Apple OS X SMB issues across VPN
Christopher R. Hertel
crh at ubiqx.mn.org
Thu Oct 20 20:46:26 GMT 2005
On Thu, Oct 20, 2005 at 02:14:20PM -0600, Dan Tappin wrote:
> I had this explanation given to me:
> > it's basically whether the filesystem request packets are wrapped
> >in the old NetBIOS
> > headers. NBT transport is on port 139 while the naked CIFS is on
That's close enough. As it turns out, both NBT and naked TCP transports
wrap the SMB packets in the same header. The only difference between the
two is that NBT requires a NetBIOS Session Request/Response before
establishing the connection.
The real key to NBT is what happens on port 137/UDP. That's where the
namespace management occurs.
...but that's not important to the issues you're dealing with.
> xserve:~ admin$ netstat -an |grep 139 ; netstat -an |grep 445
> tcp4 0 0 192.168.0.2.139 192.168.0.158.3183
> tcp4 0 0 192.168.0.2.139 192.168.2.178.1381
> tcp4 0 0 192.168.0.2.139 192.168.0.131.1029
> tcp4 0 0 *.139 *.*
> tcp4 0 0 192.168.0.2.445 192.168.0.190.1061
> tcp4 0 0 *.445 *.*
> xserve:~ admin$
> 192.168.0.2 is my Xserve running Samba.
Yep. It's listening on both 139 and 445, but most of the clients are
connecting to port 139. At least one client (192.168.0.190) is connected
to port 445. Hmmm...
Samba can handle that just fine, but it's worth keeping in mind.
> >As I recall, the problem was incredible
> >slowness once connected. File transfers (reads and writes) were
> >okay, but
> >directory listing was very slow. Is that right?
> Yes that is the problem exactly. The local LAN 192.168.0.* is fine
> but the VPN LAN 192.168.2.* is awful. They can see the shares but
> directory listings / transfers are unusable.
Are file transfers slow as well, or are they working correctly?
Also, is it only Mac to Mac or are Windows clients also having trouble
talking to the Xserve?
> tcpdump is standard on OS X but I'm at a loss as to which CLI options
> I need to add to get the data you are looking for.
# tcpdump -i <interface> -s0 -w capture.cap host 192.168.0.2
...then let it run while you try to browse up and down in any directories.
Once you've got the capture, copy it to a machine that has Ethereal (easy
install on Windows and Linux) and take a look. Make sure there's no
sensitive data in the capture before offering to show it to anyone (like
me). (Yes, that's obvious but it's easy to forget.)
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical