Hi, I'm having problems getting Samba shares to respond quickly enough to not time-out on our NT network. I've got a login script that creates a mapped drive to a share, but it tells me that the server is not responding and that I might not have enough network resources available to make the connection. The systems that run Samba are all Red Hat Linux 6.1 systems, with Samba 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't think that this is a Samba issue directly, but it is causing some difficulty and is causing concern among management in regards to the effective use of Samba in our networking environment. Once the connection is made, which sometimes takes several login attempts, there appear to be no problems. One item worth noting, however, is that pinging any of the Linux machines brings a response time 2 times that of the Windows machines. I've made sure that the IP addresses are included in the WINS database, the host and lmhost files, and in the Server Manager. The names resolve to the correct machines, but sometimes the connection is very slow. I'm starting to think that Linux is misconfigured to allow a small number of network connections, or that the switches are bottle-necking the network connections. Anyone have any ideas? Charlie Crawford, ccrawford@atsengineers.com
Charles Crawford wrote:> I'm having problems getting Samba shares to respond quickly enough to not > time-out on our NT network.[...]> Once the connection is made, which sometimes takes several login attempts, > there appear to be no problems. One item worth noting, however, is that > pinging any of the Linux machines brings a response time 2 times that of the > Windows machines.Hmmn, that sounds familiar: there is a very old slow-start bug in BSD, which was reproduced by MS when they added TCP to Windows. The following is somewhat Solaris-specific, from http://www.rvs.uni-hannover.de/people/voeckler/tune/EN/tune.html#backlog This parameter provides the slow-start bug discovered in BSD and Windows TCP/IP implementations for Solaris. More information on the topic can be found on the servers of SUN and in Stevens [6]. To summarize the effect, a server starts sending two PDUs at once without waiting for an ACK due to wrong ACK counts. The ACK from connection initiation being counted as data ACK - compare with figure 2. Network congestion avoidance algorithms are being undermined. The slow start algorithm does not allow the buggy behavior, compare with RFC 2001. You can also gain performance, if many of your clients are running old BSD or derived TCP/IP stacks (like MS). I expect new BSD OS releases not to figure this bug, but then I am not familiar with the BSD OS family. A reader of this page told me about cutting the latency of his server in half, just by using the value of 2. If you want to know more about this feature and its behavior, you can have a look at some experiments (http://www.rvs.uni-hannover.de/people/voeckler/tune/EN/slowstart.html) I have conducted concerning that particular feature. The summary is that I agree with the reader: A BSDish client like Windows definitely profits from using a value of 2. We do this as a matter of course with Solaris servers with Windows clients: see http://www.sun.com/sun-on-net/performance/tcp.slowstart.html See if Linux has an equivalent to ndd -set /dev/tcp tcp_slow_start_initial 2 Anyone here aware of the Linux version of this? --dave -- David Collier-Brown, | Always do right. This will gratify some people 185 Ellerslie Ave., | and astonish the rest. -- Mark Twain Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb@canada.sun.com
All of the cables/NIC's/and Drivers check out fine. One thing I've noticed (through the very useful program MRTG), is that this appears to happen most frequently during peak usage hours. When I'm the only one on the network, it hardly ever happens (I really can't remember it occuring during such a time period, but I don't want to rule it out when there is a chance I could be mistaken). In the meantime, I'll email some RH lists and see what I come up with. Thanks, Charlie -----Original Message----- From: Ron Alexander [mailto:rcalex@home.com] Sent: Tuesday, December 19, 2000 9:28 AM To: Charles Crawford Subject: RE: network resources You appear to have done a very good job of analysis. The fact that the ping is taking so long is the prime suspect. I am NOT a network expert, but I have to know a little about it in order to support samba. First rule out the following / howto: 1. Cables/swap with a known good one. 2. NIC's/swap with a known good one. 3. Drivers/check with manufacturer & newsgroups to make sure latest and no known bugs that might be causing the problem. I would then look into Linux. Post a question to the RH, Linux networking and any others that might be helpfull. Simply post a query that asks what can cause a ping to be 2x slower than windows. Good luck, and let us know what it was. -----Original Message----- From: samba-technical-admin@us5.samba.org [mailto:samba-technical-admin@us5.samba.org]On Behalf Of Charles Crawford Sent: December 19, 2000 8:58 AM To: Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: network resources Hi, I'm having problems getting Samba shares to