Bug #314

Samba/Wins and windows XP and vista issues with wireless and multiple networks

Added by Dave Täht on Dec 1, 2011. Updated on Aug 22, 2012.
New Normal Dave Täht

Description

Co-existence of routed networks in the home, in the case of windows firesharing, is proving to be a pita.

History

Updated by David Taht on Dec 1, 2011.
I’m moving this over to the bug report system so we can discuss it
better there until we find resolution.

On Thu, Dec 1, 2011 at 6:21 PM, Jim Reisert AD1C jjreisert@alum.mit.edu wrote:
> On Wed, Nov 30, 2011 at 11:57 PM, Jim Reisert AD1C wrote:
>
>> Not quite yet.  On my wife’s laptop (Windows XP), I can browse to
>> \\DESKTOP\My Documents (Windows 7).  I changed the path of the My
>> Documents folder on the laptop to be \\DESKTOP\My Documents. But when
>> I try to synchronize the folder on the laptop (to the Desktop),
>> Windows reports an error, saying the network path no longer exists.
>> This used to work when all the computers were on the same subnet.
>
> I have my own personal Windows XP laptop.  Even after configuring
> “NetBIOS over TCP/IP”, the computer still could not see the workgroup!
>
> The only difference I can see between this computer and the other two
> wireless ones (one Windows 7, one XP) is that this one is on the
> 802.11G network, whereas the other two are on the 802.11N network.  I
> don’t know if that makes any difference or not.  Its IP address is in
> the same subnet range as the other two wireless computers (ending with
> .64 through .95).

Hmm… No, there should be no difference, aside from the wireless
cards and drivers installed.

And there is (at present) no physical difference between the ‘G’ and
‘N’ networks, aside from the 2.4ghz radios being on the 64-96 range
and the 5.x ghz being on the 97-126 range.

I have - because I give up on trying to make g and n co-exist properly
- been considering actually putting them - at least for 5ghz - on
separate networks. The AQM strategies then become MUCH easier.

but this is totally unrelated to your ongoing difficulties.

I really do admire your persistence in this.

Can I get you to take a huge step back? I kind of
need to review everything you’ve tried and get a mental
picture and frankly the best thing for me to do would be
to somehow obtain an XP and vista box.

REBOOT EVERYTHING (std windows technique)

I’ve kind of lost track - do you have the ability to have
two identical (eg windows 7 or windows xp)
on either side of the network?

I’d like to eliminate the differences in OS version
from the equation.

plug in TWO windows 7 boxes - only - into
both sides. What happens then?

What do they do?


- Jim

p.s. I did notice that I had not configured all the interfaces in
/etc/config/dhcp (se00, sw00, and sw10), so I updated this per the
twiki page and rebooted.  This was all done before booting up the
other XP laptop, so may not be a factor in this problem.

Updated by David Taht on Dec 1, 2011.
samba is providing wins service and SHOULD also be
being elected a master browser at this point.

A way to tell if that is the case, is to, on the router

logread -F &

/etc/init.d/samba restart

and you should see a message go by saying that.

———- Forwarded message ———-
From: Steinar H. Gunderson sgunderson@bigfoot.com
Date: Thu, Dec 1, 2011 at 7:35 PM
Subject: Re: [Bloat] Summary: Windows file sharing
To: bloat@lists.bufferbloat.net

On Thu, Dec 01, 2011 at 10:21:45AM -0700, Jim Reisert AD1C wrote:
> I have my own personal Windows XP laptop.  Even after configuring
> “NetBIOS over TCP/IP”, the computer still could not see the workgroup!

Note that browsing (seeing the workgroup, being able to list other machines)
is separate from name resolution (hostname -> IP address). WINS only gives
you the latter.

Windows browsing information can generally not cross subnets unless you are
on a domain, you have a special browse master machine on each subnet
(configured to sync to each other), or you do special magic to the broadcast
packets.

/* Steinar */

Updated by Robert Bradley on Dec 1, 2011.
According to the Samba documentation, the way to get this working would be to make the Samba server a Domain Master Browser (http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#DMB). The required changes to smb.conf are:

[global]
domain master = yes
local master = yes
preferred master = yes
os level = 65

This would only work in the case where a domain server does not already exist on the network.

