Accessing Samba with Pocket PC 2003

Christopher R. Hertel crh at
Wed Aug 11 00:12:08 GMT 2004

On Tue, Aug 10, 2004 at 04:47:33PM -0700, Jeremy Allison wrote:
> On Tue, Aug 10, 2004 at 06:54:29AM -0400, Eric Glass wrote:
> > > I took a look at all of these catures, but none of the
> > > pocketpc -> winxp client captures are useful. Neither
> > > the first nor third capture contains a negotiate protocol
> > > setup packet, meaning the session was already established
> > > when you started the capture.
> > > 
> > 
> > One thing I noticed on the pocketpc-samba capture; the pocketpc is
> > indicating DOS error codes w/Extended security (which I didn't know
> > was valid -- I thought extended security implied NT error codes). 
> > Samba's reply indicates it is using NT error codes.
> > 
> > If Samba is making the same assumption I did (extended security ->
> > client must support NT error codes) this could be the reason for the
> > failed negotiation.
> Very interesting -  thanks. Florian, can you try setting the
> [global] parameter :
> nt status support = no
> in your smb.conf and see if this fixes the problem. That
> would give me a much clearer idea of what may be going on.

In my book I have the following note:

  !Strange Behavior Alert:
  If the client negotiates Extended Security with a Windows2000 server and
  also negotiates DOS error codes, then the SESSION SETUP ANDX will fail,
  and return a DOS hardware error. (!?)

      ErrorClass = 0x03   (Hardware Error)
      ErrorCode  = 0x001F (General Error)

  Perhaps W2K doesn't know which DOS error to return, and is guessing. The 
  bigger question is: why does this fail at all?

  The same SMB conversation with the NT_STATUS capability enabled works
  just fine. Perhaps, when the coders were coding that piece of code, they
  assumed that only clients capable of using NT_STATUS codes would also
  use the Extended Security feature. Perhaps that assumption came from the
  knowledge that all Windows systems that could handle Extended Security
  would negotiate NT_STATUS. We can only guess...

  This is one of the oddities of SMB, and another fine bit of forensic SMB
  research by Andrew Bartlett of the Samba Team.

It's in section

I remember Andrew sending me a capture of this.  I'm interested in how
this all turns out.  If the above is wrong, then I'd like to include an
annotation in the online version explaining what we find.

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list