Slashdot Mirror
File Sharing Difficulties Frustrate Tiger Admins
rmallico wrote in to mention a story currently running on Eweek about technical difficulties sites running Tiger are experiencing. From the article: "A number of sites running Apple's new 'Tiger' operating system are experiencing problems with SMB file sharing and authentication with Microsoft's Active Directory, Ziff Davis Internet News has learned. Although Apple Computer Inc.'s Tiger increases support for Server Message Block file sharing and Active Directory, several sources say that the Finder fails to log on to Windows and Linux Samba file servers."
Its actualy very usefull if you have a list of the error codes and what they mean.
http://www.appleerrorcodes.com/
The only things certain in war are Propaganda and Death. You can never be sure which is which though
Easy workaround:
Command-K to bring up the connect menu and type in the full address INCLUDING THE SHARE NAME:
smb://SERVER/folder
One friend indicated that things refused to work in plaintext-password mode, but once he turned on encrypted passwords, they worked fine.
I'm not sure whether he had to turn on the encrypted passwords at the Mac end or the PC end, but I seem to recall thinking "gosh, imagine that, doing something the secure way."
Village idiot in some extremely smart villages.
I got this solution from here by the way. Thanks to Drew McLelland.
Why would anyone want to use a text editor that is not vi?
I had this problem too after upgrading. I found that deleting my SMB keychain entries solved it allowed me to login again (after getting my admin to unlock my account from all those failed attempts).
The admin's wrong. Samba can do it now, although in all fairness it took a while after active directory was released for it to be able to work with it well. He's probably just basing that on old information.
As far as the protocol, SMB is (IIRC, I could be wrong) an IBM-designed protocol. It's been around for ages - hell, NT domains were just hopped up lan manager networks. The authentication in active directory uses a slightly modified form of kerberos - also an open protocol. They have tried to put a few legal barriers in the way, but those have been mostly ineffective.
Now, there is another possibility - it might be against policy at your university for non-windows machines to authenticate. If it's set up so that all machines have to be added to the tree by an admin, it's certainly enforcable, and thus your admin would be right in that particular case. He's just not right in the general case.
Those who can't do, teach. Those who can't teach either, do tech support.
hi. AD is just LDAP with some extra cruft/bloat/stuff added; which is mostly documented anyway. Your IT department is clueless. You can also fall back to kerberos (which despite the FUD, interoperates with the majority of MIT Kerberos V implementations), if you did not have a functional (Open)LDAP infrastructure.
I've seen this with SMB filesharing, Mail.app, and sometimes Safari. They've all given me frustratingly useless error messages. Anyone frustrated by this should open an Apple Developer Connection account and submit a bug report to Apple's bug tracker. Maybe if enough people do, they'll realize this is a problem. Until then, I noticed that one of the other replies at least mentioned this site that gives some information on these codes.
Here's what I'd like to happen: error messages like "Filesharing error. Please relay these technical details to your system administrator: I tried to log in to 192.168.0.1:139 by sending a SMB_FOO_BAR and it replied with the unexpected SMB_GO_AWAY. See this link for details". They could even have the link contain interoperability information like "you're trying to connect to a Windows ME server, which doesn't work. Sorry." (Hypothetical; I've never tried this. But there's probably some such situation, and knowing it up front would save a lot of hassle.) Or even "you're trying to connect to Windows XP x.y.z; we suggest updating to x.y.z+1 to fix KBxxxx. Should work then." This is the sort of information I can often get by googling, but it's hard when the error messages can have so many different underlying causes. Better error messages and having Apple concentrate on an appropriate page (with the "Did this help?" thing at the bottom) would go a long way.
Other parts of OS X have better error behavior. For example, the crash dialog is excellent. It gives you the options of report, relaunch, and cancel.
If you pick relaunch, it will do so. If it crashes again during startup (by a timer? or before entering the main event loop? I'm not sure), it will give you the option of temporarily starting with fresh preferences.
