Network slow in one direction
Rick Stevens
rstevens at vitalstream.com
Tue May 3 21:35:47 UTC 2005
Ken & Joy Carr wrote:
> Rick Stevens wrote:
>
>>Ken & Joy Carr wrote:
>>
>>>We have a network with a Linux (FC2) server and several Windows (XP
>>>and
>>>Win2K) workstations. Samba on the server provides shared folders for
>>>the windows machines.
>>>
>>>Opening files that are in a Linux-shared folder from a windows
>>>machine happens very quickly. However, saving files from the windows
>>>machines to a shared folder takes an excessively long time. For
>>>example,
>>>opening an 8 MB file (in a server shared folder) using Power Point
>>>takes 1-2 seconds while saving the same file takes over 5 minutes.
>>>
>>>The problem is present from any of the windows machines and happens
>>>with any of the shared folders. Different applications, and copying
>>>files using windows explorer exhibit the same problem.
>>
>>Have you checked the Samba logs in /var/log/samba/hostname.log to see
>>if that offers a clue?
>>
>
> There is no 'hostname.log' - here is a portion of smbd.log --
> -- it begins with a reboot of the Linux server --
> ***begin smbd.log fragment***
> [2005/05/02 17:52:13, 1] smbd/service.c:close_cnum(837)
> flc_rev (192.168.0.9) closed connection to service confirm
> [2005/05/02 17:52:13, 1] smbd/service.c:close_cnum(837)
> flc_sac (192.168.0.14) closed connection to service ProgSuper
> [2005/05/02 17:52:13, 1] smbd/service.c:close_cnum(837)
> flcserver (192.168.0.8) closed connection to service confirm
> [2005/05/02 17:52:13, 1] smbd/service.c:close_cnum(837)
> flc_sac (192.168.0.14) closed connection to service sacdirector
> [2005/05/02 17:54:20, 0] smbd/server.c:main(760)
> smbd version 3.0.7-2.FC2 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2004
> [2005/05/02 17:57:52, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> [2005/05/02 17:57:52, 0] lib/access.c:check_access(328)
> [2005/05/02 17:57:52, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> Denied connection from (0.0.0.0)
> [2005/05/02 17:57:52, 1] smbd/process.c:process_smb(1085)
> [2005/05/02 17:57:52, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> Connection denied from 0.0.0.0
> [2005/05/02 17:57:52, 0] lib/util_sock.c:write_socket_data(430)
> write_socket_data: write failure. Error = Connection reset by peer
> [2005/05/02 17:57:52, 0] lib/util_sock.c:write_socket(455)
> write_socket: Error writing 5 bytes to socket 22: ERRNO = Connection reset
> by peer
> [2005/05/02 17:57:52, 0] lib/util_sock.c:send_smb(647)
> Error writing 5 bytes to client. -1. (Connection reset by peer)
> [2005/05/02 17:59:01, 1] smbd/service.c:make_connection_snum(648)
> flcserver (192.168.0.8) connect to service confirm initially as user ken
> (uid=500, gid=500) (pid 3107)
> [2005/05/02 18:00:09, 1] smbd/service.c:close_cnum(837)
> flcserver (192.168.0.8) closed connection to service confirm
> [2005/05/02 18:00:47, 1] smbd/service.c:make_connection_snum(648)
> flcserver (192.168.0.8) connect to service confirm initially as user ken
> (uid=500, gid=500) (pid 3108)
> [2005/05/02 18:00:59, 1] smbd/service.c:make_connection_snum(648)
> flcserver (192.168.0.8) connect to service sharearea initially as user ken
> (uid=500, gid=500) (pid 3108)
> [2005/05/02 18:01:22, 1] smbd/service.c:close_cnum(837)
> flcserver (192.168.0.8) closed connection to service sharearea
> [2005/05/02 18:01:22, 1] smbd/service.c:close_cnum(837)
> flcserver (192.168.0.8) closed connection to service confirm
> [2005/05/02 18:01:35, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> [2005/05/02 18:01:35, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> [2005/05/02 18:01:35, 0] lib/access.c:check_access(328)
> [2005/05/02 18:01:35, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> Denied connection from (0.0.0.0)
> [2005/05/02 18:01:35, 1] smbd/process.c:process_smb(1085)
> [2005/05/02 18:01:35, 0] lib/util_sock.c:get_peer_addr(1000)
> getpeername failed. Error was Transport endpoint is not connected
> Connection denied from 0.0.0.0
> [2005/05/02 18:01:35, 0] lib/util_sock.c:write_socket_data(430)
> write_socket_data: write failure. Error = Connection reset by peer
> [2005/05/02 18:01:35, 0] lib/util_sock.c:write_socket(455)
> write_socket: Error writing 5 bytes to socket 5: ERRNO = Connection reset
> by peer
> [2005/05/02 18:01:35, 0] lib/util_sock.c:send_smb(647)
> Error writing 5 bytes to client. -1. (Connection reset by peer)
> [2005/05/02 18:01:40, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service netlogon initially as user
> sacregistrar (uid=514, gid=514) (pid 3113)
> [2005/05/02 18:01:41, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service sacregistrar initially as user
> sacregistrar (uid=514, gid=514) (pid 3113)
> [2005/05/02 18:05:15, 0] rpc_server/srv_util.c:get_domain_user_groups(376)
> get_domain_user_groups: primary gid of user [sacregistrar] is not a Domain
> group !
