Hi!
Hopefully you have heard of a new security hole called POODLE in SSL.
If not, click here!
How can you secure your Windows Phone? Here's the answer!
You need:
A interop unlocked Windows Phone
A registry editor on your phone
Follow those steps:
Start Internet Explorer on your Phone and navigate to https://www.ssllabs.com/ssltest/viewMyClient.html
You will see what protocols are supported by your browser. close Internet explorer (hold back key and close, not just minimize)
Fire up your registry editor and navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Change the value SecureProtocols to 32. Create this value if it doesn't exist.
Start Internet Explorer again and navigate to the page mentioned in Step 1. Look for supported protocols, it should display only SSL 3.0 - IT WERKS! Close IE again.
Now set the value SecureProtocols to 2688. This enables TLS 1.0/1.1/1.2 and disables SSL 2.0/3.0.
Start Internet Explorer again and navigate to the page mentioned in Step 1. Look for supported protocols, it should display TLS 1.0, 1.1, 1.2 AND SSL 3.0. Because the server is configured to downgrade to SSL 3.0, if TLS isn't supported. This may change in the future (hopefully).
Possible Values for SecureProtocols:
SSL 2.0 - 8 - 0x0008 (not supported on many websites, not recommended)
SSL 3.0 - 32 - 0x0020
TLS 1.0 - 128 - 0x0080
TLS 1.1 - 512 - 0x0200
TLS 1.2 - 2048 - 0x0800http://forum.xda-developers.com/#
2688 = 128 + 512 + 2048 = TLS 1.0 + TLS 1.1 + TLS 1.2
Tested on a Samsung ATIV S GT-I8750 using IO Explorer and WPHTweaks.
Thanks to
-W_O_L_F- and WindowsMania.pl for their excellent cutom ROMs
Jaxbot and Jessenic for the WPHTweaks App
contable for the IO Explorer App
and everyone involved in the great Windows Mobile and Windows Phone development and hacking community
and every member of XDA of course
Best regards,
Mr nUUb
EDIT: visit poodletest.com, it displays different images for SSL and TLS.
EDIT 2: Opera mini (beta) is not vulnerable.
Great guide. However, if the phone will still downgrade to SSL3 - that is, if you can't turn *off* SSLv3 - then you aren't safe. That's about half of the point of POODLE; it's possible to force most browsers and servers to downgrade to the obsolete protocol by just closing any connection attempts that report support for a newer version.
EDIT: Make darn sure you do *not* leave that option set to 32 (0x20, SSLv3 only)! That will not only leave you insecure, it will make the phone not work with any server which is configured to be TLS-only (and many will, in the wake of POODLE).
By the way, on "normal" Windows, this data is stored in the per-user registry hives (HKCU). My phone doesn't have the relevant registry value in either location, but it does have the registry *key* under HKCU, so you can (and possibly should) set it there instead of in HKLM.
I haven't tried this yet, though, so test it.
GoodDayToDie said:
Great guide. However, if the phone will still downgrade to SSL3 - that is, if you can't turn *off* SSLv3 - then you aren't safe. That's about half of the point of POODLE; it's possible to force most browsers and servers to downgrade to the obsolete protocol by just closing any connection attempts that report support for a newer version.
EDIT: Make darn sure you do *not* leave that option set to 32 (0x20, SSLv3 only)! That will not only leave you insecure, it will make the phone not work with any server which is configured to be TLS-only (and many will, in the wake of POODLE).
Click to expand...
Click to collapse
The phone won't dongrade to SSL 3.0. Qualys SSL Labs only show the highest supported encryption protocol. Because TLS is supported, they say SSL 3.0 is supported as well.
I edited my first post. Visit http://www.poodletest.com/, to check wether your browser sill downgrade to SSL or not. Make sure you refresh the page after you restarted your browser.
And you are right, NEVER EVER leave this option set to 32. And never set it to 2560, as this will disable TLS 1.0 and enable TLS 1.1/1.2.
Not even MS supports those encryption protocols, they really use TLS 1.0 - even if TLS 1.0 is slightly insecure and could be exploited (which practically never happens).
Poodletest is a good site for this, yes.