Updated by Dave Täht on Dec 5, 2011.
I have committed a version of samba 3.6.1 to the ceropackages repository.

Aside from verifying that it does, indeed build, I am not presently in a position
to test it - or even build it - in any way, as the main cerowrt tree is temporarily
too unstable for even me to use. If you have the ability to build cerowrt-rc7 - and would
like to play with this highly experimental - but hopefully thoroughly compatable!
package, you can do a

cd your ceropackages repo
git pull
cd your cerowrt repo
./scripts/feeds update
./scripts/feeds install samba3x-server
make menuconfig
select the network section, below that will be options to build samba3x. client and server

When your custom build is done, you can install it via opkg

Updated by Robert Bradley on Dec 6, 2011.
Having tried setting my Linux machine up as a PDC earlier today, I have the unfortunate news that I could not achieve cross-subnet browsing. The news gets worse though. According to http://support.microsoft.com/kb/117633, simply having a domain controller is not enough, as reading the Samba documentation seemed to suggest. You need to have the machines actually joined to the domain too. This is a real problem for home users using CeroWRT, not least because the home editions of Windows cannot join domains.

So, Steinar is entirely correct in saying that packet replication and/or magic is needed to achieve this (or a proper domain, which is not an option). Using “remote browser sync = ” may work for this, but may also successfully tie Samba up in knots talking to itself.

Updated by Dave Täht on Dec 7, 2011.
The link I read said wins was the answer.

“You cannot browse domains on other subnets where the browse masters are not listed in the LMHOSTS file. As an alternative to this, you can use the Windows Internet Naming Service (WINS).”

Updated by Robert Bradley on Dec 7, 2011.
I was working from:

“Windows NT or WFW workgroups cannot span multiple subnets. Workgroups can view only other workgroups on the local subnet.”

and assumed the text you quoted meant that the full domain setup was needed. Looking at it again tonight, I managed to get this partially working at home. Unlike earlier, I used the Samba server as both PDC and WINS server. The setup was:

Subnet 1 (192.168.1.0/25): Windows 7 Ultimate (192.168.1.3)+Samba server (192.168.1.2, routing between networks)
Subnet 2 (192.168.1.12825): Windows XP Home (192.168.1.131)+Samba server (192.168.1.129)

This works.

Updated by Robert Bradley on Dec 8, 2011.
Two things to note from last night’s experimentation:

1.

Make sure SMB traffic from the remote subnet is not firewalled off!

2.

If the WINS server is not set up correctly, but the Samba server is browse master on all the subnets, you can still get all the machines to show up with “net view”. However, actually resolving those names will fail. For example, “net view \\computer” in Windows will fail with error 53 (path not found). Using the IP address works fine.

My working /etc/samba/smb.conf file had the following:

[global]
# "domain logons" overkill?
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 255
wins support = yes

That last line is essential for enabling the WINS server. On OpenWRT/CeroWRT, this block must be added to the file “/etc/samba/smb.conf.template”.

Updated by Dave Täht on Dec 8, 2011.
thx for beating your brains out on this further. What version of samba are you using?
Updated by Robert Bradley on Dec 8, 2011.
This was using the Ubuntu 11.10 (oneiric) samba package, so it’s Samba 3.5.11.
Updated by David Taht on Dec 14, 2011.
our anti-phishing system kicked back on the numeric urls in this, fixed now.

The reason why cerowrt lives on the 172 dot 30 dot 42 dot X address is that
it had been my hope that others working on this project would plug two
routers into their home network - one for the day-to-day effort of keeping
their internet access up and running (on 192 dot 168 dot zero dot one), and
a cerowrt box for analyzing both routers behavior.

I don’t run it as my day-to-day device at the moment. From where I sit,
it’s a test tool - an increasingly good one - for coming up with solutions
to bufferbloat, and fixing the whole home router disaster with things like
ipv6, proxying, dns, etc… it has oprofile, and debugging tools by
default, etc, etc.

