\share"
Then I longpressed on the line item for that Windows SMB share. A long menu of options came up, one of which was "Properties".
By default those properties were Protect with master pass = checked SMB2 = checked SMB3 = checked encrypted transfers (slowest) = not checked Older NAS compatibility (LMv1) = not checked use old name lookup method = not checked
I changed that to uncheck the master password and to check the older NAS compatibility & to use the old name lookup.
LAN Error connecting to server! Reported error: Failed to connect: 0.0.0.<00>/192.168.x.y/share"
When I went back to "Properties" the master password was checked again so I don't think you can uncheck it but I added "guest" as the username this time but it still gave an error trying to connect to the SMS share.
Is there a way to easily test whether or not that SMB share is working?
Ghost Commander, for instance.
I use Cx File Explorer on my Android 12 mobile. Works fine for access to windows shares and a samba share on a raspberypi running PicorePlayer.
I'm no expert on this and tend to "muddle" through best I can.
Recently I tried to connect an Android 13 phone doing exactly the same as I do on my successful Android 9 phone and that failed:
SMB2 CONNECT:failed to connect to /192.167.1.97 (port 445) from /192.168.1.123 (port 55716) after [5000ms from Log file]
I've not had an overly helpful reply from ghisler support and may well end up trying one of the other suggestions on this thread.
As to my settings I know I have to check that the appropriate SMB is in play on my Windows 10.
On my Android 9
Lan settings to my Asus workstation are: Server name = IP address User Name and Password as per my Windows login SMB2 is checked
For my NAS Servername directory = IP address/myfiles User Name and password as per NAS No other options checked
When troubleshooting I've a collection of tools but I start with a Windows Command window from another workstation/laptop: NET VIEW NET SHARE
Also on the workstation I have ANGRYIP v2.21
I have run Linux and I'm sure that I was able to access that, but that was pre-pandemic when my mind was still working. I now have the concentration span of a goldfish.
I hope there is enough there to point you in the right direction.
Bill Powell, 2024-01-16 12:11:
Cx File Explorer
In article <news: snipped-for-privacy@mid.individual.net>, "Carlos E. R." <robin snipped-for-privacy@es.invalid wrote:
Thank you for that suggestion of the open source Ghost Commander as a SMB client to connect to Windows CIFs shares over the home Wi-Fi local network.
I went to Sourceforge next to see if they have the SMB plugin above.
Then I went to F-Droid to see if they have the SMB plugin listed above.
So the only place I can find all 8 files together is on Sourceforge (as they won't update if the signatures don't match the source).
Ghost Commander File Manager
Ghost Commander - Google Drive plugin
Now I'm ready to start, but first I need to create a Windows public share.
Googling "How to make a windows smb cifs public share" found this.
From Windows, I put an editable file into that share. edit C:\share\test_from_windows -> "This is a test from Windows."
On Android, I checked I was on the LAN & then I started Ghost Commander and then I accessed that Windows share without a hitch.
GhostCommander: Home | Windows share Server: 192.168.0.2 (use the local IP address of the Windows server) Path: share Domain: <blank>
Username: <blank>
Password: <blank>
OK
I think that creates a URL of the following style. smb://192.168.0.2/share smb://guest:password@192.168.0.2/share smb://username:password@192.168.0.2/share/path/filename.txt
Then I tried to edit that file which was put there by Windows.
Ghost Commander | select the file | Edit | Ghost Commander Text Editor Change the contents of that file Save Exit out of Ghost Commander
Back on Windows, I could see the file contents had changed!
It looks like Ghost Commander with the new SMB plugin worked to connect to a local Windows SMB share from non-root Android for read/write file access.
Thanks!
Well done, BUT here's the problem:
That's a significant security hole. Ideally, you want to restrict it to known users of your LAN regardless of device, and the best way to do that is to password-protect the share in some way.
For Windows, the way I usually do this is to ensure that my Windows PCs all have the same user accounts with the same Username/Password combinations, and only allow those accounts access permissions on the shares. This means I can simply open shares in File Explorer without being prompted for usernames & passwords.
This used to work also via Samba on Linux, as long as the passwords were the same all round, using an smbusers file to convert between Linux & Windows versions of usernames (many Linux distros won't allow uppercase in usernames), but this no longer seems to work, and now to access a Windows share from a Linux PC I have to put in a Windows account's username & password TWICE - an absurd & maddening fiddle-faddle!
Android, being based on Linux, is likely to do something similar. If you can find out what is your Android username, you could try creating an account of that name on your Windows PC and assigning a password to it, then, if you're lucky, to connect you will only be prompted for the password.