So, I set it in the user hive and it works, but it's a pain to do it using SamWP8 Tools because the way that the tools write to the registry uses a driver running under a different user than the DefApps user that normal apps (including IE) run as. Therefore, its concept of "current user" is different. You can use HKEY_USERS and specify the user explicitly - on my phone, the DefApps user is S-1-5-21-2702878673-795188819-444038987-2781 so the whole path to the key is
Code:
S-1-5-21-2702878673-795188819-444038987-2781\Software\Microsoft\Windows\CurrentVersion\Internet Settings
. However, be aware that this will be different on different phones, as a part of each user's SID is machine-dependent and will be different for every phone (should even change when you do a hard reset). You can find the correct SID from the Webserver app - just poke around in HKEY_USERS - but that's a pain HKLM is probably the better approach, if it works.
Thanks again for looking this up and posting instructions!
Related
I've had my Exec a few weeks now and generally am well chuffed however a big problem seems to be it will not log in to my internet banking
Does anyone know how or if it's possible to log in to Abbeys IB?
A friend of mine has no problem with HSBC so I guess it must be Abbey some how.
Anyone got it to work?
I don't bank with Abbey, but if I was to take an educated guess, its most likely because their internet banking website needs a browser that supports Java and I do not think PIE does.
I am with Abbey, I think their site does not recognise the Universal browser (PIE) and so throws up the page you are getting. I seem to remeber seeing a post on XDA-Developers regarding changing the registry to make PIE report itself as a standard IE on a desktop PC, Abbey would think everything is okay and would continue sending you the pages you are meant to see, how PIE handles them is another matter but from memory their site is nothing clever and PIE should be able to handle it okay.
Good luck,
Let me know if you get anywhere
Ok guys, any of you clever so and sos know how to do this?
Go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\ key.
Set the default value to "Mozilla/4.0" (Default is "Mozilla/2.0").
Set the "Version" value to "MSIE 5.5" (Default is "MSIE 3.02").
Set the "Platform" value to "Windows NT 5.0" (Default is "Windows CE").
You are a genius!!!
It's working a treat
negatong said:
Go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\ key.
Set the default value to "Mozilla/4.0" (Default is "Mozilla/2.0").
Set the "Version" value to "MSIE 5.5" (Default is "MSIE 3.02").
Set the "Platform" value to "Windows NT 5.0" (Default is "Windows CE").
Click to expand...
Click to collapse
Would that cause any problems with other webpages or would it just ensure you always get the full webpage as in a desktop ie ? Its like when I go to google on my Exec, I always get the cut down pda version.
knowsleyroader said:
Would that cause any problems with other webpages or would it just ensure you always get the full webpage as in a desktop ie ? Its like when I go to google on my Exec, I always get the cut down pda version.
Click to expand...
Click to collapse
I believe it would only cause problems where the website you're visiting delivers content based on the user-agent. By making those registry changes, you are basically telling PocketIE to pretend that it's a full version of IE running on Windows XP, so any sites that are optimised for spitting out mobile content would send you the full version (including google; try it and see, you can always change the values back to what they were). If you want to get the PDA interface to google every time, just go to http://www.google.com/pda (or www.google.countrycode/pda ), this works in whatever browser you use.
So I have the tweaks2k2 and I changed the browser to IE 6.0 so that websites will think I am browsing with IE 6. This has worked great with my banking sites that will not allow PIE.
I have a certain website I need to access and can not. Either with IE 6 glitch or with PIE. Is there anything I can do, or any program that I can use to access the website in question?
The website is www.ringcentral.com which is where I receive my faxes, so it would be great to access my faxes on the go. FISH
Today I have installed the final purchase version of Netfront 3.3 browser. I clicked on the link you mentioned and was able to fully open it. However going further required a log-in. Since I am not a registered user could not move further.
Why don't you give Netfront 3.3 a try. There is a free trial version available.
Hope this helpes
Regards
I tried the site in Opera (set as handheld and set as desktop computer, same as the IE6 trick) and in PIE, all work.
NetFront 3.3 for WM5.0 Viewed as IE 6.0
I have tweaks2tweaks set to make NetFront 3.3 show us as IE 6.0 and it is not working. When I go to Yahoo.com it is asking me to move to a higher browser namely IE6.0.
Can anybody please help with this - it is driving me batty!!!
THANKS...
KMV
Houston, TX.
In order to allow netfront 3.3 to behave as a real IE 6 you can write your own user-agent as follows:
1: Go to menu / tools / browser settings and the misc tab.
2: The user agent drop down list will be showing "Netfront v3.3 Standard"
3: From the drop down list select the --- and press edit
4: Under Title enter any name say Real PC
5: In the user agent field very carefully write the following keeping very special care of spaces and colons:
Mozilla/4.0 (Compatible; MSIE 6.0; Windows NT 5.0/5.0) Opera 8.60
6: In appName write Internet Explorer
7: In appVersion write 6.0
8: in appCodeName write Mozilla
9: in Language / platform write en and pc respectively and press the ok soft key
Now make sure by navigating to tools / browser settings / misc tab that the user agent you have just written is selected in the drop down list.
You should now be able to access almost any website that the real IE can do. I have had quite a bit of success with this user agent and hope this helps you as well.
Regards
I have always used MultieIE and Opera Browser,
Multie IE takes over the pointless included PIE browser and adds tabs etc,
Opera a seperate program, although a little Large in Size its fine when installed to mem card.
effectively and this is active for my Nationwide Tinternet Banking, if a site cant be accessed by Multi then Opera will get it,
At work so cant test it on Multi at the moment, but i will update this post when i get chance,
**edit**
OK Using MultiIE I have been able to get to the homepage without problem but also i have no login details so cant really test it fully
srmz said:
In order to allow netfront 3.3 to behave as a real IE 6 you can write your own user-agent as follows:
1: Go to menu / tools / browser settings and the misc tab.
2: The user agent drop down list will be showing "Netfront v3.3 Standard"
3: From the drop down list select the --- and press edit
4: Under Title enter any name say Real PC
5: In the user agent field very carefully write the following keeping very special care of spaces and colons:
Mozilla/4.0 (Compatible; MSIE 6.0; Windows NT 5.0/5.0) Opera 8.60
6: In appName write Internet Explorer
7: In appVersion write 6.0
8: in appCodeName write Mozilla
9: in Language / platform write en and pc respectively and press the ok soft key
Now make sure by navigating to tools / browser settings / misc tab that the user agent you have just written is selected in the drop down list.
You should now be able to access almost any website that the real IE can do. I have had quite a bit of success with this user agent and hope this helps you as well.
Regards
Click to expand...
Click to collapse
Well, it doesn't need to be THAT complicated. Please read the NetFront 3.3 section in my article "TUTORIAL: Change the User Agent your Pocket PC browser uses to make Web servers think you’re a fully-fledged desktop browser!" at http://www.pocketpcmag.com/blogs/index.php?blog=3&p=796&more=1&c=1&tb=1&pb=1 . It's full of screenshots.
glump2806 said:
OK Using MultiIE I have been able to get to the homepage without problem but also i have no login details so cant really test it fully
Click to expand...
Click to collapse
MultiIE 4.0 is pretty OK, albeit, now, I'd recommend PIEPlus over it.
where can i get Multi IE or PIE plus ?
For those of you who cannot browse GOOGLE sites using the unlimited T-Mobile GPRS/EDGE plan do the following:
On your WM5 device, use a registry editor and do the following:
Go to HKLM\Comm\Cellular Line\Parms\tcpip
and add a DWORD registry key called MTU with value 1460 (UPDATED)
Open PocketIE/Opera/Netfront and go to any Google page you want!
Oh, and make sure your internet gateway is using:
internet2.voicestream.com
It seems as though the fix is not working for all cities.
I'm actually in New York City, so I guess the MTU values could be different in different areas. Works great on an MTU of 1460 in NYC.
You can try values from 1500 (default) all the way down to 1400.
Trial and error, if it does work for you though, please post the city and MTU value you got it working with.
Goodluck everyone. I have been struggling with this since February and am really pleased I have finally managed to resolve it.
If there are any other New York City T-Mobile users, please confirm the fix.
Thanks.
