security = server

Christopher R. Hertel crh at
Sat Jun 18 15:59:54 GMT 2005

On Sat, Jun 18, 2005 at 01:09:13PM +1000, Andrew Bartlett wrote:
> I'm not sure how it applies to things like 'rabbit pellet mode', but the
> mechanism is different.  I only really know about the auth end of it.

The connection between "rabbit pellet mode" and security=server was based
on empirical observation.  I did some work for a company that was having 
trouble with this, with W/9x clients in particular.

Note that this was all several years ago, before Samba 3 was even out, so 
I don't know if the problem still exists.

The problem was easy to repeat, however.  If the W/9x client was talking
to a Samba server in security=server mode, and if the user was working
entirely through the GUI (Windows Explorer), then the writes would all be
very small (1536 bytes in the captures, which I still have) and each would
be followed by a flush operation.  It took forever to copy a file to the 

The problem went away if the share was mapped from the command line or if 
the server was in security=<anything other than server> mode.

Rabbit pellet mode occurs in more than the one situation I've described
above, but it's still rare enough that it hasn't been a top priority.  
Samba has had work-arounds for some (but not all) of the symptoms for
quite a while, and it's likely that newer versions of Windows are less

Anyway, at last years CIFS conference Ronnie Sahlberg said that he thought
he had found the answer.  His theory is that there are layering violations
in the Windows IP stack.  Lower layers report information back to higher
layers which react by changing their behavior.  This goes all the way up 
to the GUI in some cases.

So... the perceived latency caused by doing pass-through authentication
*could* trigger a higher layer to assume a WAN link, in which case it
*might* decide to call a flush() after every 1.5K write() (not sure
why...), which would cause rabbit-pellet mode.

I do remember an obscure KB article (I think Jeremy found it) that is no 
longer available.  It talked about the latency on satallite links causing 
what we call rabbit pellet mode.  That would be in line with Ronnie's 
explanation.  I wish I'd saved a copy, but it did say something about 
using flush to ensure that the file wouldn't get corrupted.  Urgh.

At the time, I was also working on a theory based on the idea that Samba 
was replying as if it were an NT server, and Windows NT servers don't 
really do pass-through mode.  The idea was that the 9x client might assume 
that latency from another 9x machine was 'normal', which is why using a 9x 
server didn't cause rabbit pellet mode, but using Samba did.

Odd stuff, this "Windows"...

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list