Apple OS X SMB issues across VPN

Dan Tappin dan at orourke.ca
Thu Sep 22 21:53:37 GMT 2005


I have gone though the regular channels on this (the samba general  
list, the Apple OS Server Admin list, AppleCare etc) with no luck.  I  
just got off the phone with Apple Professional Services and they even  
declined to take my money to trouble shoot this.

I am looking for assistance in trouble shooting this issue.  To  
summarize this is what I have:

  - OS X 10.3.9 on an dual G5 Xserve on our LAN
  - Sonicwall TZ170 on a 3 MB/s wireless ISP with small LAN (downtown)
  - Sonicwall TZ170 on the same ISP with a smaller LAN (offsite)
  - VPN between the sites via the Sonicwall's.

The native PC to PC or PC to SMB 2.x on our old RH 7.x server over  
the VPN is not an issue - only to Apple stock SMB builds.  We have  
resorted to resurrecting our old Dell server with RH Linux 7.x and  
Samba 2.x and located it offsite.  It works but now we have 2 servers  
each with separate authentication and back-up systems.  They still do  
not have usable access to our Xserve and I'm now getting pressure to  
'just use Windows...'.  I'm at the end of my rope on this.

It has been suggested that the members of this list might be able to  
shed some light on this.

Thanks,

Dan Tappin

Begin forwarded message:

> From: Dan Tappin <dan at orourke.ca>
> Date: May 19, 2005 3:23:26 PM MDT (CA)
> To: OSXS Server <macos-x-server at lists.apple.com>
> Subject: [10.3] SMB issues across VPN
>
>
> First off this is a cross post from the samba list so I apologize  
> in advance.  I hope this is not considered off topic.
>
> -----
>
> I have Samba v3.0.5 running on OS X Server 10.3.  On our local  
> office LAN we have no SMB browsing or speed issues at all.
>
> We recently set-up a VPN between this office and an offsite  
> location via synchronous  3Mb/s wireless internet and two Sonicwall  
> firewall / VPN devices.  The offsite users are having issues with  
> SMB browsing and file transfer speeds and reliability.  The offsite  
> users are seeing decent copy speeds (8MB file in 50 seconds) but  
> the browsing is horrible.  It takes them a few minutes to view the  
> contents of a directory.  The same action locally is  
> instantaneous.  If they try accessing a native PC share across the  
> VPN the browsing is fast.
>
> This makes me think it is some sort of specific samba issue.  Are  
> there any browsing related speed tweaks that can be done.  Also the  
> smb.conf file (see below) is pretty much the standard Apple dist  
> besides the socket options and getwd cache that I added.  If I  
> change the socket options buffer values performance takes a huge hit.
>
> I just found something in the smb.conf manual page on the samba.org  
> site:
>
> enhanced browsing = yes
>
> My local subnet is 192.168.0.* and the offsite location is  
> 192.168.2.*.  Could this be part of the issue?  The "enhanced  
> browsing" mentions cross subnet support.
>
> Any tips / suggestions would be greatly appreciated.
>
> Thanks,
>
> Dan
>
> smb.conf file below...
>
> -----
>
> [global]
>     getwd cache = yes
>     workgroup = OROURKE
>     display charset = UTF-8-MAC
>     print command = /usr/sbin/PrintServiceAccess printps %p %s
>     lprm command = /usr/sbin/PrintServiceAccess remove %p %j
>     security = user
>     guest account = unknown
>     encrypt passwords = yes
>     printing = BSD
>     allow trusted domains = no
>     preferred master = yes
>     lppause command = /usr/sbin/PrintServiceAccess hold %p %j
>     netbios name = fileserver
>     wins support = yes
>     add machine script = /usr/bin/opendirectorypdbconfig -c  
> create_computer_account -r %u -n "/LDAPv3/127.0.0.1"
>     max smbd processes = 0
>     printcap =
>     server string = Apple Xserve / RAID
>     lpresume command = /usr/sbin/PrintServiceAccess release %p %j
>     logon drive = H:
>     client ntlmv2 auth = no
>     domain logons = yes
>     lpq command = /usr/sbin/PrintServiceAccess jobs %p
>     admin users = @admin
>     passdb backend = opendirectorysam guest
>     dos charset = CP437
>     unix charset = UTF-8-MAC
>     socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8576  
> SO_SNDBUF=8576 IPTOS_LOWDELAY
>     auth methods = guest opendirectory
>     local master = yes
>     use spnego = no
>     domain master = yes
>     logon path = \\%N\profiles\%u
>     printer admin = @admin, @staff
>     map to guest = Never
>     log level = 2
>
> [netlogon]
>     path = /etc/netlogon
>     oplocks = yes
>     strict locking = no
>     write list = @admin
>     browseable = no
> [homes]
>     browseable = no
>     root preexec = /usr/sbin/inituser %U
>     create mode = 0750
>     read only = no
>     comment = User Home Directories
> [projects]
>     oplocks = 1
>     map archive = no
>     path = /Volumes/Data/Projects
>     read only = no
>     inherit permissions = 1
>     strict locking = 1
>     comment = macosx
>     create mask = 0644
>     guest ok = 0
>     directory mask = 0755
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list      (Macos-x-server at lists.apple.com)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/macos-x-server/dan%40orourke.ca
>
> This email sent to dan at orourke.ca
>
>



More information about the samba-technical mailing list