The following solution worked for me on my T-Mobile MDA. Note: the NdisWan key did not exist, I had to create it from scratch. Before adding the information below into my registry, I was unable to get past the initial google page. Now I can google anything, and use google maps too! And BTW I am in Long Island.
Change the MTU Settings for PPP Connections
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NdisWan\Parameters
Add a Protocols subkey (if it does not already exist). To do so:
a. On the Edit menu, point to New, and then click Key.
b. Type Protocols, and then press ENTER.
4. Add a 0 (zero) subkey to the Protocols subkey. To do so:
a. Click the Protocols subkey that you created step 3.
b. On the Edit menu, point to New, and then click Key.
c. Type 0 (zero), and then press ENTER.
5. Click the 0 subkey that you created in step 4.
6. On the Edit menu, point to New, and then click DWORD Value.
7. In the Value data box, type ProtocolType, and then click OK.
8. On the Edit menu, click Modify.
9. In the Value data box, type 800, make sure Hexadecimal is selected under Base, and then click OK.
10. On the Edit menu, point to New, and then click DWORD Value.
11. Type PPPProtocolType, and then press ENTER.
12. On the Edit menu, click Modify.
13. In the Value data box, type 21, make sure Hexadecimal is selected under Base, and then click OK.
14. On the Edit menu, point to New, and then click DWORD Value.
15. Type ProtocolMTU, and then press ENTER.
16. On the Edit menu, click Modify.
17. Under Base, click Decimal, type the MTU size that you want in the Value data box, and then click OK.
18. Quit Registry Editor.
19. Restart your computer.
The MTU size that worked with the customer I was talking to was 1350.
Squuiid said:
For those of you who cannot browse GOOGLE sites using the unlimited T-Mobile GPRS/EDGE plan do the following:
On your WM5 device, use a registry editor and do the following:
Go to HKLM\Comm\Cellular Line\Parms\tcpip
and add a DWORD registry key called MTU with value 1450
Open PocketIE/Opera/Netfront and go to any Google page you want!
Oh, and make sure your internet gateway is using:
internet2.voicestream.com
Click to expand...
Click to collapse
This worked PERFECTLY! I'm in NYC as well and 1450 worked. (for what's it worth, that long process also described in this thread DID NOT work for me)
Squiid you are the man I work in NYC and live in NJ works like a charm... it's especially great cause i'vee ben trying to access all my gmail and GFYD accounts and it's been so inconsistent. It works well thus far thanks!
Squiid you are the man I work in NYC and live in NJ works like a charm... it's especially great cause i'vee ben trying to access all my gmail and GFYD accounts and it's been so inconsistent. It works well thus far thanks!
The registry fix for MTU of 1450 seems to be working in Dallas, thanks for the tip.
ok... so right after I added the editi in the registry it worked right away I was sitting at the starbucks on W35th and 7th. Then I went to a building right down the street and had to google something I couldn't access any google page.
I had great service in the building just no google pages which thought I had fixed. Now I can't access them from anywhere in the city again? the MTU edit is still in my registry.
Any ideas on this? thanks?
This worked for me, PHL market.
It allowed me to get to google.com.
However I still can't access any of the other google sites. (local/maps)
MTU of 1460 best
Have done some adittional testing, an MTU value of 1460 works best!
1450 sometimes works on all google sites other times not.
1460 seem to work all the time.
Please leave your feedback, and for those that have, thanks.
Not working here
Squuiid said:
For those of you who cannot browse GOOGLE sites using the unlimited T-Mobile GPRS/EDGE plan do the following:
On your WM5 device, use a registry editor and do the following:
Go to HKLM\Comm\Cellular Line\Parms\tcpip
and add a DWORD registry key called MTU with value 1460 (UPDATED)
Open PocketIE/Opera/Netfront and go to any Google page you want!
Oh, and make sure your internet gateway is using:
internet2.voicestream.com
Click to expand...
Click to collapse
I´m not with T-Mob but I do have these problem, I tried the values you suggested but doesn´t seem to work. Is there a range of values that I should try?
I figure out myself
luiggi said:
I´m not with T-Mob but I do have these problem, I tried the values you suggested but doesn´t seem to work. Is there a range of values that I should try?
