[Samba] connecting to shares in other subnet : slow

Stefan G. Weichinger lists at xunil.at
Mon Aug 18 18:59:35 GMT 2008 

Greets, samba-users,

I contact this list because of a problem I face at a customer's site.

We run Samba version 3.0.28-0.6-1787-SUSE-CODE10 there on a SLES 10 SP2 
server. This server is located behind a firewall (run by me), that 
firewall allows all relevant Samba-ports through (137-139, 445).

The clients are located in a separated subnet, the routing between 
client- and server-subnet is run by an external service-provider, we 
have to trust in what they do (and say).

Connections work fine as soon as they are established, the problem is 
that the connecting itself takes way too long.

There's a small batch-script doing the "net use x: ..." and it sometimes 
takes up to half an hour (!) until the shares are connected.

connecting via telnet works fine, so routing and firewalling seems to 
work OK.

Today I narrowed things down via "smb ports = 445" but without improvements.

Doing a "net view \\our.server.domain.tld" returns the shares 
immediately, and we also use the FQDN in the batch-script.

As soon as the shares are connected, transfers are working fine and fast.

Connections within the server-net start up immediately as well, so the 
hardware and smb.conf should be OK also afaik.

[global]
	workgroup = ROM
	map to guest = Bad User
	log level = 2
	smb ports = 445
	printcap name = cups
	logon path = \\%L\profiles\.msprofile
	logon drive = P:
	logon home = \\%L\%U\.9xprofile
	usershare allow guests = Yes
	printing = cups
	cups options = raw
	print command =
	lpq command = %p
	lprm command =
	include = /etc/samba/dhcp.conf

the only speciality is that we use auditing in the shares, but I don't 
think this might be the reason:

[public]
	comment = fuer alle
	path = /mnt/public
	force group = users
	read only = No
	inherit acls = Yes
	vfs objects = full_audit
	full_audit:failure = all
	full_audit:success = all
	full_audit:priority = NOTICE
	full_audit:facility = LOCAL5


The logs don't show anything suspicious, at least nothing I understand 
as problematic.

I'll be happy to provide any logs and/or tcpdumps or something if needed.

Does anyone have any pointer for me?

Thanks in advance, best regards,
Stefan

More information about the samba mailing list