> get_domain_user_groups: You should fix it, NT doesn't like that
> [2005/05/02 18:05:26, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service sacregistrar initially as user
> sacregistrar (uid=514, gid=514) (pid 3113)
> [2005/05/02 18:05:26, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service netlogon
> [2005/05/02 18:05:26, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service sacregistrar
> [2005/05/02 18:05:26, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service sacregistrar
> [2005/05/02 18:06:18, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service netlogon initially as user
> sacregistrar (uid=514, gid=514) (pid 3115)
> [2005/05/02 18:06:18, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service sacregistrar initially as user
> sacregistrar (uid=514, gid=514) (pid 3115)
> [2005/05/02 18:06:22, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service netlogon
> [2005/05/02 18:06:22, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service sacregistrar
> [2005/05/02 18:06:27, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service sacregistrar initially as user
> sacregistrar (uid=514, gid=514) (pid 3115)
> [2005/05/02 18:06:27, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service netlogon initially as user
> sacregistrar (uid=514, gid=514) (pid 3115)
> [2005/05/02 18:07:03, 0] rpc_server/srv_util.c:get_domain_user_groups(376)
> get_domain_user_groups: primary gid of user [sacregistrar] is not a Domain
> group !
> get_domain_user_groups: You should fix it, NT doesn't like that
> [2005/05/02 18:07:14, 1] smbd/service.c:make_connection_snum(648)
> cpreg (192.168.0.6) connect to service sacregistrar initially as user
> sacregistrar (uid=514, gid=514) (pid 3115)
> [2005/05/02 18:07:15, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service netlogon
> [2005/05/02 18:07:15, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service sacregistrar
> [2005/05/02 18:07:15, 1] smbd/service.c:close_cnum(837)
> cpreg (192.168.0.6) closed connection to service sacregistrar
> ***end smbd.log fragment***
You have some serious DNS issues. Those "getpeername" failures are not
good. Someone, somewhere is using bogus IPs (0.0.0.0). Check your DNS
configuration. If you're not using DNS, then check the /etc/hosts file
on your Linux machines and your c:\win32\system\lmhosts file on the
Windows boxes. Make sure all machines know the IPs of all the others.
>>I suspect you either have an authentication problem or there's an
>>issue with converting Windows-style permissions to Linux-style. We'd
>>need to see the share definition in your /etc/samba/smb.conf file as
>>well as the authentication bits from the [global] section.
>
> Here is smb.conf --
> ***begin smb.conf***
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name
> # workgroup = firstlutheran
> workgroup = flcpwm
> security = user
> # password server = flc_laptop
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
> browseable = no
>
>
> # server string is the equivalent of the NT Description field
> server string = First Lutheran Samba PDC %v %h
> netbios name = flclxserver
>
> hosts allow = 192.168.0. 127.
>
> # Enable this if you want Samba to be a domain logon server for
> # Windows95 workstations.
> domain logons = yes
> logon home = \\%L\%U\HDrive
> logon drive = h:
> logon script = netlogon.bat
You should either comment that line out or put such a file in
/home/netlogon
> # The following are needed to allow password changing from Windows to
> # update the Linux system password also.
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n
> *password*successfully*updated*
>
> # pdc and master browser settings
> os level = 65
> domain master = yes
> local master = yes
> preferred master = yes
> dns proxy = no
> wins support = yes
You should set up the "domain group map =" option. The lack of such is
what's causing the "primary gid of user [sacregistrar] is not a Domain
group !" error.
> ### command used to add machine to domain b4 joining domain
> ##adduser -d /dev/null -s /bin/false -c maggy -n maggy$
> # instead of one user's name, use the names of all users in the Windows
> # NT/2000/XP Administrators group who log on to the domain
> # domain groups:
> #domain admin group = root @adm
>
> # logging settings
> #log file = /var/log/samba/log.%m
> #log level = 2
> #max log size = 50
>
> [netlogon]
> comment = The domain logon service
> # there is nothing in /home/netlogon right now,
> # just an empty directory.
> path = /home/netlogon
> writeable = no
> locking = no
>
> [secondshare]
> comment = Just a share with some junk in it
> path = /home/samtest
> browseable = no
> writeable = yes
> guest ok = no
>
> [confirm]
> comment = Pastors confirmation files
> path = /home/confirmpp
> browseable = no
> writeable = yes
> guest ok = no
>
> [revl]
> comment = Revelations (unc)
> path = /home/revl
> browseable = no
> writeable = yes
> guest ok = no
>
> [sharearea]
> comment = Share Area (S:)
> path = /home/sharearea
> browseable = no
> writeable = yes
> guest ok = no
>
> [RevlBackup]
> comment = Revelations Backup Files
> path = /home/revlbackup
> browseable = no
> writeable = yes
> guest ok = no
> valid users = jason,ken
>
> [ProgSuper]
> comment = SAC Director's files
> path = /home/ProgSuper
> browseable = no
> writeable = yes
> guest ok = yes
>
> #[home]
> # comment = Home share
> # path = /home
> # browseable = yes
> # writeable = yes
> # guest ok = no
>
> [homes]
> comment = Home directories
> browseable = no
> writeable = yes
> valid users = %S
It's not a good idea to have a "valid users =" line in a [homes]
section, and it certainly should NOT have an "%S" in it (I'd even
be suspicious of "%u" or "%U"). It'd be better to set up a global
"invalid users =" list and remove this line entirely.
> create mode = 0664
> directory mode = 0775
> ***end smb.conf***
I think a large part of the problem here is DNS or the lack thereof.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- "More hay, Trigger?" "No thanks, Roy, I'm stuffed!" -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list