Click to expand...
Click to collapse
Here one may find a useful list of values depending of the connection type
http://www.stearns.org/p0f/mtu.h
by the way, none of these worked for me.
adamb2k6 said:
The following solution worked for me on my T-Mobile MDA. Note: the NdisWan key did not exist, I had to create it from scratch. Before adding the information below into my registry, I was unable to get past the initial google page. Now I can google anything, and use google maps too! And BTW I am in Long Island.
Change the MTU Settings for PPP Connections
Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NdisWan\Parameters
Add a Protocols subkey (if it does not already exist). To do so:
a. On the Edit menu, point to New, and then click Key.
b. Type Protocols, and then press ENTER.
4. Add a 0 (zero) subkey to the Protocols subkey. To do so:
a. Click the Protocols subkey that you created step 3.
b. On the Edit menu, point to New, and then click Key.
c. Type 0 (zero), and then press ENTER.
5. Click the 0 subkey that you created in step 4.
6. On the Edit menu, point to New, and then click DWORD Value.
7. In the Value data box, type ProtocolType, and then click OK.
8. On the Edit menu, click Modify.
9. In the Value data box, type 800, make sure Hexadecimal is selected under Base, and then click OK.
10. On the Edit menu, point to New, and then click DWORD Value.
11. Type PPPProtocolType, and then press ENTER.
12. On the Edit menu, click Modify.
13. In the Value data box, type 21, make sure Hexadecimal is selected under Base, and then click OK.
14. On the Edit menu, point to New, and then click DWORD Value.
15. Type ProtocolMTU, and then press ENTER.
16. On the Edit menu, click Modify.
17. Under Base, click Decimal, type the MTU size that you want in the Value data box, and then click OK.
18. Quit Registry Editor.
19. Restart your computer.
The MTU size that worked with the customer I was talking to was 1350.
Click to expand...
Click to collapse
I'm using an 8525 with
CE5.2.1622 ( Build 18128.0.4.4 )
ROM 3.62.502.3 ( 10/11/07 )
Radio 1.16.00.00
Protocol Ver: 32.53.7018.01H
( Yes I used pof's SIM/CID Unlocker....way to go pof ! )
Anyway, I've tried adding these keys ( which, by the way, once I reboot the 8525, I lose all BUT the "ProtocolType" entries under the "0" key ), and setting my MTU from 1430 to 1460 as the original author suggested, and I can get past google.com, and it simply dies "Opening" gmail/calendar/maps.
THe funny thing is I'm running Xplode's WM6 ROM for BlueAngel on an older Siemens SX-66, and even though it DOESN'T have any of these entries mentioned, it works....I can go to gmail just fine, even without the registry settings.
Has ANYONE gotten a consistent solution to this ? Is there any particular ROM image someone can recommend to move to that includes fixes for this ?
Thanks.
Updated Radio ....still doesn't work.
I updated the Radio ROM To 1.54.30.10, and it still doesn't work. Even though now, I have 2 "cellular line" entries in the HKLM\COMM section of the registry.
HTC P6500 & HP IPaq 614c PPP Protocol MTU
Hi everyone,
I am wondering if any can look over my problem and possibly offer some advice?
I have a problem probably generic to most PDA devices where i can not change the MTU size for the PPP Protocol.
I have made the changes as advised in this thread and neither have worked for me, the MTU is still default 1500.
Changes made are as follows:
"HKLM\Comm\Cellular Line\Parms\tcpip" Set to 1450, MSS is still 1460
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\Parameters\Protocols\0" and also changed \Parameters to \Parms as they all within Registry on WM6 and set ProtocolMTU, PPPProtocolType and ProtocolType as in XP, MTU set to 1450 but the MSS is still 1460.
I am using Windows Mobile 6.
The tool i use on the PDA is the Microsoft Power Toys Analyzer, copy the file to my XP machine and open the netlog0 file with Wireshark and investigate the capture.
The latter of the two keys is how the MTU is changed on a Windows XP machine.
I do know that data cards connected to a PC that use the WWAN protocol for GPRS connection will list a Wireless Network Interface card and for that the MTU would be changed under the network adapter itself, if they are using the PPP Protocol and listed as a Dial Up adapter the the latter key above must be used, all tested and works a treat.