Why do I need a password? If I can't trust my wife, then who can I trust?
If I have to have an account password on Windows, can I use "guest/guest"? What's the Windows default "guest" or "everyone" account password anyway?
What I don't get is why does Windows have an "everyone" or "guest" account? What good are those two Windows accounts if they /require/ a password.
I don't even know if Android has a username. Being Linux, it probably does.
I went into Termux. Then I typed "whoami" and it said "u0_a331" and when I typed "id" it said "uid=10331(u0_a331)" and a whole bunch of other stuff.
Because anyone hacking into your local network can access the share, this may include: Legitimate visitors to your home whom you allow to access the LAN temporarily; WiFi warriors who attempt to hack & surf other people's networks; Troublesome neighbourhood youths; Anyone that manages to hack your router from the WAN side.
This may not worry you if you don't intend to put anything private on the share, which is fine as long as your never forget that rule, but in general it wouldn't be considered good security practice, because for example, someone gaining access to your LAN as above might put on the share something to infect you machine with malware, and, if you clicked on it, you'd then be in trouble.
On a locked down PC, the Administrator account and the Guest account are usually disabled, and it's probably best to leave them so unless you are at least moderately well up on security - I used to create standard workstation builds for thousands of PCs used in the UK offices of a multi-national financial firm, so I had to take at least a basic interest in this stuff, though I wouldn't have classed myself as an expert even then, and especially not now as recent versions of Windows have changed so much, particularly emasculating the Administrator & Administrators accounts, since I retired. If you want to use either account, the next best thing to having them disabled is to set a policy to rename them to be something different that cannot easily be guessed, but this may only be possible on Pro versions of Windows, I'm not sure about Home versions. Alternatively, you could create a special guest account on the Windows PC(s) to use on the share(s), and give it a limited set of permissions to suit your purposes.
In the eyes of someone like myself who takes security moderately seriously, they are an anachronism which should not be used, but, despite Microsoft's oft repeated mantra with each new version of Windows that "good security is built-in from the ground up" - or whatever the latest version of the claim is - AFAIAA unfortunately the *DEFAULT* permissions on Windows shares is still Everyone :-(
So it would be interesting to add a new account of that name on your Windows PC, give it a suitable password, and give that account Change access to the share, *AND* your usual logon account Full Control access to it, add Admins & System as below, and remove all 'Everyone' permissions to it. Hopefully then you could connect to it from your phone by giving just the password. If this works, repeat for your wife's phone user account and her Windows user account if different from yours.
If it's any help, the default permissions I put on a data share on a Windows PC are as follows ... Authenticated Users Change Administrators Full Control System Full Control ... but if the situation could be covered by a single user account rather than the more general Authenticated Users, then you could specify that account to have Change permissions instead of AU.
BTW, don't forget that you need to replicate the above permissions, or whatever you have chosen as your own version of them, on the underlying directory structure of the share as well, so not just on the share under the Sharing tab, but also on the directory under the Security tab, and, if there is already a directory heirarchy there, replicate down through it. However, DON'T do that, in fact don't even share, any of the standard Windows folders, including that for your User Profile ... C:\Users\%USERNAME% ... it didn't used to matter if you did that, but increasingly since Vista+ or 7+ things break if you do that, and, with each new version of Windows, the breakage seems to be more severe than with the previous version.
And with his low attention to security, there will be other entry points to attack his computers. Even if he has nothing of importance, the machine can be used to attack other serious machines, and he would be an accessory to crime.
Everyone here is only too aware of their perimeter security and the security status ("weak") of their LAN.
if anything gets into my LAN here, I'm f***ed.
If you are intent on running weak security, for Gods sake, make regular backups of the entire LAN and put the backups on a *disconnected* hard drive. Doing so is an acknowledgement that "you are taking chances". Some malware designs are "sleepers", and they wait a month before attacking. This means you may need to test more than one backup, before you find a clean one to use.
All you have to do, is meet *one person* who had their computer room nuked by ransomware, to get some idea of the impact. The person I tried to help, after the ransomware attack, he wasn't the same person after that. It affects you. It's not a joke. You can't laugh it off, because it *could* happen.
The gentleman was a small business man, who had bought a domain and rented server space. He registered the domain but did not cloak himself (this means you can read the domain registration entry, and his email address is in full view). The bastards, to phish him, they sent him a "domain renewal" email, knowing full well he would open it. And double click the "fake" PDF attachment. Boom. Ransomware. Osiris. No machine in the room was spared. He had *no* backups. I asked him. He didn't even know which license key, went with which machine. It took him three months, to get some semblance of normalcy, in his computer room.
Paul
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.