If you pick report, it will pop up a dialog box with a stack trace in the lower half. You can examine it yourself. If you fill in information in the upper half and hit "Submit", it will send it off to Apple. It also keeps core dumps in a standard place.
It does give a more detailed output. for example when i try to connect to my existant SMB share it gives meI would have given an example of the error output from the specific problem , but i am doing some work on the linux comp that runs my nfs and samba shares right now
The only things certain in war are Propaganda and Death. You can never be sure which is which though
I first started using OS X in the early days of 10.2 (yes, a relative latecomer). This was when my wife bought an iBook (after some *ahem* guidance... read encouragement) for studies she was undertaking. When she wasn't working on it, I got to play and set to work integrating it with our home network.
The pain I had getting SMB to perform acceptably under 10.2 nearly put me off OS X. Basically, the way that 10.2 handled mounting network filesystems really sucked. It was unreliable and often left the system hanging with a spinning beachball (the Mac equivalent of an egg timer). Often, powering off was the only solution.
This was fortunately fixed later on in the 10.2 lifecycle with some networking updates. Things got much better from then on.
When I got my own iBook several months later, it arrived with 10.3. This release seemed to have a reasonably good SMB implementation, but the performance was truly sucky. File transfer speeds between the iBooks and my Linux-based Samba server were low, but at least mounting was reliable.
As 10.3 progressed, this problem went away and performance/reliability are currently both very good. It means I can use SMB between my Linux server and both iBook and Windows XP clients. All works just fine.
I am, however, considering a move to WebDAV for file sharing on the network. WebDAV is a nicely lightweight protocol and has the benefit of being an open standard. Most good implementations are open source too. There are also client libraries for most decent scripting/programming languages. The added benefit is that you can integrate the WebDAV server in to OS X to perform iSync backups of your system and do calendar sharing etc. All nice, geeky, stuff.
The only major problem I can see at the moment is that the way the WebDAV server interacts with the underlying filesystem is a bit complex, given that my server runs under Apache. The model it appears to assume is that the server will have a dedicated directory or area for WebDAV files, and not simply share out a user's home directory or a backup drive.
I do need to go and RTFM, however.
Contribute to the online videogame encyclopedia: GamerWiki
I think this is the case. Ultimately, they'll be right -- there are only a few places where the Mac shows obscure error codes. Actually, file sharing is aobut it now. Prior to Tiger, you could also get obscure error messages for dropped connections, but Tiger introduces a pretty neat Network Diagnostic tool that it offers instead.
Considering that SMB file sharing has been a problem since 10.1, it seems to be time for a SMB troubleshooter as well.
Under Panther (at least), Finder doesn't like samba options such as force user or similar, which I use to reach my root mount-point on my local server.
Finder will not be able to write files into places it thinks it can't - apparently without checking if it really is the case.
Conversely, Finder will attempt to write into places it thinks it can, but it can't, only to fail with a somewhat weird error message.
I don't know if this has been fixed under Tiger.
Is it too much to ask that vendors use beta versions of their own software in-house for a month before they release it? Is it too much to ask that they ship the software to a small number of beta testers before the final release in order to find those wrinkles and iron them out?
This is a common complaint heard about all kinds of products from cars to drugs. What it reflects is ignorance of the statistics of testing. By necessity, testing must be done on a pool of people that is orders of magnitude smaller than the final pool of users (a test on everybody is not a test, it is a product roll-out ). So let us say that you beta test on 1,000 people and roll the product out to a million. Then you will have about a 35% chance of missing a problem that affects 1 person in 1,000. On roll-out, each such problem translates into 1,000 people with problems.
I found using netatalk shares works better on a linux box then using samba shares. Netatalk allows OS X to connect to the linux server using AFP 3, which in my testing was much faster than SMB. Netatalk was not that hard to setup, but I did have a problem with setting up domain authentication.
Actually what the spinning cursor icon means is that the program that has focus has events waiting to be processed by the run loop. That cursor appears automatically when an event waits for longer than a hard-coded threshold ... I think it's three seconds, but I doubt myself and I don't feel like looking it up right now. It would usually happen when the process was waiting for a kernel lock for some reason, usually disk or network I/O. The incidence in Tiger should drop dramatically thanks to finer-grained kernel locking.
