[cifs-protocol] [REG:111051779565831] RE: dfs referral for sysvol and windows XP
Hongwei Sun
hongweis at microsoft.com
Fri Jun 17 12:58:44 MDT 2011
Matthieu,
I will update you Monday or Tuesday.
Thanks!
Hongwei
-----Original Message-----
From: Matthieu Patou [mailto:mat at matws.net]
Sent: Friday, June 17, 2011 1:50 PM
To: cifs-protocol at cifs.org; Hongwei Sun; pfif at tridgell.net; MSSolve Case Email
Subject: Re: [cifs-protocol] [REG:111051779565831] RE: dfs referral for sysvol and windows XP
Hello Hongwei,
Any news on this ?
Matthieu.
On 08/06/2011 11:22, Matthieu Patou wrote:
> On 08/06/2011 02:01, Hongwei Sun wrote:
>> Matthieu,
>>
>> I confirmed that there is a problem with the Netmon parser when
>> displaying ReferralEntryFlag. The ReferralEntryFlags should be in
>> little endian. In the packet, it should be parsed as 0x0004 that has
>> TargetSetBoundary bit set for the first entry. So this is not the
>> problem. I will file a Netmon parser bug for that.
> Ok good !
>>
>> After looking further at the traces (XP to Samba and XP to Windows
>> server 2008R2), I think that the DFS referral v4 returned by Samba
>> doesn't seem to have any problem. The only differences between two
>> responses are if the DFSPath and DFSAlternativePath are shared
>> between ReferralEntries. This should not be the problem if the
>> correct offsets are used. The details are shown as below:
>>
>> Response from Samba:
>>
>> DfsPath: Index:1 \w2k8r2.home.matws.net\sysvol
>> DfsAlternatePath: Index:1 \w2k8r2.home.matws.net\sysvol
>> TargetPath: Index:1 \s2-w2k8r2.w2k8r2.home.matws.net\sysvol
>> DfsPath: Index:2 \w2k8r2.home.matws.net\sysvol
>> DfsAlternatePath: Index:2 \w2k8r2.home.matws.net\sysvol
>> TargetPath: Index:2 \ares.w2k8r2.home.matws.net\sysvol
>>
>> Response from Windows:
>>
>> DfsPath: \w2k8r2.home.matws.net\sysvol
>> DfsAlternatePath: \w2k8r2.home.matws.net\sysvol
>> TargetPath: Index:1 \s2-w2k8r2.w2k8r2.home.matws.net\sysvol
>> TargetPath: Index:2 \ares.w2k8r2.home.matws.net\sysvol
> Yeah I noticed this before, it's a limitation in our IDL compiler at
> the moment and it's uneasy to fix, but as far as I understand it's
> should be so much of a problem as the structure of the packet is
> correct (offset are correctly pointing to paths).
>
>> It seems that XP client did process the DFS Referral Response
>> v4 from Samba server correctly. The following is the analysis of
>> the events.
>>
>> Packet 339 XP ARES DFSC DFSC:Get DFS Referral
>> Request, FileName: \w2k8r2.home.matws.net\sysvol, MaxReferralLevel: 4
>> Packet 340 ARES XP DFSC DFSC:Get DFS Referral
>> Response, NumberOfReferrals: 2 VersionNumber: 4
>>
>> Two TargetPaths returned :
>> \s2-w2k8r2.w2k8r2.home.matws.net\sysvol,
>> \ares.w2k8r2.home.matws.net\sysvol
>>
>> Packet 345 XP ARES DNS DNS:QueryId = 0xB8C8,
>> QUERY (Standard query), Query for s2-w2k8r2.w2k8r2.home.matws.net
>> Packet 346 ARES XP DNS DNS:QueryId = 0xB8C8,
>> QUERY (Standard query), Response - Success, 172.16.100.27
>> Packet 442 ARES XP ICMP ICMP:Destination
>> Unreachable Message, Host Unreachable, 172.16.100.27
>>
>> The client goes to the first target
>> (s2-w2k8r2.w2k8r2.home.matws.net), but it is not reachable. Why
>> was s2-w2k8r2.w2k8r2.home.matws.net not accessible ? Was this
>> intended because you were testing the DFS target failover ?
> Well I tried to check that XP is a happy with samba4 as well as I
> expect him to be ok with Windows 2008R2.
>> Packet 634 XP ARES ICMP ICMP:Echo Request
>> Message, From 172.16.101.16 To 172.16.101.1
>> Packet 657 XP ARES KerberosV5 KerberosV5:TGS
>> Request Realm: W2K8R2.HOME.MATWS.NET Sname:
>> cifs/ares.w2k8r2.home.matws.net
>> Packet 659 ARES XP KerberosV5 KerberosV5:TGS
>> Response Cname: Administrator
>> Packet 668 XP ARES SMB SMB:C; Tree Connect Andx,
>> Path = \\ARES.W2K8R2.HOME.MATWS.NET\SYSVOL, Service = ?????
>>
>> The client fails over to the second target
>> (ares.w2k8r2.home.matws.net) and use the Kerberos to do session setup.
>>
>> It seems to me that when it fell back to NTLM, it was trying to
>> access IPC$ for srvsrc service, not to access SYSVOL or NETLOGON. I
>> don't see this in the trace between Windows. I am not sure if it is
>> related to the DFS Referral Response v4.
> The thing is that XP is very slow with DFS referral response v4, and
> not only the first call (as you might expect with the first call as it
> is testing first the s2-w2k8r2 server). With a DFS referral response
> v3 it's very quick and responsive.
>
> Also I noticed that most of the time XP comes to Windows server with
> level 3 request and not a level 4, is there anything in Windows server
> that trigger this behavior ?.
>
> Matthieu.
>
>
More information about the cifs-protocol
mailing list