Apple OS X SMB issues across VPN
Dan Tappin
dan at orourke.ca
Tue Dec 13 20:17:13 GMT 2005
Just an update. I have managed to resolve a few issues. I think I
am back to a samba issue though.
ISP Issues:
I had an unknown duplex issue with my ISP. I have 10-half at the VPN
site and 10-full here. I can now get full speed 3Mb/3 (~400+ kB/s)
between my locations. I think I previously reported 3MB/s. I was
mistaken. I also have all MTU's set to 1500 as suggested by the ISP.
So I have that out of the way. I have my standard http test and I can
get ~400 kB/s from all clients to all hosts (OS X and RH).
SMB Issues:
I have run a few tests and I can get ~ 6MB/s to both my Xserve and my
test RH SMB servers on the local LAN. I have played with all the
smb.conf options and there does not seem to be any difference at
least for the smbclient. I need to run real world performance tests
on my varies local Windows clients (98, 2K and XP).
The VPN smbclient transfers are another story. I can only manage ~
150 kB/s. This is from the RH server at that location via
smbclient. A wget transfer can get 400+ kB/s via http. It's not
apples to apples but a good indiaction that something is not right on
the samba side.
Here is my full global section of my smb.conf file:
getwd cache = yes
workgroup = OROURKE
display charset = UTF-8-MAC
print command = /usr/sbin/PrintServiceAccess printps %p %s
lprm command = /usr/sbin/PrintServiceAccess remove %p %j
security = user
large readwrite = no
guest account = unknown
enhanced browsing = no
encrypt passwords = yes
printing = BSD
allow trusted domains = no
preferred master = yes
lppause command = /usr/sbin/PrintServiceAccess hold %p %j
netbios name = fileserver
wins support = yes
max smbd processes = 0
printcap =
server string = Mac OS X Server
lpresume command = /usr/sbin/PrintServiceAccess release %p %j
domain logons = no
lpq command = /usr/sbin/PrintServiceAccess jobs %p
passdb backend = opendirectorysam guest
dos charset = CP437
unix charset = UTF-8-MAC
# socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=16384
SO_RCVBUF=65536
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=16384 SO_RCVBUF=65536
# socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8576
SO_RCVBUF=8576
# socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=8576 SO_RCVBUF=8576
# socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
winbind separator = +
auth methods = guest opendirectory
local master = yes
use spnego = no
map to guest = Never
domain master = no
printer admin = @admin, @staff, unknown
log level = 1
I have added a few custom item during my saga to resolve this (I
think this list is correct):
getwd cache = yes
large readwrite = no
enhanced browsing = no
# socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=16384
SO_RCVBUF=65536
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=16384 SO_RCVBUF=65536
# socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8576
SO_RCVBUF=8576
# socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=8576 SO_RCVBUF=8576
# socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY
SO_SNDBUF=8192 SO_RCVBUF=8192
winbind separator = +
use spnego = no
I played with all these socket options and the 150 kB/s seems pretty
static. I even tried to disable all of these and it made no difference.
Any ideas to proceed.
Dan T
On Sep 22, 2005, at 3:53 PM, Dan Tappin wrote:
> I have gone though the regular channels on this (the samba general
> list, the Apple OS Server Admin list, AppleCare etc) with no luck.
> I just got off the phone with Apple Professional Services and they
> even declined to take my money to trouble shoot this.
>
> I am looking for assistance in trouble shooting this issue. To
> summarize this is what I have:
>
> - OS X 10.3.9 on an dual G5 Xserve on our LAN
> - Sonicwall TZ170 on a 3 MB/s wireless ISP with small LAN (downtown)
> - Sonicwall TZ170 on the same ISP with a smaller LAN (offsite)
> - VPN between the sites via the Sonicwall's.
>
> The native PC to PC or PC to SMB 2.x on our old RH 7.x server over
> the VPN is not an issue - only to Apple stock SMB builds. We have
> resorted to resurrecting our old Dell server with RH Linux 7.x and
> Samba 2.x and located it offsite. It works but now we have 2
> servers each with separate authentication and back-up systems.
> They still do not have usable access to our Xserve and I'm now
> getting pressure to 'just use Windows...'. I'm at the end of my
> rope on this.
>
> It has been suggested that the members of this list might be able
> to shed some light on this.