respond quickly enough to not time-out on our NT network. I've got a login script that creates a mapped drive to a share, but it tells me that the server is not responding and that I might not have enough network resources available to make the connection. The systems that run Samba are all Red Hat Linux 6.1 systems, with Samba 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't think that this is a Samba issue directly, but it is causing some difficulty and is causing concern among management in regards to the effective use of Samba in our networking environment. Once the connection is made, which sometimes takes several login attempts, there appear to be no problems. One item worth noting, however, is that pinging any of the Linux machines brings a response time 2 times that of the Windows machines. I've made sure that the IP addresses are included in the WINS database, the host and lmhost files, and in the Server Manager. The names resolve to the correct machines, but sometimes the connection is very slow. I'm starting to think that Linux is misconfigured to allow a small number of network connections, or that the switches are bottle-necking the network connections. Anyone have any ideas? Charlie Crawford, ccrawford@atsengineers.com
I can ping the clients by ip, or if I include the ip/host names in the /etc/hosts file, but not through DNS... our DNS is external. I've thought about this, but that's not the issue... what is actually happening, I believe, is that the ping from the Win client is going to the WINS server, then to the linux box, back to the WINS server, and then on back to the client. For some reason, this has to do with the WINS server (doubled ping response times). Anyway, my primary concern is that even if I can ping the linux boxes, the problem is not resolved as far as mapping to the network (Samba) shares. I thought that maybe there was something that indicates the max number of connections that can occur for one linux server. Oh, I had another non-related question regarding RH, and that is that I recently read something about an ftp server issue that allows the server to become overloaded or something. I have noticed a rather large number of FTP error messages in the log files at times and was wondering where I could get more information about this. Thanks, Charlie -----Original Message----- From: Kevin Colby [mailto:kevinc@grainsystems.com] Sent: Tuesday, December 19, 2000 10:40 AM To: Charles Crawford Subject: Re: network resources Charles Crawford wrote:> > In the meantime, I'll email some RH lists and see what I come up with.I'm actually on redhat-install, and spend a fair amount of time with RH. Do you have any DNS issues? The lag upon initial connect sounds a lot like reverse DNS lookup timeouts. You said that WINS and the Windows servers and clients can resolve the Linux names and IPs, but can the Samba server resolve the clients names and IPs? It will attempt to do so for any connection. A quick test: Do you get the same lag for telnet connections from these clients? - Kevin Colby kevinc@grainsystems.com
WINS/DNS, and other stuff like that, won't help your ping times. The only way to improve your ping time, is to determine what is slowing it down. I suggest you check the network port your linux box is connected to, to verify that you are not receiving excessive collisions, or excessive line chatter. I would also suggest trying to swap your network interface cards, and such. Of course, make sure your server is on a switch, not a hub, so that traffic to the server is limited to only server bound traffic. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 5:58 AM -> To: Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: network resources -> -> -> Hi, -> -> I'm having problems getting Samba shares to respond quickly -> enough to not -> time-out on our NT network. -> -> I've got a login script that creates a mapped drive to a -> share, but it tells -> me that the server is not responding and that I might not have enough -> network resources available to make the connection. -> -> The systems that run Samba are all Red Hat Linux 6.1 -> systems, with Samba -> 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't -> think that this is -> a Samba issue directly, but it is causing some difficulty -> and is causing -> concern among management in regards to the effective use of -> Samba in our -> networking environment. -> -> Once the connection is made, which sometimes takes several -> login attempts, -> there appear to be no problems. One item worth noting, -> however, is that -> pinging any of the Linux machines brings a response time 2 -> times that of the -> Windows machines. I've made sure that the IP addresses are -> included in the -> WINS database, the host and lmhost files, and in the Server Manager. -> -> The names resolve to the correct machines, but sometimes the -> connection is -> very slow. I'm starting to think that Linux is misconfigured -> to allow a -> small number of network connections, or that the switches -> are bottle-necking -> the network connections. Anyone have any ideas? -> -> Charlie Crawford, -> ccrawford@atsengineers.com ->