I am imaging that PDA devices must work in the same way.
The devices i am currently using definatly use the PPP Protocol to connect, can anyone advice how this MTU is changed or even advice how to tweak registry to get GPRS to use WWAN, the latter may be impossible for me as i am not a software developer, tweaks i can handle.
Well thanks for looking at my post and i hope someone can point me into the correct direction.
Many Thanks
Martin.
Hi guys, just a quick and imple question.....
how can i turn my pocket IE to a full IE so that i can view full websites and not be pointed to a mobile version of some websites.... Its very annoying.
I did it once before, but i cant remember what i did and cant find any posts that show how to change reg to do it...
cheers.
Joey
Yeah, just change the user agent. It's in the wiki somewhere.
Change Pocket IE to IE Version 5.5 (For Secured Sites)
* Go to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\ key.
* Set the default value to "Mozilla/4.0" (Default is "Mozilla/2.0").
* Set the "Version" value to "MSIE 5.5" (Default is "MSIE 3.02").
* Set the "Platform" value to "Windows NT 5.0" (Default is "Windows CE").
This will only work on some secure sites that check version number rather than perform a check for support of secured transactions.
This registry hack will make Pocket Internet Explorer identify itself as IE 5.5 on Windows 2000. However it will prevent web sites that provide Pocket PC specific content to be able to know you're actually using a Pocket PC.
..................................................................................................
im assuming you mean the above,
ive checked my reg files and it shows on mine that :
mozilla is set to 4.0
MSIE is set to 6.0
platform is set to Windows CE
this is default with WM6. ive changed them and it still does not work.....
any suggestions??
Hello all. I did ask this question in the Hermes section but no answers slo I thought I would as in here as it is a networking type problem.....
I have a Maxtor Shared Storage II drive on the wireless network. All the XP PCs can see and access the device no problems.
The Hermes is running official WM6. When I use Resco Explorer to try to map a network drive, it isn't there, but any XP computer that is switched on at the time, is in the list in Resco.
If the I check the properties on the NAS's folders on a XP machine then its reported as a NT server 4.9 drive??
The drive has the feature of a media server on the menu system which as yet I havnt had time to play with so far.
Any help greatfuly appreciated
Cheers
Chris.
not sure about yours but the tests i read about those maxtor nas mybooks require some special software on the pc to access them
if that is the case with yours and they dont have an ppc version
you are out of luck
Yes I do agree there is maxtors software on the PC to access various functions, but before I installed the software I could see the public folders that were already installed on the NAS...!
Chris
It's nothing to do with them being NAS Storage. As far as the network is concerned they are just windows network shares. I'm having the same problem - I can't access shares over my wifi network on my Hermes.
I have a file/web/ssh server and I can easily access it using a browser or with PocketPuTTY and I can ping it with vxutil but I can't connect to the shares even though I can ping the hosts and see the networked devices in Resco and PocketLAN. Total Commander doesn't work either!
I'm sure it's something to do with routes/subnets and have tried setting the proxy options in "settings">"connections">"connections">"advanced">"select networks" and also changing the options for "My network card connects to" in Network Adaptors.
I want to use a "cooked" rom but this seems to be the source of the problem - I've flashed another rom on my Hermes and it connected fine. I'm having the same problem with my HTC Universal and I also had a problem with my Wizard but I managed to fix it by modifying the "connections" (see above!).
I've got the same problem with my NAS (Maxtor Shared Storage II).
BTW, I don't think the Maxtor Connect Manager utility is required , I've connected to the NAS from XP and OS X without the utility running.
My 8525 (WM 6) cannot see the NAS in network neighborhood , even though the IPs are pingable.
The 8525 cannot see the share on my MacBook Pro either.
I have no problem with a share on my Win XP SP2 computer ... it even streams media (divx, MP3 , windows media) to my 8525. Mapped with Resco Pocket Explorer with no problem.
I think the MAC and the MSS II (www.openmss.org) are linux/Samba network based and WM cannot connect. If any linux guru can verify and provide assistance, it would greatly be appreciated.