>
> Thanks,
>
> Dan Tappin
>
> Begin forwarded message:
>
>> From: Dan Tappin <dan at orourke.ca>
>> Date: May 19, 2005 3:23:26 PM MDT (CA)
>> To: OSXS Server <macos-x-server at lists.apple.com>
>> Subject: [10.3] SMB issues across VPN
>>
>>
>> First off this is a cross post from the samba list so I apologize
>> in advance. I hope this is not considered off topic.
>>
>> -----
>>
>> I have Samba v3.0.5 running on OS X Server 10.3. On our local
>> office LAN we have no SMB browsing or speed issues at all.
>>
>> We recently set-up a VPN between this office and an offsite
>> location via synchronous 3Mb/s wireless internet and two
>> Sonicwall firewall / VPN devices. The offsite users are having
>> issues with SMB browsing and file transfer speeds and
>> reliability. The offsite users are seeing decent copy speeds (8MB
>> file in 50 seconds) but the browsing is horrible. It takes them a
>> few minutes to view the contents of a directory. The same action
>> locally is instantaneous. If they try accessing a native PC share
>> across the VPN the browsing is fast.
>>
>> This makes me think it is some sort of specific samba issue. Are
>> there any browsing related speed tweaks that can be done. Also
>> the smb.conf file (see below) is pretty much the standard Apple
>> dist besides the socket options and getwd cache that I added. If
>> I change the socket options buffer values performance takes a huge
>> hit.
>>
>> I just found something in the smb.conf manual page on the
>> samba.org site:
>>
>> enhanced browsing = yes
>>
>> My local subnet is 192.168.0.* and the offsite location is
>> 192.168.2.*. Could this be part of the issue? The "enhanced
>> browsing" mentions cross subnet support.
>>
>> Any tips / suggestions would be greatly appreciated.
>>
>> Thanks,
>>
>> Dan
>>
>> smb.conf file below...
>>
>> -----
>>
>> [global]
>> getwd cache = yes
>> workgroup = OROURKE
>> display charset = UTF-8-MAC
>> print command = /usr/sbin/PrintServiceAccess printps %p %s
>> lprm command = /usr/sbin/PrintServiceAccess remove %p %j
>> security = user
>> guest account = unknown
>> encrypt passwords = yes
>> printing = BSD
>> allow trusted domains = no
>> preferred master = yes
>> lppause command = /usr/sbin/PrintServiceAccess hold %p %j
>> netbios name = fileserver
>> wins support = yes
>> add machine script = /usr/bin/opendirectorypdbconfig -c
>> create_computer_account -r %u -n "/LDAPv3/127.0.0.1"
>> max smbd processes = 0
>> printcap =
>> server string = Apple Xserve / RAID
>> lpresume command = /usr/sbin/PrintServiceAccess release %p %j
>> logon drive = H:
>> client ntlmv2 auth = no
>> domain logons = yes
>> lpq command = /usr/sbin/PrintServiceAccess jobs %p
>> admin users = @admin
>> passdb backend = opendirectorysam guest
>> dos charset = CP437
>> unix charset = UTF-8-MAC
>> socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8576
>> SO_SNDBUF=8576 IPTOS_LOWDELAY
>> auth methods = guest opendirectory
>> local master = yes
>> use spnego = no
>> domain master = yes
>> logon path = \\%N\profiles\%u
>> printer admin = @admin, @staff
>> map to guest = Never
>> log level = 2
>>
>> [netlogon]
>> path = /etc/netlogon
>> oplocks = yes
>> strict locking = no
>> write list = @admin
>> browseable = no
>> [homes]
>> browseable = no
>> root preexec = /usr/sbin/inituser %U
>> create mode = 0750
>> read only = no
>> comment = User Home Directories
>> [projects]
>> oplocks = 1
>> map archive = no
>> path = /Volumes/Data/Projects
>> read only = no
>> inherit permissions = 1
>> strict locking = 1
>> comment = macosx
>> create mask = 0644
>> guest ok = 0
>> directory mask = 0755
>>
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Macos-x-server mailing list (Macos-x-server at lists.apple.com)
>> Help/Unsubscribe/Update your Subscription:
>> http://lists.apple.com/mailman/options/macos-x-server/dan%
>> 40orourke.ca
>>
>> This email sent to dan at orourke.ca
>>
>>
>
More information about the samba-technical
mailing list