I had planned to get to where we had stable releases that could be used
day-to-day, but it’s been a while since we had one, and I feel that we’re
going to make some progress on the core bufferbloat problem next quarter,
and not have a stable release.

I’m GLAD to have users and testers - some generations of cerowrt are
running for people like jg, esr, & each, and have enormous stability and
uptimes - I don’t know who else is running a generation of cerowrt
day-to-day frankly, there’s been a lot of downloads - but there will always
be something broken in a smoketest or rc, that may not be able to be fixed
very quickly. Or something crazy we’re doing - like routing vs bridging -
that exposes a problem that we needed to know about….

Recently, that happened with samba. And while I hope that’s fixed now (in a
couple ways - wins appears to be working, and I also have a largely
untested samba 3.6.1 package, it needs to get tested at some point in next
year’s development cycle)

http://www.bufferbloat.net/issues/314 http://www.bufferbloat.net/issues/303

I’d really like to use samba again personally, I used to use it a lot.
These days I tend to use sshfs, and that’s zillions of times slower than
samba.

Having a user support community and people testing release candidates and
smoketests is very important to me, too! I LOVED finding out how to make
samba work right…

So, high on my list is coming up with a proper way of stressing what’s on
the front page of the documentation, and setting (low!) expectations, and
keeping people engaged…

From: http://cero2.bufferbloat.net/cerowrt/

“CeroWrt <http://cero2.bufferbloat.net/cerowrt/about.html> is an
OpenWrthttp://www.openwrt.org/router platform for use by
individuals, researchers, and students
interested in advancing the state of the art on the Internet. Specifically,
it is aimed at investigating the problems of latency under load,
bufferbloat, wireless-n<http://cero2.bufferbloat.net/cerowrt/tcp.html#wireless>, QoS <http://cero2.bufferbloat.net/cerowrt/tcp.html#qos>, and the effects of
various TCP algorithms
<http://cero2.bufferbloat.net/cerowrt/tcp.html#tcp>on shared
networks.”

If there is some place in the doc where we are not putting up large warning
signs - ‘BUGS AHEAD. DANGEROUS CODE. DON’T EXPERIMENT WITH THIS ON WIVES OR
CHILDREN’ - I’d to find it and fix it.

I’m perfectly happy with the hardware and core software itself at this
point. I wasn’t, this time last year.

I’d like everybody in the open source and network research communities to
get TWO routers based on this chipset for christmas! Use one day to day,
running openwrt, and the other experimenting with a future outlined by the
ideas in cerowrt.

1) I’d like to come up with a good way for people to plug this in as a
‘secondary’ router.

Right now that requires turning off nat, and telling the upstream router to
give the cerowrt router a static ip and route to the 172 dot 30 dot 42 dot
0 slash 24 address. Perhaps we can take some screenshots of how to do that
on more common CPE?

Network renumbering involves running a couple line sed script.

http://www.bufferbloat.net/projects/cerowrt/wiki/Default_network_numbering

I hope to make renumbering a router easier with a gui, but you know, it’s a
3 line sed script and a couple hundred lines of gui to write to make that
easier.
I’m also thinking of merely writing an RFC standardizing that 192 dot 168
dot zero dot 1 should be the number ALL routers come up on, and the number
all home networks should use. For april 1st.

Bridging is also possible… but not very.

2) Another thought is to do builds of the ceropackages repository for
straight openwrt, and point people at that for things like the bleeding
edge samba stuff.

I like ceropackages, it’s a good way to spin up and debug a new package,
with a low barrier to entry for new people to openwrt - after which it has
always been my intent to push the stable stuff upstream. Multiple grad
students have used the ceropackages concept to get up to speed somewhat and
steve walker’s been great about polishing those up. (and also submitting
packages of his own)

3) Is to more aggressively push up the stuff that works into std openwrt.
This is currently blocked by something stupid

http://www.bufferbloat.net/issues/319

or convince someone to push the stable stuff up to openwrt on a regular
basis.

5) Increase the number of people doing active development and able to fix
bugs and documentation.

