Re: [Samba] Cross-subnet browsing and oplocks
Hi, Thank you for your response. I use the tun device as it seemed it was a bit easier to setup. I did read that tap was a bit better with windows, but other than the oplocks issue with Samba I have not had any real problem with the openVPN setup and Samba. I think I will setup a test openVPN server running a tap device and see if there are any apparent differences. I have read though the Samba manual regarding oplocks and agree that they are a bit difficult to understand, okay, quite a bit. On my regular office network oplocks have worked fine since I started running the Samba server and it is only with the introduction of the VPN that I have seen any troubles. I have also read about a few file types causes issues with oplocks, I had problems with excel files, but it seems to be okay now, well nobody is complaining anymore anyway. I am not to familiar with pptp other than it is a point-to-point tunnelling protocol and the things I have read discuss using it with dial-up, we have no dedicated dailup access to our networks. For clarity sake, there appears to be no oplocks whatsoever when a client over the openVPN connection accesses a file on the server. Their connection is logged by samba, they show up in smbstatus, including all mounted drives, IP address, and username, just no oplocks. I think one of the first things I need to do is upgrade the Samba server to the latest version, but that will have to wait until the weekend as it is currently in use. As a first attempt I will try a tap device on the openVPN connection Thank you for your help and I will post any notable results. Michael Kelly >>> rruegner <[EMAIL PROTECTED]> 28/09/2004 5:01:44 pm >>> Hi Michael, do you use the tap device? like this ( man openvpn advice tap instead of tun devices for win networks) #example conf #my partners dns name remote your.partner.dns #kind of device dev tap0 float #tunnel ips my tunnel nic partners tunnel nic ifconfig 192.168.10.2 255.255.255.0 #what to do if comming up up /etc/openvpn/your.partner.dns.conf # optional, but good for setting route # timeouts ping 15 ping-restart 300 # 5 minutes resolv-retry 300 # 5 minutes persist-tun persist-key # compression (optional) comp-lzo # verbosity (optional) verb 5 #user and group user nobody group nogroup secret /etc/openvpnkey #mtu #mtu-test tun-mtu 1500 #daemonize daemon #tune #fragment 1400 #mssfix 1400 tun-mtu-extra 64 i have a few setups with pdc and bdc sambas across openvpn networks and they work quite well, i never found some oplocks problems ( what makes not sure that they are some ) but in 6 Months on 3 Servers with 100 Users and gigs of files nobody talked about that. Study the subnet browsing stuff from samba, using openvpn as laptop clients i found not satisfactory i use pptp vor my roadwarriors. oplocks are difficult to understand, i had my troubles with them in the past but now it worked from default with samba 3.07 but i read there are a few filetypes which making special trouble with them. Maybe this was usefull for you its a complex theme Regards Michael Kelly schrieb: > Hello all, > > I will give you a few details first. > > In my office I am running Samba 3.02a as a simple file serve and a WINS > server. It currently serves about 11 employees. That setup, other than a > couple of minor things works fine. > > I administrate a remote office as well that is part of the same > company, there are 3 employees. In that office I have a Linux gateway > running openVPN 2.0beta11 as a client which connects to our office so > that they can utilize our file server. They can connect without any > issues and get any resources they need from the file server. They also > register on the WINS server listed above. That same Linux gateway is > also running Samba 3.07 for the sole purpose of browse list > syncronization. My routed openVPN solution does not allow broadcasts > across its tunnel. Again this is working fine, They register with WINS, > use WINS for NetBIOS lookups, and use resources from the Samba file > server. > > Also, I have two remote employees that connect to our network using an > openVPN client on laptops running win2000 Pro. Again, these connections > work great and they are able to register with the WINS server, edit > files, what have you. > > The problem I am having is that oplocks do not seem to function for any > of the users connected via VPN. When I look at the status of the file > server using smbstatus, I can see all of the connected users, both in my > subnet and the ones connecting across the VPN, as well as being able to > see the shares they have mapped. > > I guess I am not sure why clients are able to open files across the VPN > but not have the oplocks engaged. I have no turned off locks on any of > the shares and, as I said earlier, users from my physical office receive > locks when they open files, but remote users do not. > > If I open a file on a machine on the office network, it is
Re: [Samba] Cross-subnet browsing and oplocks