WINS/DNS enables one to ping by hostname. The response time is irrelevant if the machine cannot locate the host. When I say the response time is doubled, I mean the total round-trip time, not the time it took for the machine being pinged to respond to the ping request. The NIC's are fine, and so are the Cisco Switches. The problem appears to be an issue of how NT and Samba/Linux interact with each other. The response time being doubled indicates to me that the traffic is traveling twice the distance, not being held up somewhere... BTW, it is EXACTLY twice the time, so I think that that indicates an extra trip for each packet to the destination machine. Charlie -----Original Message----- From: Welsh, Armand [mailto:armand.welsh@sscims.com] Sent: Tuesday, December 19, 2000 11:46 AM To: Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources WINS/DNS, and other stuff like that, won't help your ping times. The only way to improve your ping time, is to determine what is slowing it down. I suggest you check the network port your linux box is connected to, to verify that you are not receiving excessive collisions, or excessive line chatter. I would also suggest trying to swap your network interface cards, and such. Of course, make sure your server is on a switch, not a hub, so that traffic to the server is limited to only server bound traffic. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 5:58 AM -> To: Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: network resources -> -> -> Hi, -> -> I'm having problems getting Samba shares to respond quickly -> enough to not -> time-out on our NT network. -> -> I've got a login script that creates a mapped drive to a -> share, but it tells -> me that the server is not responding and that I might not have enough -> network resources available to make the connection. -> -> The systems that run Samba are all Red Hat Linux 6.1 -> systems, with Samba -> 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't -> think that this is -> a Samba issue directly, but it is causing some difficulty -> and is causing -> concern among management in regards to the effective use of -> Samba in our -> networking environment. -> -> Once the connection is made, which sometimes takes several -> login attempts, -> there appear to be no problems. One item worth noting, -> however, is that -> pinging any of the Linux machines brings a response time 2 -> times that of the -> Windows machines. I've made sure that the IP addresses are -> included in the -> WINS database, the host and lmhost files, and in the Server Manager. -> -> The names resolve to the correct machines, but sometimes the -> connection is -> very slow. I'm starting to think that Linux is misconfigured -> to allow a -> small number of network connections, or that the switches -> are bottle-necking -> the network connections. Anyone have any ideas? -> -> Charlie Crawford, -> ccrawford@atsengineers.com ->
Try using ping -R This should show you the route that the ping packets are taking to see if you have any unnecessary hops in your ping. Dave -----Original Message----- From: Charles Crawford [mailto:ccrawford@atsengineers.com] Sent: 19 December 2000 16:50 To: 'Welsh, Armand'; Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources WINS/DNS enables one to ping by hostname. The response time is irrelevant if the machine cannot locate the host. When I say the response time is doubled, I mean the total round-trip time, not the time it took for the machine being pinged to respond to the ping request. The NIC's are fine, and so are the Cisco Switches. The problem appears to be an issue of how NT and Samba/Linux interact with each other. The response time being doubled indicates to me that the traffic is traveling twice the distance, not being held up somewhere... BTW, it is EXACTLY twice the time, so I think that that indicates an extra trip for each packet to the destination machine. Charlie -----Original Message----- From: Welsh, Armand [mailto:armand.welsh@sscims.com] Sent: Tuesday, December 19, 2000 11:46 AM To: Samba Listserve (E-mail) Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical Listserve (E-mail) Subject: RE: network resources WINS/DNS, and other stuff like that, won't help your ping times. The only way to improve your ping time, is to determine what is slowing it down. I suggest you check the network port your linux box is connected to, to verify that you are not receiving excessive collisions, or excessive line chatter. I would also suggest trying to swap your network interface cards, and such. Of course, make sure your server is on a switch, not a hub, so that traffic to the server is limited to only server bound traffic. