[Samba] Cross-subnet browsing and oplocks

[Michael Kelly]

Hi,

Thank you for your response.

I use the tun device as it seemed it was a bit easier to setup. I did
read that tap was a bit better with windows, but other than the oplocks
issue with Samba I have not had any real problem with the openVPN setup
and Samba. I think I will setup a test openVPN server running a tap
device and see if there are any apparent differences.

I have read though the Samba manual regarding oplocks and agree that
they are a bit difficult to understand, okay, quite a bit. On my regular
office network oplocks have worked fine since I started running the
Samba server and it is only with the introduction of the VPN that I have
seen any troubles. I have also read about a few file types causes issues
with oplocks, I had problems with excel files, but it seems to be okay
now, well nobody is complaining anymore anyway.

I am not to familiar with pptp other than it is a point-to-point
tunnelling protocol and the things I have read discuss using it with
dial-up, we have no dedicated dailup access to our networks.

For clarity sake, there appears to be no oplocks whatsoever when a
client over the openVPN connection accesses a file on the server. Their
connection is logged by samba, they show up in smbstatus, including all
mounted drives, IP address, and username, just no oplocks.

I think one of the first things I need to do is upgrade the Samba
server to the latest version, but that will have to wait until the
weekend as it is currently in use.

As a first attempt I will try a tap device on the openVPN connection

Thank you for your help and I will post any notable results.
Michael Kelly


>>> rruegner <robert at ruegner.org> 28/09/2004 5:01:44 pm >>>
Hi Michael,

do you use the tap device?
like this ( man openvpn advice tap instead of tun devices for win
networks)

#example conf
#my partners dns name
remote your.partner.dns
#kind of device
dev tap0
float
#tunnel ips my tunnel nic .... partners tunnel nic
ifconfig 192.168.10.2 255.255.255.0
#what to do if comming up
up /etc/openvpn/your.partner.dns.conf # optional, but good for setting
route
# timeouts
ping               15
ping-restart      300 # 5 minutes
resolv-retry      300 # 5 minutes
persist-tun
persist-key
# compression (optional)
comp-lzo
# verbosity (optional)
verb 5
#user and group
user nobody
group nogroup
secret /etc/openvpnkey
#mtu
#mtu-test
tun-mtu 1500
#daemonize
daemon
#tune
#fragment 1400
#mssfix 1400
tun-mtu-extra 64

i have a few setups with pdc and bdc sambas across
openvpn networks and they work quite well, i never found some
oplocks problems ( what makes not sure that they are some )
but in 6 Months on 3 Servers with 100 Users and gigs of files
nobody talked about that.

Study the subnet browsing stuff from samba,
using openvpn as laptop clients i found not satisfactory
i use pptp vor my roadwarriors.

oplocks are difficult to understand, i had my troubles with them in the

past but now it worked from default with samba 3.07
but i read there are a few filetypes which making special trouble with
them.
Maybe this was usefull for you its a complex theme
Regards

Michael Kelly schrieb:
> Hello all,
> 
> I will give you a few details first.
> 
> In my office I am running Samba 3.02a as a simple file serve and a
WINS
> server. It currently serves about 11 employees. That setup, other
than a
> couple of minor things works fine.
> 
> I administrate a remote office as well that is part of the same
> company, there are 3 employees. In that office I have a Linux
gateway
> running openVPN 2.0beta11 as a client which connects to our office
so
> that they can utilize our file server. They can connect without any
> issues and get any resources they need from the file server. They
also
> register on the WINS server listed above. That same Linux gateway is
> also running Samba 3.07 for the sole purpose of browse list
> syncronization. My routed openVPN solution does not allow broadcasts
> across its tunnel. Again this is working fine, They register with
WINS,
> use WINS for NetBIOS lookups, and use resources from the Samba file
> server.
> 
> Also, I have two remote employees that connect to our network using
an
> openVPN client on laptops running win2000 Pro. Again, these
connections
> work great and they are able to register with the WINS server, edit
> files, what have you.
> 
> The problem I am having is that oplocks do not seem to function for
any
> of the users connected via VPN. When I look at the status of the
file
> server using smbstatus, I can see all of the connected users, both in
my
> subnet and the ones connecting across the VPN, as well as being able
to
> see the shares they have mapped.
> 
> I guess I am not sure why clients are able to open files across the
VPN
> but not have the oplocks engaged. I have no turned off locks on any
of
> the shares and, as I said earlier, users from my physical office
receive
> locks when they open files, but remote users do not.
> 
> If I open a file on a machine on the office network, it is locked
and
> even a remote client cannot overwrite it, but the vice versa is not
> true. If a remote client opens a file I can open it on my machine in
the
> office network, change it and save it no problems.
> 
> I am really hoping someone can give me a hint to why this is
occurring.
> I know that in all cases the VPN is involved in the problem, but I
am
> trying to narrow it down to the root cause. 
> 
> Thanks
> Michael Kelly