Connecting to local Windows CIFS/SMB share from non-root Android for read/write file access

[Bill Powell]

After creating a CIFS/SMB share on a Windows PC on my LAN, and after
setting the properties for that Windows share to be openly visible by
"Everyone" with "Read/Write" permission with no password, what non-root
Android client do you suggest I install so that Android can connect to that
Windows share over the Wi-Fi network in order to edit files in that share?

Android edit smb://username:pass...@192.168.0.2/share/path/filename.txt

[AnthonyL]

On Tue, 16 Jan 2024 12:11:23 +0100, Bill Powell <bi...@anarchists.org>
wrote:

I use Total Commander with its Lan plugin: https://www.ghisler.com/
--
AnthonyL

Why ever wait to finish a job before starting the next?

[Bill Powell]

On Tue, 16 Jan 2024 20:20:28 GMT, AnthonyL wrote:

>>After creating a CIFS/SMB share on a Windows PC on my LAN, and after
>>setting the properties for that Windows share to be openly visible by
>>"Everyone" with "Read/Write" permission with no password, what non-root
>>Android client do you suggest I install so that Android can connect to that
>>Windows share over the Wi-Fi network in order to edit files in that share?
>>
>>Android edit smb://username:pass...@192.168.0.2/share/path/filename.txt
>
> I use Total Commander with its Lan plugin: https://www.ghisler.com/

Thanks for that suggestion of using Total Commander on non-root Android to
access public Windows SMB shares at home on your own LAN over Wi-Fi.

I went to the suggested site (https://www.ghisler.com/) to look for the
Android client which I found here (https://www.ghisler.com/ce.htm).

It says "(Smartphones or Tablets with Android 1.5 up to Android 10)" so
I'm not sure if that's an old warning or if Android 11 & up won't work.

Clicking on the Android image shows an updated page dated (May 31, 2023)
(https://www.ghisler.com/androidapp.htm) which shows Android 13 support.

On the bottom of that page it says it's freeware with no ads, and it
provides many links to very many useful-sounding plugins on this page.
https://www.ghisler.com/androidplugins/googleplay/

They all start with this total commander Android app which I installed.
https://play.google.com/store/apps/details?id=com.ghisler.android.TotalCommander

There were a dozen plugins, but this seems to be the one you suggested.
LAN (Windows network) Plugin 3.50 (2023-12-10):
SMB connection to Windows hosts - in case of connection problems, try using
the numeric IP address instead of the computer name!
New in 3.30: SMB3 and encrypted transfers (optional)
https://play.google.com/store/apps/details?id=com.ghisler.tcplugins.LAN

I installed both of them, including a few others (as there's a Wi-Fi
plugin that works without Total Commander for transferring files) and
a few other plugins like the webdav and sftp file transfer plugins.

When I bring up Total Commander in Android, I see a line item for
"LAN (Windows shares)" & another line item for "WebDAV (WEB Folders)"

Clicking on the "LAN (Windows shares)" there are two items listed
"<New server>" & "<Settings>" with only two things in "Settings"
(both of which it suggests to leave alone so I left them alone).

The only thing I could do was tap on "<New server>" where it asks
"New Server, Enter new name for list:" which I wasn't sure what it
wanted so I typed in the local 192.168 IP address for the Windows PC.

It then came up with "Edit Server: 192.168.x.y" with three fields.
Server name/directory: 192.168.x.y/share (I typed the full IP address)
User name: <blank>
Password: <blank>

That creates a new line item in the previous list described above.
"192.168.x.y" (it shows the full IP address, not the letters)

But when I tap on that "192.168.x.y" line item, Total Commander says
"Getting directory, Error connecting to server!
Reported error: STATUS_ACCESS_DENIED (0xc0000022):
Create failed for \\192.168.x.y\share"

Then I longpressed on the line item for that Windows SMB share.
A long menu of options came up, one of which was "Properties".

By default those properties were
Protect with master pass = checked
SMB2 = checked
SMB3 = checked
encrypted transfers (slowest) = not checked
Older NAS compatibility (LMv1) = not checked
use old name lookup method = not checked

I changed that to uncheck the master password and to check
the older NAS compatibility & to use the old name lookup.