Any other ideas as to accomplish these mutually incompatable goals - gain
developers, increase the userbase, gain testers,get good day to day and
long term resolve, solve bufferbloat, establish world peace, and be able to
do bleeding edge R&D… are welcomed.

I do not ever want to disappoint people with our efforts, and will work
diligently at fixing every problem exposed by the new stuff we’re doing.
One of my first thoughts was pretty simple in this area though - try to do
less new stuff!

Updated by David Taht on Dec 17, 2011.
On Thu, Dec 15, 2011 at 10:07 AM, Maxim Kharlamov mcs@podsolnuh.biz wrote:
> Hello Dave,
>
> I’m running cerowrt on day-to-day basis on my wndr3800 for quite a while and
> it works like a charm. It is rc7-smoketest10 build. Managed to configure
> everything I needed apart from dyndns client which is not a big issue
> anyway.

I should probably point people at that build as a ‘stable’ release, with two
known bugs (notably having to manually create the radios). We were
very close with that smoketest!

(but shortly afterwards the build, the kernel, the driver, bind, ntp, and ahcp
all broke simultaneously, as did I. There was a ton of churn upstream,
that is only now settling down)

So in the future, I need to come up with a good point to do a code freeze
in the release cycle. This is of course, in conflict with the idea of closely
tracking the kernel and openwrt development process,

So far wndr3800+cerowrt is the best performer out of many routers I tried. I
tested wndr3800 stock, linksys e3000 and e4200 with stock and tomatousb,
pfsense 2.0 appliance, cradlepoint mbr1400 and some others. Speedtest on
wndr3800+cerowrt is constantly at or almost at the top of the list and
during the speed test ping times are not deteriorating as badly as for the
other routers. Feature-wise cerowrt is also the best (for my particular
setup), so currently it is my main router at home even though initially I
bought it for playing and testing.

Excellent! Thank you.

Preliminary testing indicated that andrews/felix’s fixes for bugs 216 and 195
got us to where openwrt was outperforming the factory firmware in most
respects…

… but I immediately turned around and started sacrificing that raw transfer
performance for lower latency. (reduced tx rings, txqueues)

I’d like to think that that, also, improved performance by a few metrics, but
I don’t plan on resuming serious testing on various benchmarks until
after this coming development cycle is well underway.

In that effort thus far I’ve enabled a ton of debugging code to be able
to look more closely at the effects on cpu of various AQM technologies,
and what I have working at the moment just barely boots.

I’ve just received another wndr3800 and going to install openwrt on it to
compare them side-by-side and to have a playground for routers.

The core difference here at this point between cerowrt and openwrt is the vastly
reduced tx rings and txqueues - you can add these into openwrt easily by editing
/etc/init.d/boot to run ethtool at the right time, and adding
/etc/hotplug.d/iface/00-debloat to openwrt.

I note I plan serious improvements to the basic debloat script there
adding some intelligence to it - in the upcoming development cycle.


Overall, excellent job, Dave! I’m keeping my eye on cerowrt.

Thx again. Sometimes all I can see are the outstanding problems,
rather than the good stuff.



