Apple OS X SMB issues across VPN

Christopher R. Hertel crh at
Thu Oct 20 18:39:50 GMT 2005

On Wed, Oct 19, 2005 at 05:01:33PM -0600, Dan Tappin wrote:
> On Oct 19, 2005, at 9:48 AM, Christopher R. Hertel wrote:
> >Some questions:
> >
> >- Are you are using old-style NBT-based CIFS or new-style "naked"
> >  transport?
> I'll plead ignorance here.  I have no idea what the difference is or  
> how to find out.

> >- Does your firewall filter any of the VPN traffic, or does the VPN  
> >pass
> >  through the firewall untouched.
> I'll need to confirm this one.  I believe the firewall is not  
> filtering anything.  Saying that the data is still passing through  
> the devices and packets are being scanned but not altered or blocked  
> in any way but could still be a part of the issue.  The tunnel  
> between the subnets should be wide open.

If the traffic is untouched, that's good (and the configuration you
describe should still provide data protection).

I assume that the firewall systems are routing traffic between them and 
all appears transparent to the machines on the local networks.

> >- If you're using NBT, do you have an NBNS (a WINS server) and do  
> >  all of the clients talk to that NBNS?
> My Xserve is set as the 'Workgroup Master Browser' and I have 'Enable  
> WINS server' selected.

Do all of the clients point to the Xserve as their WINS server?

Actually, that shouldn't be the source of the problem since you are
getting access to the shares.  As I recall, the problem was incredible 
slowness once connected.  File transfers (reads and writes) were okay, but 
directory listing was very slow.  Is that right?

> >- Can you capture a trace for us?
> I did this once before... I can't recall the procedure on unix.

There should be a MacOSX port of Ethereal or tcpdump...

Chris -)-----

"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team --     -)-----   Christopher R. Hertel
jCIFS Team --   -)-----   ubiqx development, uninq.
ubiqx Team --     -)-----   crh at
OnLineBook --    -)-----   crh at

More information about the samba-technical mailing list