LAN Error connecting to server! Reported error:
Failed to connect: 0.0.0.<00>/192.168.x.y/share"

When I went back to "Properties" the master password was checked again so I
don't think you can uncheck it but I added "guest" as the username this
time but it still gave an error trying to connect to the SMS share.

Is there a way to easily test whether or not that SMB share is working?

[Carlos E. R.]

Ghost Commander, for instance.

--
Cheers,
Carlos E.R.

[Jesper Kaas]

I use Cx File Explorer on my Android 12 mobile. Works fine for access
to windows shares and a samba share on a raspberypi running
PicorePlayer.
--
Jesper Kaas - jes...@neindanke.online.no

[AnthonyL]

On Tue, 16 Jan 2024 23:40:16 +0100, Bill Powell <bi...@anarchists.org>
wrote:

I'm no expert on this and tend to "muddle" through best I can.

Recently I tried to connect an Android 13 phone doing exactly the same
as I do on my successful Android 9 phone and that failed:

SMB2 CONNECT:failed to connect to /192.167.1.97 (port 445) from
/192.168.1.123 (port 55716) after [5000ms from Log file]

I've not had an overly helpful reply from ghisler support and may well
end up trying one of the other suggestions on this thread.

As to my settings I know I have to check that the appropriate SMB is
in play on my Windows 10.

On my Android 9

Lan settings to my Asus workstation are:
Server name = IP address
User Name and Password as per my Windows login
SMB2 is checked

For my NAS
Servername directory = IP address/myfiles
User Name and password as per NAS
No other options checked

When troubleshooting I've a collection of tools but I start with a
Windows Command window from another workstation/laptop:
NET VIEW
NET SHARE

Also on the workstation I have ANGRYIP v2.21
https://angryip.org/download/#windows

and on the Android I have an app called Port Authority which discovers
Hosts and a list of open ports. Available from Google Play.

I have run Linux and I'm sure that I was able to access that, but that
was pre-pandemic when my mind was still working. I now have the
concentration span of a goldfish.

I hope there is enough there to point you in the right direction.

[Arno Welzel]

Bill Powell, 2024-01-16 12:11:

Cx File Explorer

--
Arno Welzel
https://arnowelzel.de

[Bill Powell]

In article <news:l0pm00...@mid.individual.net>, "Carlos E. R."

<robin_...@es.invalid> wrote:

>> Android edit smb://username:pass...@192.168.0.2/share/path/filename.txt
>
> Ghost Commander, for instance.

Thank you for that suggestion of the open source Ghost Commander as a SMB
client to connect to Windows CIFs shares over the home Wi-Fi local network.
https://sites.google.com/site/ghostcommander1 https://youtu.be/QP60G0heWlw

From that, Ghost Commander is a free file manager that has plugins for SMB
and which is available on Sourceforge, F-Droid & on the Google Play Store.
https://sourceforge.net/projects/ghostcommander/files/
https://f-droid.org/packages/com.ghostsq.commander/
https://play.google.com/store/apps/details?id=com.ghostsq.commander

Their FAQ says you can't mix plugins as they're signed by the web site,
so wherever I get Ghost Commander has to have the plugins also.
https://sites.google.com/site/ghostcommander1/info

It's very hard to find the SMB plugin on the Google Play Store but easy to
find the Box, Dropbox and WebDAV plugins on the Google Play Store.
https://play.google.com/store/apps/details?id=com.ghostsq.commander.box
https://play.google.com/store/apps/details?id=com.ghostsq.commander.dbx
https://play.google.com/store/apps/details?id=com.ghostsq.commander.https

I searched and searched on the Google Play Store web site until I gave up
and found the reference to where to get the SMB/CIFS plugin for it here.
https://sites.google.com/site/ghostcommander1/info#h.p_ID_505

Apparently it's a new feature that you found based on what it says there.
"SMB stands for Server Message Block (SMB), also known as Common Internet
File System (CIFS). It's a protocol used in local networks, and also known
as Microsoft Windows Network. To make Ghost Commander access a server or
desktop's shared folder using that network protocol you need to install an
application called SMB plugin for Ghost Commander (new)."
https://play.google.com/store/apps/details?id=com.ghostsq.commander.samba

The problem is that SMB plugin does not exist on the Google Play Store.
https://play.google.com/store/search?q=ghost+commander+smb+plugin&c=apps
And the problem that plugins have to be from the same signed source.