Thanks,
Max


On 15 December 2011 18:14, Dave Taht dave.taht@gmail.com wrote:
>
> our anti-phishing system kicked back on the numeric urls in this, fixed
> now.
>
> The reason why cerowrt lives on the 172 dot 30 dot 42 dot X address is
> that it had been my hope that others working on this project would plug
> two routers into their home network - one for the day-to-day effort of
> keeping their internet access up and running (on 192 dot 168 dot zero dot
> one), and a cerowrt box for analyzing both routers behavior.
>
> I don’t run it as my day-to-day device at the moment. From where I sit,
> it’s a test tool - an increasingly good one - for coming up with solutions
> to bufferbloat, and fixing the whole home router disaster with things like
> ipv6, proxying, dns, etc… it has oprofile, and debugging tools by default,
> etc, etc.
>
> I had planned to get to where we had stable releases that could be used
> day-to-day, but it’s been a while since we had one, and I feel that we’re
> going to make some progress on the core bufferbloat problem next quarter,
> and not have a stable release.
>
> I’m GLAD to have users and testers - some generations of cerowrt are
> running for people like jg, esr, & each, and have enormous stability and
> uptimes - I don’t know who else is running a generation of cerowrt
> day-to-day frankly, there’s been a lot of downloads - but there will always
> be something broken in a smoketest or rc, that may not be able to be fixed
> very quickly. Or something crazy we’re doing - like routing vs bridging -
> that exposes a problem that we needed to know about….
>
> Recently, that happened with samba. And while I hope that’s fixed now (in
> a couple ways - wins appears to be working, and I also have a largely
> untested samba 3.6.1 package, it needs to get tested at some point in next
> year’s development cycle)
>
> http://www.bufferbloat.net/issues/314 > http://www.bufferbloat.net/issues/303 >
> I’d really like to use samba again personally, I used to use it a lot.
> These days I tend to use sshfs, and that’s zillions of times slower than
> samba.
>
> Having a user support community and people testing release candidates and
> smoketests is very important to me, too! I LOVED finding out how to make
> samba work right…
>
> So, high on my list is coming up with a proper way of stressing what’s on
> the front page of the documentation, and setting (low![]() expectations, and > keeping people engaged… > > From: http://cero2.bufferbloat.net/cerowrt/ > > “CeroWrt is an OpenWrt router platform for use by individuals, > researchers, and students interested in advancing the state of the art on > the Internet. Specifically, it is aimed at investigating the problems of > latency under load, bufferbloat, wireless-n, QoS, and the effects of various > TCP algorithms on shared networks.” > > If there is some place in the doc where we are not putting up large > warning signs - ‘BUGS AHEAD. DANGEROUS CODE. DON’T EXPERIMENT WITH THIS ON > WIVES OR CHILDREN’ - I’d to find it and fix it. > > I’m perfectly happy with the hardware and core software itself at this > point. I wasn’t, this time last year. > > I’d like everybody in the open source and network research communities to > get TWO routers based on this chipset for christmas) Use one day to day,
> running openwrt, and the other experimenting with a future outlined by the
> ideas in cerowrt.
>
> 1) I’d like to come up with a good way for people to plug this in as a
> ‘secondary’ router.
>
> Right now that requires turning off nat, and telling the upstream router
> to give the cerowrt router a static ip and route to the 172 dot 30 dot 42
> dot 0 slash 24 address. Perhaps we can take some screenshots of how to do
> that on more common CPE?
>
> Network renumbering involves running a couple line sed script.
>
> http://www.bufferbloat.net/projects/cerowrt/wiki/Default_network_numbering >
> I hope to make renumbering a router easier with a gui, but you know, it’s
> a 3 line sed script and a couple hundred lines of gui to write to make that
> easier.
> I’m also thinking of merely writing an RFC standardizing that 192 dot 168
> dot zero dot 1 should be the number ALL routers come up on, and the number
> all home networks should use. For april 1st.
>
> Bridging is also possible… but not very.
>
> 2) Another thought is to do builds of the ceropackages repository for
> straight openwrt, and point people at that for things like the bleeding edge
> samba stuff.
>
> I like ceropackages, it’s a good way to spin up and debug a new package,
> with a low barrier to entry for new people to openwrt - after which it has
> always been my intent to push the stable stuff upstream. Multiple grad
> students have used the ceropackages concept to get up to speed somewhat and
> steve walker’s been great about polishing those up. (and also submitting
> packages of his own)
>
> 3) Is to more aggressively push up the stuff that works into std openwrt.
> This is currently blocked by something stupid
>
> http://www.bufferbloat.net/issues/319 >
> or convince someone to push the stable stuff up to openwrt on a regular
> basis.
>
> 5) Increase the number of people doing active development and able to fix
> bugs and documentation.
>
> Any other ideas as to accomplish these mutually incompatable goals - gain
> developers, increase the userbase, gain testers,get good day to day and long
> term resolve, solve bufferbloat, establish world peace, and be able to do
> bleeding edge R&D… are welcomed.
>
> I do not ever want to disappoint people with our efforts, and will work
> diligently at fixing every problem exposed by the new stuff we’re doing. One
> of my first thoughts was pretty simple in this area though - try to do less
> new stuff!
>

Updated by David Taht on Dec 17, 2011.
On Sat, Dec 17, 2011 at 9:30 AM, Dave Taht dave.taht@gmail.com wrote:
> On Thu, Dec 15, 2011 at 10:07 AM, Maxim Kharlamov mcs@podsolnuh.biz wrote:

The core difference here at this point between cerowrt and openwrt is the vastly
reduced tx rings and txqueues - you can add these into openwrt easily by editing
/etc/init.d/boot to run ethtool at the right time,  and adding
/etc/hotplug.d/iface/00-debloat to openwrt.

