[Samba] Cross-subnet browsing and oplocks

[rruegner]

Hi Michael,

do you use the tap device?
like this ( man openvpn advice tap instead of tun devices for win networks)

#example conf
#my partners dns name
remote your.partner.dns
#kind of device
dev tap0
float
#tunnel ips my tunnel nic .... partners tunnel nic
ifconfig 192.168.10.2 255.255.255.0
#what to do if comming up
up /etc/openvpn/your.partner.dns.conf # optional, but good for setting route
# timeouts
ping               15
ping-restart      300 # 5 minutes
resolv-retry      300 # 5 minutes
persist-tun
persist-key
# compression (optional)
comp-lzo
# verbosity (optional)
verb 5
#user and group
user nobody
group nogroup
secret /etc/openvpnkey
#mtu
#mtu-test
tun-mtu 1500
#daemonize
daemon
#tune
#fragment 1400
#mssfix 1400
tun-mtu-extra 64

i have a few setups with pdc and bdc sambas across
openvpn networks and they work quite well, i never found some
oplocks problems ( what makes not sure that they are some )
but in 6 Months on 3 Servers with 100 Users and gigs of files
nobody talked about that.

Study the subnet browsing stuff from samba,
using openvpn as laptop clients i found not satisfactory
i use pptp vor my roadwarriors.

oplocks are difficult to understand, i had my troubles with them in the 
past but now it worked from default with samba 3.07
but i read there are a few filetypes which making special trouble with them.
Maybe this was usefull for you its a complex theme
Regards

Michael Kelly schrieb:
> Hello all,
> 
> I will give you a few details first.
> 
> In my office I am running Samba 3.02a as a simple file serve and a WINS
> server. It currently serves about 11 employees. That setup, other than a
> couple of minor things works fine.
> 
> I administrate a remote office as well that is part of the same
> company, there are 3 employees. In that office I have a Linux gateway
> running openVPN 2.0beta11 as a client which connects to our office so
> that they can utilize our file server. They can connect without any
> issues and get any resources they need from the file server. They also
> register on the WINS server listed above. That same Linux gateway is
> also running Samba 3.07 for the sole purpose of browse list
> syncronization. My routed openVPN solution does not allow broadcasts
> across its tunnel. Again this is working fine, They register with WINS,
> use WINS for NetBIOS lookups, and use resources from the Samba file
> server.
> 
> Also, I have two remote employees that connect to our network using an
> openVPN client on laptops running win2000 Pro. Again, these connections
> work great and they are able to register with the WINS server, edit
> files, what have you.
> 
> The problem I am having is that oplocks do not seem to function for any
> of the users connected via VPN. When I look at the status of the file
> server using smbstatus, I can see all of the connected users, both in my
> subnet and the ones connecting across the VPN, as well as being able to
> see the shares they have mapped.
> 
> I guess I am not sure why clients are able to open files across the VPN
> but not have the oplocks engaged. I have no turned off locks on any of
> the shares and, as I said earlier, users from my physical office receive
> locks when they open files, but remote users do not.
> 
> If I open a file on a machine on the office network, it is locked and
> even a remote client cannot overwrite it, but the vice versa is not
> true. If a remote client opens a file I can open it on my machine in the
> office network, change it and save it no problems.
> 
> I am really hoping someone can give me a hint to why this is occurring.
> I know that in all cases the VPN is involved in the problem, but I am
> trying to narrow it down to the root cause. 
> 
> Thanks
> Michael Kelly