From: Ludovic Rouse-Lamarre on
Hi,

I am currently in the process of improving performance for a Samba 3.3.4
server on FreeBSD 7.0. The samba server works great when mounted from
another machine located on the same network but when I try to use it
over our corporate VPN (OpenVPN with tap interface) the throughput won't
go over 4,5 Mbps. The ping between the samba client and the server is
around 20ms. I have used a linux machine on amazon's elastic cloud to
connect to the corporate VPN and mount the samba share located on our
web host. There is at least 20 Mbps of bandwidth available between the
two in both ways.

I have also tested the throughput from our Montreal office where we have
a 10 Mbps download. I have tested with fedora, windows 7 and windows xp
and I can't get more than 4 or 5 Mbps there.

Is this situation to be expected or should I be getting better throughput?

Here is my smb.conf file:

[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = CIVITAS
netbios name = PDC-SRV
server string = Samba Server
passdb backend = ldapsam:ldap://127.0.0.1/
log level = 1
syslog = 0
log file = /var/log/samba/log.%m
max log size = 50
time server = Yes
deadtime = 120
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# Ajoute par Ludovic pour ameliorer la performance de Samba
# tire de https://calomel.org/samba_optimize.html
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=65536
SO_SNDBUF=65536
use sendfile = yes
load printers = No
name resolve order = wins lmhosts host bcast
;add user script = /usr/local/sbin/smbldap-useradd -m "%u"
;delete user script = /usr/local/sbin/smbldap-userdel -r "%u"
;add group script = /usr/local/sbin/smbldap-groupadd "%g"
;delete group script = /usr/local/sbin/smbldap-groupdel "%g"
;add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u"
"%g"
;delete user from group script = /usr/local/sbin/smbldap-groupmod -x
"%u" "%g"
;set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
;add machine script = /usr/local/sbin/smbldap-useradd -W "%u"
add user script = /usr/local/sbin/smbldap-useradd -m %u
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m
%u %g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
%u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
add machine script = /usr/local/sbin/smbldap-useradd -w %m"
logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=Manager,dc=bgjlr,dc=com
ldap delete dn = Yes
ldap group suffix = ou=group
ldap machine suffix = ou=machines
ldap passwd sync = yes
ldap suffix = dc=bgjlr,dc=com
ldap ssl = no
ldap user suffix = ou=People
nt acl support = No
map acl inherit = Yes
case sensitive = No
veto files =
/.snap/*.bat/*.cmd/*.com/*.cpl/*.exe/*.hta/*.inf/*.ins/*.isp/*.msi/*.msp/*.pif/*.reg/*.scr/*.shs/*.vb/*.vbs/*.wsc/
store dos attributes = Yes
wide links = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
server signing = auto
server schannel = Auto

[homes]
comment = Home directories
valid users = %S
read only = No
create mask = 0700
directory mask = 02700
browseable = No
root preexec = /usr/local/bin/mkhome %u

[netlogon]
comment = Network Logon Service
path = /srv/home/samba/netlogon/
browseable = No
root preexec = /srv/home/samba/genlogon.pl %U %G %L

[profiles]
path = /srv/home/samba/profiles
valid users = %U, "@Domain Admins"
force user = %U
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
browseable = No
csc policy = disable
guest ok = Yes

[public]
comment = Public Stuff
path = /srv/groupes/public
read only = No
guest ok = Yes

[public2]
comment = Public Stuff
path = /data
read only = No
guest ok = Yes

[groups]
comment = All groups
path = /srv/groupes
read only = No
inherit permissions = Yes
inherit acls = Yes
profile acls = Yes

[admin]
comment = Pour administration
path = /srv/admin
read only = No
inherit permissions = No
valid users = kimmtl syla

Thanks for the input,
Ludovic
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba