[Samba] SMB issues across VPN

Dan Tappin dan at orourke.ca
Fri May 20 16:17:03 GMT 2005 

Ok.. perhaps someone could enlighten me on the basics of TCP/IP.  I  
ran a tcpdump while a VPN user was using the SMB shares the bulk of  
the output looks like this:

09:56:01.725437 IP 192.168.2.40.4198 > 192.168.0.2.netbios-ssn: P  
45330:45393(63) ack 3127776 win 64512 NBT Packet
09:56:01.725561 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: .  
3127776:3129156(1380) ack 45393 win 8576 NBT Packet
09:56:01.725570 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: .  
3129156:3130536(1380) ack 45393 win 8576 NBT Packet
09:56:01.725575 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: .  
3130536:3131916(1380) ack 45393 win 8576 NBT Packet
09:56:01.725579 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: P  
3131916:3131935(19) ack 45393 win 8576 NBT Packet

192.168.2.40 is the remote user and 192.168.0.2 is the xserve.  I  
notice that 8575 is shown (my xserve buffer values) and 64512 is  
listed for the remote user.  I am right to say that the remote user  
has a buffer roughly 7.5 times larger than the xserve.  8576 = 16*  
536 and 64512 = 128*504.  From my googling I have seen references to  
the buffer and multiples of the MSS value.

Again I do not claim any real understanding of TCP/IP - I just going  
on a hunch.  Would changing my buffer values to 68608 be wise??

I have played with the smb.cnf and non-multiples of 536 cause a huge  
performance hit.

Dan T


On May 19, 2005, at 10:07 AM, Dan Tappin wrote:

> I have Samba v3.0.5 running on OS X Server 10.3.  On our local  
> office LAN we have no SMB browsing or speed issues at all.
>
> We recently set-up a VPN between this office and an offsite  
> location via synchronous  3Mb/s wireless internet and two Sonicwall  
> firewall / VPN devices.  The offsite users are having issues with  
> SMB browsing and file transfer speeds and reliability.  The offsite  
> users are seeing decent copy speeds (8MB file in 50 seconds) but  
> the browsing is horrible.  It takes them a few minutes to view the  
> contents of a directory.  The same action locally is  
> instantaneous.  If they try accessing a native PC share across the  
> VPN the browsing is fast.
>
> This makes me think it is some sort of specific samba issue.  Are  
> there any browsing related speed tweaks that can be done.  Also the  
> smb.conf file (see below) is pretty much the standard Apple dist  
> besides the socket options and getwd cache that I added.  If I  
> change the socket options buffer values performance takes a huge hit.
>
> I just found something in the smb.conf manual page on the samba.org  
> site:
>
> enhanced browsing = yes
>
> My local subnet is 192.168.0.* and the offsite location is  
> 192.168.2.*.  Could this be part of the issue?  The "enhanced  
> browsing" mentions cross subnet support.
>
> Any tips / suggestions would be greatly appreciated.
>
> Thanks,
>
> Dan
>
> smb.conf file below...
>
> -----
>
> [global]
>     getwd cache = yes
>     workgroup = OROURKE
>     display charset = UTF-8-MAC
>     print command = /usr/sbin/PrintServiceAccess printps %p %s
>     lprm command = /usr/sbin/PrintServiceAccess remove %p %j
>     security = user
>     guest account = unknown
>     encrypt passwords = yes
>     printing = BSD
>     allow trusted domains = no
>     preferred master = yes
>     lppause command = /usr/sbin/PrintServiceAccess hold %p %j
>     netbios name = fileserver
>     wins support = yes
>     add machine script = /usr/bin/opendirectorypdbconfig -c  
> create_computer_account -r %u -n "/LDAPv3/127.0.0.1"
>     max smbd processes = 0
>     printcap =
>     server string = Apple Xserve / RAID
>     lpresume command = /usr/sbin/PrintServiceAccess release %p %j
>     logon drive = H:
>     client ntlmv2 auth = no
>     domain logons = yes
>     lpq command = /usr/sbin/PrintServiceAccess jobs %p
>     admin users = @admin
>     passdb backend = opendirectorysam guest
>     dos charset = CP437
>     unix charset = UTF-8-MAC
>     socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8576  
> SO_SNDBUF=8576 IPTOS_LOWDELAY
>     auth methods = guest opendirectory
>     local master = yes
>     use spnego = no
>     domain master = yes
>     logon path = \\%N\profiles\%u
>     printer admin = @admin, @staff
>     map to guest = Never
>     log level = 2
>
> [netlogon]
>     path = /etc/netlogon
>     oplocks = yes
>     strict locking = no
>     write list = @admin
>     browseable = no
> [homes]
>     browseable = no
>     root preexec = /usr/sbin/inituser %U
>     create mode = 0750
>     read only = no
>     comment = User Home Directories
> [projects]
>     oplocks = 1
>     map archive = no
>     path = /Volumes/Data/Projects
>     read only = no
>     inherit permissions = 1
>     strict locking = 1
>     comment = macosx
>     create mask = 0644
>     guest ok = 0
>     directory mask = 0755
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>

More information about the samba mailing list