Admittedly this is an esoteric implementation detail. It's not really meant to communicate anything to the user other than "I'm waiting."
That's odd.
I'm running into the exact opposite scenario:
Under Tiger, SMB filesharing *screams* as compared to how it ran under Panther and earlier incarnations of OS X. I'm able to connect to my samba fileshare on my Linux box, and my Win XP box, without any trouble whatsoever.
In the past, I was always able to connect, but file transfers were dog-slow. They seem normal now.
Go figure.
Actually, it's not just the foreground app. The wait cursor indicates that whatever app that owns the window currently under the mouse cursor has had pending, unprocessed events for over three seconds.
You can still switch to another application. Swinging the cursor over a window of a background app that was unresponsive will give you quick feedback in the form of the wait cursor if that app is still unresponsive.
The other day a colleague of mine installed Tiger on his laptop (he never had it bound before, just connected to whatever shares with Cmd-K, etc.). He asked about using his AD credentials to log on. I told him "Sure, we just need to bind it to AD, do a few tweaks and anyone with an AD account could log in, just like Windows." Meanwhile, I was mentally crossing my fingers that there wouldn't be any new tweaks that needed to be learned.
So I pointed him to Utilities/Directory Access and had him click the Active Directory option, put in his domain (this is where I would usually start my VooDoo dances with the "advanced" options -- but I thought, "what the hell, lets give it a shot") click on Bind. It asked for a domain admin account, which I entered, and it bound without a hitch (I about fainted). I had him reboot (just to make sure) and then had him log in with his AD account. I worked beautifully, including mounting his home directory off our Win2K server. This had NEVER worked without tweaking for us under panther (although with a little tweaking under 10.2.8+ it worked fine). We transfered files, which went smoothly and quickly, and we looked around the network a bit.
Although I haven't thoroughly tested it yet, I'd say my initial experience with Tiger and SMB/AD has been great. That being said, MOST of our problems with Macs using our AD domain has been Windows-related (missing DNS entries, Sites-and-Services borked, or WINS not working/configured right, etc). Hearing about problems like this after a major change doesn't exactly surprise me, and I'm willing to cut Apple a bit of slack here. They are dealing with a reverse-engeneered protocol on networks where it is very likely that AD isn't in pristine or "best-practices" condition.
We have 35 sites using AD right now in our domain, and the migration from NT4 to Win2K/AD was a learning experience, to say the least. We've learned a lot in the process and, we've found that if you mess up something in AD in the beginning, it's damn near impossible to cleanly remove or fix it. I suspect that there are a lot of installations out there that still have AD ghosts hanging around that make 3rd-party integration a crap-shoot at best. What apple needs to work on is improving their tolerance for broken AD implementations, like windows does.
Of course, if MS would publish the full SMB/AD protocol it would be easier.
"terrorism" and "pedophilia" are the root passwords to the Constitution
What does the Media Access Control address have to do with this?
(Macintosh is abbreviated Mac, not MAC.)
Unfortunately OSX still has some problems with NFS...
- mounts disappear occasionally for no apparent reason, and the automounter won't remount them, forcing me to reboot.
- NFS client performance is significantly worse than Linux (~20MB/sec vs ~100MB/sec reading from the same server over the same gigabit network)
- Some (very important to us) OSX apps have significant problems dealing with NFS paths. Final Cut Pro doesn't use symlinks properly, instead it hard-codes the target of the symlink into your project files, making it impossible to change where the link points without breaking your project. FCP also doesn't record projects on NFS shares in its "open recent" menu. (though DVD Studio Pro does).
And while I'm ranting about OSX filesystems:
- their FAT implementation has performance problems when dealing with very large directories. Copying thousands of film frames into a single directory starts quickly but then gets MUCH slower as the directory fills up. Linux's FAT driver does not exhibit this slowdown.