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 5:58 AM -> To: Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: network resources -> -> -> Hi, -> -> I'm having problems getting Samba shares to respond quickly -> enough to not -> time-out on our NT network. -> -> I've got a login script that creates a mapped drive to a -> share, but it tells -> me that the server is not responding and that I might not have enough -> network resources available to make the connection. -> -> The systems that run Samba are all Red Hat Linux 6.1 -> systems, with Samba -> 2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't -> think that this is -> a Samba issue directly, but it is causing some difficulty -> and is causing -> concern among management in regards to the effective use of -> Samba in our -> networking environment. -> -> Once the connection is made, which sometimes takes several -> login attempts, -> there appear to be no problems. One item worth noting, -> however, is that -> pinging any of the Linux machines brings a response time 2 -> times that of the -> Windows machines. I've made sure that the IP addresses are -> included in the -> WINS database, the host and lmhost files, and in the Server Manager. -> -> The names resolve to the correct machines, but sometimes the -> connection is -> very slow. I'm starting to think that Linux is misconfigured -> to allow a -> small number of network connections, or that the switches -> are bottle-necking -> the network connections. Anyone have any ideas? -> -> Charlie Crawford, -> ccrawford@atsengineers.com ->
ok, I understand all of this, but my primary issue is not the ping issue, but rather the mapped drives. The response from the Samba shares is what is very slow. The ping requests are pretty fast (<3ms) but the response from the Samba shares is sometimes nonexistant. Sometimes, I cannot connect to a share, but can ping with no problem. Charlie -----Original Message----- From: Welsh, Armand [mailto:armand.welsh@sscims.com] Sent: Tuesday, December 19, 2000 12:09 PM To: Charles Crawford Subject: RE: network resources when you ping a workstation, whether or not wins is involved, the ping is not serviced by wins. Wins would only, ever, be used prior to the ping opperation, to resolve the ip address. After the ip address has been resolved, no name lookup will be performed again, until you cancel/end the current ping command, and execute a new ping command. The ONLY way the ping packets will hit the wins server, is if the wins server is in used as one of the hops in the routing tables of the machines/routers. Unless you manually specifiy a host route on the client & have routing enabled on the WINS server, or corrupted ARP tables on a device performing proxy arp, then the ping won't do this. The actual ping itself will use ARP to resolve the MAC address of the end node (if it's on the local subnet) then send the packet directly to the destination MAC address. The only way to get around this is to setup a route to bypass the arp process, usually done for firewalls(or bidges that don't proxy arp requests), or to use a proxy arp protocol on a router, or server to respond to the arp request. Then the device with the MAC advertised by the proxy arp service, would need a static ARP entry and routing enabled to forward the packet appropriately. Again, not very common, in fact, VERY rare. If you suspect that the packet route is not direct, then use a traceroute to see what the route path is... -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 8:45 AM -> To: 'Kevin Colby'; Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: RE: network resources -> -> -> I can ping the clients by ip, or if I include the ip/host -> names in the -> /etc/hosts file, but not through DNS... our DNS is external. -> -> I've thought about this, but that's not the issue... what is actually -> happening, I believe, is that the ping from the Win client -> is going to the -> WINS server, then to the linux box, back to the WINS server, -> and then on -> back to the client. -> -> For some reason, this has to do with the WINS server -> (doubled ping response -> times). -> -> Anyway, my primary concern is that even if I can ping the -> linux boxes, the -> problem is not resolved as far as mapping to the network -> (Samba) shares. I -> thought that maybe there was something that indicates the -> max number of -> connections that can occur for one linux server. -> -> Oh, I had another non-related question regarding RH, and -> that is that I -> recently read something about an ftp server issue that -> allows the server to -> become overloaded or something. I have noticed a rather -> large number of FTP -> error messages in the log files at times and was wondering -> where I could get -> more information about this. -> -> Thanks, -> -> Charlie -> -> -----Original Message----- -> From: Kevin Colby [mailto:kevinc@grainsystems.com] -> Sent: Tuesday, December 19, 2000 10:40 AM -> To: Charles Crawford -> Subject: Re: network resources -> -> -> Charles Crawford wrote: -> > -> > In the meantime, I'll email some RH lists and see what I -> come up with. -> -> I'm actually on redhat-install, and spend a fair amount of -> time with RH. -> -> Do you have any DNS issues? The lag upon initial connect sounds -> a lot like reverse DNS lookup timeouts. You said that WINS and -> the Windows servers and clients can resolve the Linux names and IPs, -> but can the Samba server resolve the clients names and IPs? It will -> attempt to do so for any connection. A quick test: Do you get -> the same lag for telnet connections from these clients? -> -> - Kevin Colby -> kevinc@grainsystems.com ->
-> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 8:50 AM -> To: Welsh, Armand; Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: RE: network resources -> -> -> WINS/DNS enables one to ping by hostname. The response time -> is irrelevant if -> the machine cannot locate the host. Correct, this occurs only once durring a ping process. -> When I say the response time is doubled, I mean the total -> round-trip time, -> not the time it took for the machine being pinged to respond -> to the ping -> request. the round trip time, also known as latency, as reported by the ping utility, does not include, in any way, the name resolution process. The name lookup is only performed once per ping command; prior to precessing the ping packets. Arp lookups, however, do occur on each and every ping packet sent. You can test this, by pinging by host name, then pinging by ip address. The latency diffences should be neglegable. -> The NIC's are fine, and so are the Cisco Switches. The -> problem appears to be -> an issue of how NT and Samba/Linux interact with each other. -> The response -> time being doubled indicates to me that the traffic is -> traveling twice the -> distance, not being held up somewhere... BTW, it is EXACTLY -> twice the time, -> so I think that that indicates an extra trip for each -> packet to the -> destination machine. run a traceroute from the client to the host, both by ip address, and by host name, you will be able to see the results.
Are you sure this is not the problem? Red Hat systems will execute a reverse lookup on all tcp connection attempts, and the connection will be held up pending this lookup or a time-out. If you really want to be sure this isn't the problem, verify that a telnet attempt from the same Windows client does not exhibit a long lag before prompting for a login. You will always be able to ping by IP, whether your reverse lookups work or not. -OK, this looks like what is happening, but that does not explain the Samba delays, or does it? The traceroute shows it going directly to the host/client/server... Try a traceroute? I find it hard to believe this is happening.> The response time being doubled indicates to me that the traffic is > traveling twice the distance, not being held up somewhere... BTW, it > is EXACTLY twice the time, so I think that that indicates an extra > trip for each packet to the destination machine.This could easily be something else, though. What about half vs. full-duplex network cards/drivers and/or 10/100 and hub/switch differences? Assuming it is a network issue, is the route to and from each of these machines through the same type of equipment? These are all full-duplex cards with the correct drivers, Cisco switches set to full-duplex as well and all equipment is uniform from end to end. (except that the client machines are very different from the server machines [Dell PowerEdge servers and mixture of Crappy/Great client machines (MidwestMicro/Dell Optiplex)]. Oh well, maybe I'll upgrade the Linux boxes with a 7.0 upgrade and the latest Samba code. I'll try a test machine first though. If you're running RH, watch the errata: http://www.redhat.com/apps/support/updates.html (There was a 6.2 FTP exploit fix released in June.) Thanks for the link. Charlie
sorry, you said your ping time was twice that of a normal one. The WINS service, when used to access shares, is still, not very likely the cause. WINS is slower than DNS, and depending on your NBT-NodeType, the name lookup via wins can take longer. For a standard workstation, running is an H-Node (hybrid node, the default), the standard name lookup process, inherently causes WINS lookups to take longer. the workstation follows a process to locate the machine in wins, and this process, pretty much ensures fast lookups for the name resolution of the prefered name hosting service. The name lookup order depends on how you are looking up the host name. Order for request via winsock is: hosts file, dns lookup, nbt cache, WINS server, B-node broadcast, lmhosts file Order for request via NetBIOS is: nbt cache, WINS server, B-node broadcast, lmhosts file, hosts file, dns lookup If you use the Run function for explorer to browse the machine, because of the way the new explorer shell is designed, with internet capabilities, I believe the winsock type lookup is used. I think the best way to get snappy name lookups is to have both WINS and DNS on the local lan, and have DNS lookup in WINS. Then have the workstations setup with the local domain name, and a search order, to include the local domain. In this way, you can get fast name lookups when you try to ping or traceroute, etc... and still have wins do the lookups for the netbios querries. If most of your querries go through DNS, you will have faster responses. This does not, however, address your time for the netbios session(TCP port 139). Once the NetBIOS name lookup is completed(udp 137), the machine attaches to the share, and listing the contents of the share is slow. This is definately a timing issue. try Microsoft Knowledge Base article Q158474 to see if there is something here that you can tweek to improve performance. Either way, I think to resolve your issue, you are going to need a packet sniffer, so you can watch what is happening. Since you have a cisco catalyst, you might want to look at the broadcast storm protection. It's possible that it might be shutting down the port temporarly to protect for broadcast storms. Just disable this feature on the appropriate ports to see if it helps, or hurts. Also, you can see what the port utilization is, to verify that you don't have a bandwidth issue. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 9:13 AM -> To: Welsh, Armand -> Cc: Samba Listserve (E-mail); Samba-Ntdom Listserve (E-mail); -> Samba-Technical Listserve (E-mail) -> Subject: RE: network resources -> -> -> ok, I understand all of this, but my primary issue is not -> the ping issue, -> but rather the mapped drives. The response from the Samba -> shares is what is -> very slow. The ping requests are pretty fast (<3ms) but the -> response from -> the Samba shares is sometimes nonexistant. Sometimes, I -> cannot connect to a -> share, but can ping with no problem. -> -> Charlie
wait a minute, if I am understanding you correctly, are you saying that you can't ping by host name? This means that your name lookups will be very slow, because it's using broadcast lookups. Make sure you have the correct wins server specified, and that the wins server knows the server's name that you are trying to lookup. -> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Tuesday, December 19, 2000 8:45 AM -> To: 'Kevin Colby'; Samba Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba-Technical -> Listserve (E-mail) -> Subject: RE: network resources -> -> -> I can ping the clients by ip, or if I include the ip/host -> names in the -> /etc/hosts file, but not through DNS... our DNS is external.
At 08:58 AM 19/12/00 -0500, Charles Crawford wrote:>Hi, > >I'm having problems getting Samba shares to respond quickly enough to not >time-out on our NT network. > >I've got a login script that creates a mapped drive to a share, but it tells >me that the server is not responding and that I might not have enough >network resources available to make the connection.What 'Security' option are you using? Who is verifying your users passwords? Sounds like you are using 'Security = server'. Are you sure the issue isn't the 'server' (which I would guess is an NT box) is taking a long time to process password requests?>The systems that run Samba are all Red Hat Linux 6.1 systems, with Samba >2.0.5a-12 on one, and Samba 2.0.7-4 on the other. I don't think that this is >a Samba issue directly, but it is causing some difficulty and is causing >concern among management in regards to the effective use of Samba in our >networking environment.How are you running Samba? I'd assume you are running it as a daemon, but if you are running it from inetd, then startup will be VERY SLOW. If you are running it from inetd (which I seriously doubt if it's installed as rpm's), then it is probably also being called through tcp_wrappers (/usr/sbin/tcpd) which usually does a name lookup on every connection. If you resolver has problems, this will cause a delay at start, at least for the first connection (after which the delay will happen again once the 'bad response' has timed out, and then again, and again.. *sigh*). Also what sort of CPU load is on these boxes?>Once the connection is made, which sometimes takes several login attempts, >there appear to be no problems. One item worth noting, however, is that >pinging any of the Linux machines brings a response time 2 times that of the >Windows machines. I've made sure that the IP addresses are included in the >WINS database, the host and lmhost files, and in the Server Manager.What machine are you pinging from? How is the network laid out?>The names resolve to the correct machines, but sometimes the connection is >very slow. I'm starting to think that Linux is misconfigured to allow a >small number of network connections, or that the switches are bottle-necking >the network connections. Anyone have any ideas?How long does the resolve name issue take? Do you really need the machines names to resolve under the Linux side? If not, there are various things you can do, even within Samba to disable the use of DNS. You could try removing the 'bind' option from the order statement in the /etc/host.conf file. You could also try removing /etc/resolv.conf and try that out. Back up the files first of course! If this resolves your connect speed issue, then you definitely have a name lookup problem. Either disable name lookups thru Samba or on the Linux boxes, or alternatively run an internal DNS that will resolve internal IP's and forward external requests to your external DNS. A last possibility that I can see (and doubtful) is that your network is having lots of browser elections. You could try using a network sniffer like Ethereal, or possibly using an more generic tool like IPTraf to look for such traffic. If it seems excessive, you should probably remove a lot of your machines from performing in browser elections. (Anywhere you find 'browser' in the smb.conf man page is probably thing to good look at, but 'preferred master', 'local master' and 'os level' are the main ones). This should actually cause more of a general slow-down, but YMMV. Stuart Young - sgy@amc.com.au (aka Cefiar) - cefiar1@optushome.com.au [All opinions expressed in the above message are my] [own and not necessarily the views of my employer..]