Wow ! Streaming media from a NAS on the 8525 ... a dream so far ......
I don't think this is a linux problem - the shares I am accessing are on a linux samba server. I can access the shares using different rom versions on my hermes and my universal (just not using the rom I really want to use!). My wizard (WM6) connects to the shares fine!
h0me5k1n said:
I don't think this is a linux problem - the shares I am accessing are on a linux samba server. I can access the shares using different rom versions on my hermes and my universal (just not using the rom I really want to use!). My wizard (WM6) connects to the shares fine!
Click to expand...
Click to collapse
Thanks h0me5k1n !
Can you share the method or application and version your using to make the share with Samba ?
Is the NAS/Share visible in network neighborhood or is the connect string manually entered ?
dy57 said:
Is the NAS/Share visible in network neighborhood or is the connect string manually entered ?
Click to expand...
Click to collapse
When I have used resco to attempt the connection I can see the host PCs in the network neighborhood but cannot see the shares on each host PC (neither windows or linux).
I have always connected using the netbios name - using the ip address has never worked as far as I can remember. I have always used Total Commmander (I only tried other apps because Total Commander wasn't working) and I've always used the latest version.
I've just switched my Hermes to another rom.... K's rom V1.21... and I can browse my network shares again (windows and linux) and the rom is the only difference. It's a nice rom too so I'm gonna leave it for now.
An example of my working setup: I have a computer called "mediacentre" with the IP of 192.168.0.234. I can connect over wifi using Total Commander with the addresses of "\\mediacentre" and "mediacentre" but neither "\\192.168.0.234" nor "192.168.0.234" work!! Exactly the same thing with another rom did not work!!
Maybe this is something to do with the network configuration of the base rom from which the cooked rom is built?
It's definitely not a linux/windows/maxtor problem!
h0me5k1n said:
I have always used Total Commmander...
Click to expand...
Click to collapse
I've just installed Total Commander 2.0 (http://www.ghisler.com/pocketpc.htm ) a few days ago and haven't gotten around to using it . It's not a very intuitive app when it comes to making network connections. I also noticed that TC has plugins for other files systems (http://www.ghisler.com/plugins.htm#filesys).
Did you have to use one of the other plugins or any special protocols on the NAS (i.e. VPN , FTP, etc.) ? - Sorry for the multiple questions in detail , but I'm a linux newbie \ : ) .
If I get the figured out, I'll try to publish a detailed "how-to" since I seen the same question w/o solution on other forums.
Thanks-In-Advance
I find TC very easy to use - especially the virtual 2 window mode!!
To connect I just open the \\Plugins folder, choose LAN and can connect with "_Quick open" or by setting up a "<new server>" with the addresses of "\\mediacentre" or "mediacentre" (as per my example below).
I have not had to use any other plugins from the TC site and my NAS is basically a ubuntu (debian) system with a number of samba shares (which are basically the same as shared folders on windows). The shares on my server are viewable by all on my local network so no password is needed to access them although they are "read only". I have a WinXP desktop too with shared folders and I connect to this in exactly the same way.
No joy ......
Just went thru several attempts using Total Commander to connect to the MSS II and still no connection. Just did a search on the forum for "SAMBA" and it seems there are other folks out there in the same boat.
Some possible factors I can this of are :
- security on the NAS Share
- different flavors on linux used on the shares
- the application on WM used to connect (resco, File Explorer, TC, etc)
- some obscure setting on the Router/Hub /Switch
- version of WM (2003, 5, 6 , )
BTW - after installing TC I lost the connection to my Win XP share which used to work via Resco. (arghhhh!) .
Why is this such black magic that only functions under a full moon?
My head is spinning now !
This link looks hopeful :
http://cri.ch/linux/docs/sk0014.html
More trial and error for now ....
Anybody else care to weigh-in with some advice ?
Kaiser + NAS (Linux + Samba) + L26 Diamond V4 = works!
Solution for those using Kaiser (TyTN II):
I just flashed http://forum.xda-developers.com/showthread.php?t=395555 (Kaiser Diamond V4), and my Synology DS-207+ (Linux + samba shares) is visible and accessible from every software (Total Commander, Resco, File Explorer).