Hi Michael, do you use the tap device? like this ( man openvpn advice tap instead of tun devices for win networks) #example conf #my partners dns name remote your.partner.dns #kind of device dev tap0 float #tunnel ips my tunnel nic partners tunnel nic ifconfig 192.168.10.2 255.255.255.0 #what to do if comming up up /etc/openvpn/your.partner.dns.conf # optional, but good for setting route # timeouts ping 15 ping-restart 300 # 5 minutes resolv-retry 300 # 5 minutes persist-tun persist-key # compression (optional) comp-lzo # verbosity (optional) verb 5 #user and group user nobody group nogroup secret /etc/openvpnkey #mtu #mtu-test tun-mtu 1500 #daemonize daemon #tune #fragment 1400 #mssfix 1400 tun-mtu-extra 64 i have a few setups with pdc and bdc sambas across openvpn networks and they work quite well, i never found some oplocks problems ( what makes not sure that they are some ) but in 6 Months on 3 Servers with 100 Users and gigs of files nobody talked about that. Study the subnet browsing stuff from samba, using openvpn as laptop clients i found not satisfactory i use pptp vor my roadwarriors. oplocks are difficult to understand, i had my troubles with them in the past but now it worked from default with samba 3.07 but i read there are a few filetypes which making special trouble with them. Maybe this was usefull for you its a complex theme Regards Michael Kelly schrieb: Hello all, I will give you a few details first. In my office I am running Samba 3.02a as a simple file serve and a WINS server. It currently serves about 11 employees. That setup, other than a couple of minor things works fine. I administrate a remote office as well that is part of the same company, there are 3 employees. In that office I have a Linux gateway running openVPN 2.0beta11 as a client which connects to our office so that they can utilize our file server. They can connect without any issues and get any resources they need from the file server. They also register on the WINS server listed above. That same Linux gateway is also running Samba 3.07 for the sole purpose of browse list syncronization. My routed openVPN solution does not allow broadcasts across its tunnel. Again this is working fine, They register with WINS, use WINS for NetBIOS lookups, and use resources from the Samba file server. Also, I have two remote employees that connect to our network using an openVPN client on laptops running win2000 Pro. Again, these connections work great and they are able to register with the WINS server, edit files, what have you. The problem I am having is that oplocks do not seem to function for any of the users connected via VPN. When I look at the status of the file server using smbstatus, I can see all of the connected users, both in my subnet and the ones connecting across the VPN, as well as being able to see the shares they have mapped. I guess I am not sure why clients are able to open files across the VPN but not have the oplocks engaged. I have no turned off locks on any of the shares and, as I said earlier, users from my physical office receive locks when they open files, but remote users do not. If I open a file on a machine on the office network, it is locked and even a remote client cannot overwrite it, but the vice versa is not true. If a remote client opens a file I can open it on my machine in the office network, change it and save it no problems. I am really hoping someone can give me a hint to why this is occurring. I know that in all cases the VPN is involved in the problem, but I am trying to narrow it down to the root cause. Thanks Michael Kelly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-subnet browsing and oplocks
Hello all, I will give you a few details first. In my office I am running Samba 3.02a as a simple file serve and a WINS server. It currently serves about 11 employees. That setup, other than a couple of minor things works fine. I administrate a remote office as well that is part of the same company, there are 3 employees. In that office I have a Linux gateway running openVPN 2.0beta11 as a client which connects to our office so that they can utilize our file server. They can connect without any issues and get any resources they need from the file server. They also register on the WINS server listed above. That same Linux gateway is also running Samba 3.07 for the sole purpose of browse list syncronization. My routed openVPN solution does not allow broadcasts across its tunnel. Again this is working fine, They register with WINS, use WINS for NetBIOS lookups, and use resources from the Samba file server. Also, I have two remote employees that connect to our network using an openVPN client on laptops running win2000 Pro. Again, these connections work great and they are able to register with the WINS server, edit files, what have you. The problem I am having is that oplocks do not seem to function for any of the users connected via VPN. When I look at the status of the file server using smbstatus, I can see all of the connected users, both in my subnet and the ones connecting across the VPN, as well as being able to see the shares they have mapped. I guess I am not sure why clients are able to open files across the VPN but not have the oplocks engaged. I have no turned off locks on any of the shares and, as I said earlier, users from my physical office receive locks when they open files, but remote users do not. If I open a file on a machine on the office network, it is locked and even a remote client cannot overwrite it, but the vice versa is not true. If a remote client opens a file I can open it on my machine in the office network, change it and save it no problems. I am really hoping someone can give me a hint to why this is occurring. I know that in all cases the VPN is involved in the problem, but I am trying to narrow it down to the root cause. Thanks Michael Kelly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