Another core difference is that on cerowrt’s wireless, I did much more
extensive
diffserv classification than what’s currently in the kernel mainline
and openwrt.

In particular, one thing you can really ‘feel’ is that stuff with the
IMM bit set
(notably ssh), gets dumped into the VI queue, and that helps ssh a LOT.

Unfortunately that series of patches was terribly hacky and I still haven’t
found a good way to rework them for submittal upstream.

You easily get the same behavior for things like ssh via iptables.

Updated by Dave Täht on Dec 19, 2011.
I stuck 3.6.1 into the latest bql smoketest. It’s huge. But it’s there if anyone wants to play with it.

https://lists.bufferbloat.net/pipermail/cerowrt-devel/2011-December/000041.html

Updated by Dave Täht on Apr 21, 2012.
Updated by Robert Bradley on Aug 22, 2012.
I got this working with CeroWRT 3.3.8-17 using the following smb.conf.template:

[global]
    netbios name = |NAME| 
    display charset = |CHARSET|
#   interfaces = |INTERFACES|
# Inelegant hack to get Samba listening on secure nets...
    interfaces = 127.0.0.1/8 lo se00 sw00 sw10
    server string = |DESCRIPTION|
    unix charset = |CHARSET|
    workgroup = |WORKGROUP|
    browseable = yes
    deadtime = 30
# Domain logons=yes necessary for PDC
    domain logons = yes
    domain master = yes
    encrypt passwords = true
    enable core files = no
    guest account = nobody
    guest ok = yes
    invalid users = root
    local master = yes
    load printers = no
    map to guest = Bad User
    max protocol = SMB2
    min receivefile size = 16384
    null passwords = yes
    obey pam restrictions = yes
    os level = 20
    passdb backend = smbpasswd
    preferred master = yes
    printable = no
    security = user
    smb encrypt = disabled
    smb passwd file = /etc/samba/smbpasswd
    socket options = TCP_NODELAY IPTOS_LOWDELAY
    syslog = 2
    use sendfile = yes
    writeable = yes
    wins support = yes

The main issues were with |INTERFACES| only returning loopback and the need for “domain logons = yes”. I also added explicit firewall rules allowing CIFS traffic from the secure interfaces (se00, sw10 and sw00).

This is a static export of the original bufferbloat.net issue database. As such, no further commenting is possible; the information is solely here for archival purposes.
RSS feed

Recent News & Articles

Mar 21, 2019 Wiki page
Dave Taht's Take on TCP
Mar 17, 2019 Wiki page
Jake Holland's Stance on ECN
Sep 6, 2018 Wiki page
Pete Heist's Thoughts on ECN
Sep 5, 2018 Wiki page
Dave Taht's Stance on ECN
Sep 4, 2018 Wiki page
Jonathan Morton's Take on ECN

Find us elsewhere

Bufferbloat Mailing Lists
#bufferbloat on Twitter
Google+ group
Archived Bufferbloat pages from the Wayback Machine

Sponsors

Comcast Research Innovation Fund
Nlnet Foundation
Shuttleworth Foundation
GoFundMe

Bufferbloat Related Projects

Congestion Control Blog
Lede Project (OpenWrt)
Flent Network Test Suite
Sqm-Scripts
The Cake shaper
AQMs in BSD
IETF AQM WG

Network Performance Related Resources


Jim Gettys' Blog - The chairman of the Fjord
Toke's Blog - Karlstad University's work on bloat
Voip Users Conference - Weekly Videoconference mostly about voip
Candelatech - A wifi testing company that "gets it".