Previously I used to flash Dutty's ROMs and original ones - they do not work with samba. I wrote to Dutty - hope he'll find how to fix (I love his ROMs).
Good luck! Now I'm able to watch videos on Kaiser from my NAS via WLAN, I'm happy ;-)
dah54 said:
Interesting... As far as I can tell, Total Commander, Resco Explorer, File Explor, and the Network Plugin all call the same password manger in WM6 and that manager does not send the passwords in a form that SAMBA understands.
In theory changing the key at HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel to 2 from 3 should do what I need, and enable the Universal to communicate with my SAMBA server. That it doesn't suggest to me that there is a problem with the LM security provider.
Click to expand...
Click to collapse
OK. The correct answer is here:
Change HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel to 1 from 3, not to 2 (ref: http://msdn.microsoft.com/en-us/library/aa922895.aspx and http://msdn.microsoft.com/en-us/library/aa925018.aspx) as "You can also set the LmCompatibilityLevelServer value to 2 or to 3. Both of these specify that the server will only use NTLM v2. Authentication will fail if the client is not capable of NTLM v2 protocol. For more information, see Authentication Services Registry Settings".
And check to make sure HKLM\Comm\Redir\SmbSignatureMode is set to 0 (not recommended 'cos it may cause problems with windows servers), 1 or 2, but not 3 (ref: http://msdn.microsoft.com/en-us/library/aa921092.aspx).
And you can try to set HKLM\Comm\Redir\AllowedAuthMethods to 3 to see if it makes any difference. To me, 2 works fine.
No need to modify samba configurations if you are running a recent version of samba (3.0.28 right now). Anyway, you can always try to add "use spnego = no" (maybe "client use spnego = no" or "spnego = no" as stated and/or quoted in other posts/web pages, I'm not sure of it.) to see if it makes any difference in your situation/samba version.
If you have admin privledges on the windows/linux machine, you can install orb on it. I've done that to my xp machine at home and now from anywhere on my ppc I can access anything I want from my home machine... it also checks to see what the files are at home and can sort them into categories like music, documents, videos, etc.
I'm not sure if it will work with orb installed on a pc to look over the network to a NAS, but mine looks through usb to an attached drive.
Worth a shot and a very simple solution to the problem.
jnjn said:
OK. The correct answer is here:
Change HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel to 1 from 3, not to 2
as "You can also set the LmCompatibilityLevelServer value to 2 or to 3. Both of these specify that the server will only use NTLM v2. Authentication will fail if the client is not capable of NTLM v2 protocol. For more information, see Authentication Services Registry Settings".
And check to make sure HKLM\Comm\Redir\SmbSignatureMode is set to 0 (not recommended 'cos it may cause problems with windows servers), 1 or 2, but not 3.
And you can try to set HKLM\Comm\Redir\AllowedAuthMethods to 3 to see if it makes any difference. To me, 2 works fine.
No need to modify samba configurations if you are running a recent version of samba (3.0.28 right now). Anyway, you can always try to add "use spnego = no" (maybe "client use spnego = no" or "spnego = no" as stated and/or quoted in other posts/web pages, I'm not sure of it.) to see if it makes any difference in your situation/samba version.
Click to expand...
Click to collapse
perfect, it working!!! to me it work with:
HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel = 3
HKLM\Comm\Redir\SmbSignatureMode = 1
HKLM\Comm\Redir\AllowedAuthMethods = 3 - it was critical parametr
many thanks
(WM6, Artemis, Resco Explorer, NAS Synology DS210j)
evgenerous said:
perfect, it working!!! to me it work with:
HKLM\Comm\SecurityProviders\NTLM\LmCompatibilityLevel = 3
HKLM\Comm\Redir\SmbSignatureMode = 1
HKLM\Comm\Redir\AllowedAuthMethods = 3 - it was critical parametr
many thanks
(WM6, Artemis, Resco Explorer, NAS Synology DS210j)
Click to expand...
Click to collapse
strange, these two keys don't exists under HKLM\Comm:
HKLM\Comm\Redir\SmbSignatureMode = 1
HKLM\Comm\Redir\AllowedAuthMethods = 3 - it was critical parametr
many thanks