Hi all, I noticed something today after everyone went home. I have a laptop that I booted up and it logged on fine (I'm using a login script on the NT machine that uses "net use x: \\machine\share" to map drives to the Win98 clients on login). All day today, and often on other days, I get error messages on login saying that either there aren't enough network resources available, or that the computer name cannot be found. I thought that something might have been freed up by someone going home, so I tried to get Network Neighborhood to open the server shares, but it couldn't find the machine. I restarted the computer and it got on fine. I tried this today, but it did not work, maybe it only works when network traffic is VERY low... (only 1 or 2 people on the network) Does Win98 have a known issue about connecting to a Samba share? Is there a problem with using an NT domain controller (Small Business Server 4.5) and WINS server (same)? Also, the /var/log/log.smb file shows several of the following series of errors: lib/util_soc.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe lib/util_soc.c:write_socket(596) write_socket: Error writing 4 bytes to socket 7: ERRNO = Broken pipe lib/util_soc.c:send_smb(784) Error writing 4 bytes to client. -1. Exiting The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also have another server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connected to an NT network with the NT server functioning as the DC and WINS server. I'm having some severe problems connecting to the shares via windows right now. If anyone could be of assistance, this would be greatly appreciated. Sincerely, Charlie Crawford
I'm having problems with both machines, but not consistantly... i.e. sometimes one, sometimes the other, and sometimes both... It's as if the network is beeing flooded with traffic and preventing the samba servers from being recognized. Funny thing, though, yesterday after the Internet connection was restored, the smb connections were fine once the client machines were restarted (complete power down and back up). Thanks, Charlie -----Original Message----- From: Patrick [mailto:slu@firerun.net] Sent: Thursday, December 28, 2000 1:05 PM To: Charles Crawford Cc: Samba-Technical Listserve (E-mail); Samba-Ntdom Listserve (E-mail); Samba Listserve (E-mail) Subject: Re: network resources Charles Crawford wrote:> The system is a Linux (RH 6.1) with Samba 2.0.5a-12, but I also haveanother> server also running Linux (RH 6.1) with Samba 2.0.7-4. Both are connectedto> an NT network with the NT server functioning as the DC and WINS server. > > I'm having some severe problems connecting to the shares via windows right > now. If anyone could be of assistance, this would be greatly appreciated. >Which Machine are you having trouble connecting to? Is it both of them or just one? Patrick
-> -----Original Message----- -> From: Charles Crawford [mailto:ccrawford@atsengineers.com] -> Sent: Wednesday, December 27, 2000 3:17 PM -> To: Samba-Technical Listserve (E-mail) -> Cc: Samba-Ntdom Listserve (E-mail); Samba Listserve (E-mail) -> Subject: network resources -> -> All day today, and often on other days, I get error messages -> on login saying -> that either there aren't enough network resources available, -> or that the -> computer name cannot be found. -> -> If this is a legitimate error message, then your problem is that you have device drivers, or TSRs loading in your config.sys/autoexec.bat files. The resources on win9x is the lower 640K of RAM in your system. This area is where you programs must be run from (16bit/8bit progs), which, is also where your support for older windows and DOS programs from within windows runs from. Win3.x used to have serious resource issues, but win9x did away with the resource problem by moveing to a pure 32bit OS, and implementig a thunking system, that converts 16bit code to 32bit code. But I know from experience, that even though it can do this, it still has the resources limitation when using 16bit apps, and apparently the system stacks are still down there. So if you have DOS programs loading before windows starts, less of this memory is available.