I went to Sourceforge next to see if they have the SMB plugin above.
https://sourceforge.net/projects/ghostcommander/files/Releases/
But they also only had the Box, Dropbox & WebDAV plugins (no SMB plugin).

Then I went to F-Droid to see if they have the SMB plugin listed above.
https://search.f-droid.org/?q=ghost+commander+plugin&lang=en

I had to run a search to find anything on the net for the SMB plugin.
https://www.google.com/search?q=android+ghost+commander+smb+cifs+plugin

Which found the plugin scattered about but the problem will be signatures.
https://fossdroid.com/a/ghost-commander-smb-plugin.html
https://smb-plugin-for-ghost-commander.soft112.com/
https://ghost-commander-smb-plugin.en.aptoide.com/app

Then in my search I found the Sourceforge plugin in a different location.
https://sourceforge.net/directory/?q=ghost+commander
Which has a page for the "Old" and "New" SMB plugin (what's different?).

So the only place I can find all 8 files together is on Sourceforge
(as they won't update if the signatures don't match the source).

Ghost Commander File Manager
https://sourceforge.net/projects/ghostcommander/
https://sourceforge.net/projects/ghostcommander/files/
https://cfhcable.dl.sourceforge.net/project/ghostcommander/Releases/Ghost%20Commander%201.62.2.apk

Ghost Commander - Box plugin
https://sourceforge.net/projects/gc-box/
https://master.dl.sourceforge.net/project/ghostcommander/Releases/Ghost%20Commander%20-%20Box%20plugin%20v1.01.1.apk

Ghost Commander - Dropbox plugin
https://sourceforge.net/projects/gc-dropbox/
https://master.dl.sourceforge.net/project/ghostcommander/Releases/Ghost%20Commander%20-%20Dropbox%20plugin%20v1.3.1.apk

Ghost Commander - WebDAV plugin
https://sourceforge.net/projects/gc-webdav/
https://gigenet.dl.sourceforge.net/project/ghostcommander/Releases/Ghost%20Commander%20-%20WebDAV%20plugin%20v1.1.apk

Ghost Commander - SFTP plugin
https://sourceforge.net/projects/gc-sftp/
https://master.dl.sourceforge.net/project/gc-sftp/Ghost%20Commander%20-%20SFTP%20plugin%20v3.0b5%20%28trilead%29.apk

Ghost Commander - SMB plugin (new)
https://sourceforge.net/projects/gc-smb/
https://master.dl.sourceforge.net/project/gc-smb/Ghost%20Commander%20-%20SMB%20NG%20%282.1.4%29%20plugin%20v1.03b1.1.apk

Ghost Commander - SMB plugin (old)
https://sourceforge.net/projects/gc-samba/
(This plugin seems to be no longer available, AFAICT.)

Ghost Commander - Google Drive plugin
https://sourceforge.net/projects/gc-gdrive/
(This plugin seems to be no longer available, AFAICT.)

Now I'm ready to start, but first I need to create a Windows public share.

Googling "How to make a windows smb cifs public share" found this.
https://bdsdoc.com/kb-articles/how-to-create-a-network-shared-folder/

So I started that Windows public share process by making a directory.
mkdir C:\share
Right click on that share folder | Properties | Sharing | Share
Press the down arrow and select the people allowed to access it.
"Everyone" | Add | Read/Write | Share | Done

From Windows, I put an editable file into that share.
edit C:\share\test_from_windows -> "This is a test from Windows."

On Android, I checked I was on the LAN & then I started Ghost Commander and
then I accessed that Windows share without a hitch.

GhostCommander: Home | Windows share
Server: 192.168.0.2 (use the local IP address of the Windows server)
Path: share
Domain: <blank>
Username: <blank>
Password: <blank>
OK

I think that creates a URL of the following style.
smb://192.168.0.2/share
smb://guest:pass...@192.168.0.2/share
smb://username:pass...@192.168.0.2/share/path/filename.txt

Then I tried to edit that file which was put there by Windows.

Ghost Commander | select the file | Edit | Ghost Commander Text Editor
Change the contents of that file
Save
Exit out of Ghost Commander

Back on Windows, I could see the file contents had changed!

It looks like Ghost Commander with the new SMB plugin worked to connect to
a local Windows SMB share from non-root Android for read/write file access.

Thanks!

[Java Jive]

> From Windows, I put an editable file into that share.
> edit C:\share\test_from_windows -> "This is a test from Windows."
>
> On Android, I checked I was on the LAN & then I started Ghost Commander and
> then I accessed that Windows share without a hitch.
>
> GhostCommander: Home | Windows share
> Server: 192.168.0.2 (use the local IP address of the Windows server)
> Path: share
> Domain: <blank>
> Username: <blank>
> Password: <blank>
> OK
>
> I think that creates a URL of the following style.
> smb://192.168.0.2/share
> smb://guest:pass...@192.168.0.2/share
> smb://username:pass...@192.168.0.2/share/path/filename.txt
>
> Then I tried to edit that file which was put there by Windows.
>
> Ghost Commander | select the file | Edit | Ghost Commander Text Editor
> Change the contents of that file Save
> Exit out of Ghost Commander
>
> Back on Windows, I could see the file contents had changed!
>
> It looks like Ghost Commander with the new SMB plugin worked to connect to
> a local Windows SMB share from non-root Android for read/write file access.

Well done, BUT here's the problem:

> Press the down arrow and select the people allowed to access it.
> "Everyone" | Add | Read/Write | Share | Done

That's a significant security hole. Ideally, you want to restrict it to
known users of your LAN regardless of device, and the best way to do
that is to password-protect the share in some way.

For Windows, the way I usually do this is to ensure that my Windows PCs
all have the same user accounts with the same Username/Password
combinations, and only allow those accounts access permissions on the
shares. This means I can simply open shares in File Explorer without
being prompted for usernames & passwords.

This used to work also via Samba on Linux, as long as the passwords were
the same all round, using an smbusers file to convert between Linux &
Windows versions of usernames (many Linux distros won't allow uppercase
in usernames), but this no longer seems to work, and now to access a
Windows share from a Linux PC I have to put in a Windows account's
username & password TWICE - an absurd & maddening fiddle-faddle!

Android, being based on Linux, is likely to do something similar. If
you can find out what is your Android username, you could try creating
an account of that name on your Windows PC and assigning a password to
it, then, if you're lucky, to connect you will only be prompted for the
password.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

[Bill Powell]

On Wed, 17 Jan 2024 20:30:50 +0000, Java Jive wrote:

> > Press the down arrow and select the people allowed to access it.
> > "Everyone" | Add | Read/Write | Share | Done
>
> That's a significant security hole. Ideally, you want to restrict it to
> known users of your LAN regardless of device, and the best way to do
> that is to password-protect the share in some way.

Why do I need a password? If I can't trust my wife, then who can I trust?

> For Windows, the way I usually do this is to ensure that my Windows PCs
> all have the same user accounts with the same Username/Password
> combinations, and only allow those accounts access permissions on the
> shares. This means I can simply open shares in File Explorer without
> being prompted for usernames & passwords.

If I have to have an account password on Windows, can I use "guest/guest"?
What's the Windows default "guest" or "everyone" account password anyway?

> This used to work also via Samba on Linux, as long as the passwords were
> the same all round, using an smbusers file to convert between Linux &
> Windows versions of usernames (many Linux distros won't allow uppercase
> in usernames), but this no longer seems to work, and now to access a
> Windows share from a Linux PC I have to put in a Windows account's
> username & password TWICE - an absurd & maddening fiddle-faddle!

What I don't get is why does Windows have an "everyone" or "guest" account?
What good are those two Windows accounts if they /require/ a password.

> Android, being based on Linux, is likely to do something similar. If
> you can find out what is your Android username, you could try creating
> an account of that name on your Windows PC and assigning a password to
> it, then, if you're lucky, to connect you will only be prompted for the
> password.

I don't even know if Android has a username. Being Linux, it probably does.

I went into Termux. Then I typed "whoami" and it said "u0_a331" and when I
typed "id" it said "uid=10331(u0_a331)" and a whole bunch of other stuff.

[Java Jive]

On 17/01/2024 20:51, Bill Powell wrote:
>
> On Wed, 17 Jan 2024 20:30:50 +0000, Java Jive wrote:
>>
>>> Press the down arrow and select the people allowed to access it.
>>> "Everyone" | Add | Read/Write | Share | Done
>>
>> That's a significant security hole.  Ideally, you want to restrict it
>> to known users of your LAN regardless of device, and the best way to
>> do that is to password-protect the share in some way.
>
> Why do I need a password? If I can't trust my wife, then who can I trust?

Because anyone hacking into your local network can access the share,
this may include:
Legitimate visitors to your home whom you allow to access the LAN
temporarily;
WiFi warriors who attempt to hack & surf other people's networks;
Troublesome neighbourhood youths;
Anyone that manages to hack your router from the WAN side.

This may not worry you if you don't intend to put anything private on
the share, which is fine as long as your never forget that rule, but in
general it wouldn't be considered good security practice, because for
example, someone gaining access to your LAN as above might put on the
share something to infect you machine with malware, and, if you clicked
on it, you'd then be in trouble.

>> For Windows, the way I usually do this is to ensure that my Windows
>> PCs all have the same user accounts with the same Username/Password
>> combinations, and only allow those accounts access permissions on the
>> shares.  This means I can simply open shares in File Explorer without
>> being prompted for usernames & passwords.
>
> If I have to have an account password on Windows, can I use "guest/guest"?
> What's the Windows default "guest" or "everyone" account password anyway?

On a locked down PC, the Administrator account and the Guest account are
usually disabled, and it's probably best to leave them so unless you are
at least moderately well up on security - I used to create standard
workstation builds for thousands of PCs used in the UK offices of a
multi-national financial firm, so I had to take at least a basic
interest in this stuff, though I wouldn't have classed myself as an
expert even then, and especially not now as recent versions of Windows
have changed so much, particularly emasculating the Administrator &
Administrators accounts, since I retired. If you want to use either
account, the next best thing to having them disabled is to set a policy
to rename them to be something different that cannot easily be guessed,
but this may only be possible on Pro versions of Windows, I'm not sure
about Home versions. Alternatively, you could create a special guest
account on the Windows PC(s) to use on the share(s), and give it a
limited set of permissions to suit your purposes.

>> This used to work also via Samba on Linux, as long as the passwords
>> were the same all round, using an smbusers file to convert between
>> Linux & Windows versions of usernames (many Linux distros won't allow
>> uppercase in usernames), but this no longer seems to work, and now to
>> access a Windows share from a Linux PC I have to put in a Windows
>> account's username & password TWICE  -  an absurd & maddening
>> fiddle-faddle!
>
> What I don't get is why does Windows have an "everyone" or "guest" account?
> What good are those two Windows accounts if they /require/ a password.

In the eyes of someone like myself who takes security moderately
seriously, they are an anachronism which should not be used, but,
despite Microsoft's oft repeated mantra with each new version of Windows
that "good security is built-in from the ground up" - or whatever the
latest version of the claim is - AFAIAA unfortunately the *DEFAULT*
permissions on Windows shares is still Everyone :-(

>> Android, being based on Linux, is likely to do something similar.  If
>> you can find out what is your Android username, you could try creating
>> an account of that name on your Windows PC and assigning a password to
>> it, then, if you're lucky, to connect you will only be prompted for
>> the password.
>
> I don't even know if Android has a username. Being Linux, it probably does.
>
> I went into Termux. Then I typed "whoami" and it said "u0_a331" and when I
> typed "id" it said "uid=10331(u0_a331)" and a whole bunch of other stuff.

So it would be interesting to add a new account of that name on your
Windows PC, give it a suitable password, and give that account Change
access to the share, *AND* your usual logon account Full Control access
to it, add Admins & System as below, and remove all 'Everyone'
permissions to it. Hopefully then you could connect to it from your
phone by giving just the password. If this works, repeat for your
wife's phone user account and her Windows user account if different from
yours.

If it's any help, the default permissions I put on a data share on a
Windows PC are as follows ...
Authenticated Users Change
Administrators Full Control
System Full Control
... but if the situation could be covered by a single user account
rather than the more general Authenticated Users, then you could specify
that account to have Change permissions instead of AU.

BTW, don't forget that you need to replicate the above permissions, or
whatever you have chosen as your own version of them, on the underlying
directory structure of the share as well, so not just on the share under
the Sharing tab, but also on the directory under the Security tab, and,
if there is already a directory heirarchy there, replicate down through
it. However, DON'T do that, in fact don't even share, any of the
standard Windows folders, including that for your User Profile ...
C:\Users\%USERNAME%
... it didn't used to matter if you did that, but increasingly since
Vista+ or 7+ things break if you do that, and, with each new version of
Windows, the breakage seems to be more severe than with the previous
version.

[Carlos E. R.]

On 2024-01-18 00:03, Java Jive wrote:
> On 17/01/2024 20:51, Bill Powell wrote:
>>
>> On Wed, 17 Jan 2024 20:30:50 +0000, Java Jive wrote:
>>>
>>>> Press the down arrow and select the people allowed to access it.
>>>> "Everyone" | Add | Read/Write | Share | Done
>>>
>>> That's a significant security hole.  Ideally, you want to restrict it
>>> to known users of your LAN regardless of device, and the best way to
>>> do that is to password-protect the share in some way.
>>
>> Why do I need a password? If I can't trust my wife, then who can I trust?
>
> Because anyone hacking into your local network can access the share,
> this may include:
>   Legitimate visitors to your home whom you allow to access the LAN
> temporarily;
>   WiFi warriors who attempt to hack & surf other people's networks;
>   Troublesome neighbourhood youths;
>   Anyone that manages to hack your router from the WAN side.
>

And with his low attention to security, there will be other entry points
to attack his computers. Even if he has nothing of importance, the
machine can be used to attack other serious machines, and he would be an
accessory to crime.

--
Cheers,
Carlos E.R.

[Paul]

Everyone here is only too aware of their perimeter security and
the security status ("weak") of their LAN.

if anything gets into my LAN here, I'm fucked.

If you are intent on running weak security, for Gods sake,
make regular backups of the entire LAN and put the backups
on a *disconnected* hard drive. Doing so is an acknowledgement
that "you are taking chances". Some malware designs are "sleepers",
and they wait a month before attacking. This means you may need
to test more than one backup, before you find a clean one to use.

All you have to do, is meet *one person* who had their
computer room nuked by ransomware, to get some idea of the
impact. The person I tried to help, after the ransomware
attack, he wasn't the same person after that. It affects you.
It's not a joke. You can't laugh it off, because it *could* happen.

The gentleman was a small business man, who had bought a domain
and rented server space. He registered the domain but did not
cloak himself (this means you can read the domain registration
entry, and his email address is in full view). The bastards,
to phish him, they sent him a "domain renewal" email, knowing
full well he would open it. And double click the "fake" PDF attachment.
Boom. Ransomware. Osiris. No machine in the room was spared.
He had *no* backups. I asked him. He didn't even know which
license key, went with which machine. It took him three months,
to get some semblance of normalcy, in his computer room.

https://www.acronis.com/en-us/blog/posts/osiris-ransomware-new-addition-locky-family/

If you make your LAN security weak on purpose, even the most
incompetent malware is going to get a foothold.

Paul

[kaan26]

https://lezzethanem.com Yemek Tarifleri ile çok kolay! Dilerseniz yemek tarifleri gönderebilir, arkadaşlarınızı davet edip takip edebilirsiniz.

--
<a href="lezzethanem.com" rel="dofollow">Yemek Tarifi</a> ile çok kolay! Dilerseniz yemek tarifleri gönderebilir, arkadaşlarınızı davet edip takip edebilirsiniz.