WAAS and Samba 2.2.7

Similar Messages

• Ldb 1.1.18-1 and samba

  The ldb 1.1.18-1 does not work with samba. I guess samba needs to be recompiled. I was getting modules mismatch because ldb is at 1.1.18 and samba modules are at 1.1.17 still so my samba will not start unless I downgrade ldb package to 1.1.17 version.  ldb_version=1.1.18 module_version=1.1.17

  I encountered this same error after migrating my working Samba installation from Debian. I've flagged the package as out of date; I think your recompilation suggestion is the answer. Downgrading to 1.1.17 also resolved the issue for me.

• WAAS and IP SLA operation

  we are currently using the IP SLA udp jitter measurement to monitor our voice paths accross the WAN. If we implement a partial WAAS across the same WAN the voice traffic will be acellerated but not the IP SLA jitter measurement. Does this mean that when WAAS is implemented IP SLA is limited in its use?

  Hi Steve,
  The answer to your question depends on 1) how you deploy WAAS and 2) how you use IP SLA.  If you deploy WAAS using WCCP for interception, UDP traffic will never be intercepted.  If the WAAS device is deployed inline, all traffic flows through the WAAS device, so an IP SLA probe using UDP will be subject to WAAS pass-through handling behavior.
  What are you trying to measure with regards to WAAS?
  Zach

• WAAS and Juniper Netscreen Interoperability

  I've been doing a dig on historical posts relating to WAAS deployed through firewalls.
  I am working on a deployment with Juniper Netscreens & ASA5520 sitting between WAE's. IP connectivity is fine. I can ssh to remote device etc. but users cannot login (XP). The login scripts calls upon CIFS etc and I suspect this is being broken through the fw's.
  When I disable WAAS for this flow - it all works fine i.e. users can login and access full set of corporate resources. I suspect the firewalls but would appreciate any leads..
  thanks
  Ajaz

  Hi Ajaz,
  WAAS adds TCP Option 0x21 and increments TCP packet sequence number during TCP handshake. FW needs to be configured to allow
  these changes.
  On the latest PIX/ASA a new command "ip inspect waas" has been added to allow above changes by wae. You might want to check
  Netscreen config guide on command to disable TCP sequence number checking.
  If SSH to Servers is working fine then it might not be FW dropping packets. However to confirm it might be best to use
  tcpdump/tethereal on both WAEs and to sniff the traffic on whether its being dropped along the path by the FW.
  Few questions:
  - Whats the version running on WAEs?
  - Is it only CIFS traffic which is affected? Try disabling CIFS AO if its enabled and then test.
  Hope this helps,
  Best Regards,
  Rahul Vavale

• WAAS and TACACS

  We are trying to get our WAAS environment to authenticate against TACACS and then fall over to local if TACACS is unavailable. For engineer logins everything is working as expected. However we are seeing several thousand failures against the TACACS server from a username of "CMS". This user is not configured in the CM or in TACACS. So we log the failed login and CMS logs into the WAE due to the failover to local mechanism. Looking at packet captures, and debugging aaa on the WAE's it is definitely a CMS user that logs in but shows 127.0.0.1 as its "from" host. I am fairly confident this is automation within the WAE syncing with the CM or vice versa. Does anyone know how to get WAAS and TACACS to work together without a mass amount of login failures? Is there a way this CMS user can be cloned/duplicated on the tacacs server? What is the password for this automation user?
  Thanks in advance.

  Hi Stan,
  WAE can authenticate against TACACS, RADIUS and Central Manager (Local) at any time depending on your configuration.
  There are couple of things to keep in mind while configuring TACACS on WAE, on both sides - TACACS adn WAE CM.
  On TACACS side:
  1. Please make sure to create right username.
  2. Please make sure to verify if you are using ASCII password authentication.
  3. Try to use less than 15 letters - Alphanumeric TACACS password.
  4. Please provide right user level / group level persmissions. This is somewhere under user account properties. Please also make sure to select right user password under user properties.
  5. Verify if this user needs level 15 (admin equivalent account).
  On WAE CM side:
  1. Please make sure to select right authentication method as primary and secondary.
  2. Please make sure to enable the check box for authentication methods.
  You can verify the failure / successful log events on TACACS server in order to find out if the user is atleast trying to authenticate against TACACS.
  I am sure you have looked at this link to find out all the required steps: Configuring TACACS+ Server Settings
  Hope this helps.
  Regards.
  PS: Please mark this as Answered, if this resolves your issue.

• WAAS and Symantec Vertitas Volume Replicator

  Hi,
  We are forwarding Symantec replication traffic via our WAAS infrastructure over a 20Mb WAN link. The CM appears to register the traffic but does not optimize it at all. Has anyone had any experience with WAAS and Symantec Veritas Volume Replicator (VVR) 4.3?

  I tested with VVR in the lab. VVR default uses UDP and using the nerd knob in the GUI did not force VVR to start using TCP. To get VVR to use TCP, I had to input these commands:
  vrport data 1999-1999
  vrport heartbeat 2000-2000
  or use what ever ports you want to use. The previous answer was asking if you were seeing TCP sessions in the WAE's. This can be seen by telneting to the WAE and issueing a "show tfo connection summary". Can you post the output of that command?

• WAAS and 512 Deployment

  Attach is the Visio as well as config for the India site. The Visio has 2 tabs (POC-WAAS and Proposed-WAAS). The POC (Proof of Concept) tab does not have the spare 3660 installed yet but I plan to do that soon. The "Proposed WAAS" is where we would want to be. However, my question will most likely address POC tab with the preparation to move to the Proposed tab.
  Current assumptions:
  Since we have a Manager in India, we will be getting another Manager in Calif, If so, I would like to setup a Primary/Standby deployment for redundancy.
  Questions:
  1. For Calif Primary WAE, the visio shows a Management interface but do I need a management interface or is it better to go with a standby interface instead as well as use MHSRP?
  2. Since we have a high speed link (4 Mb Internet for VPN in POC but 10mb WAN for proposed), should we tune the buffers to the max? If so how?
  3. Is this a recommend design for California? for India?
  4. Is my configs a recommend configs for California 3660 in POC? If so, what do I need to change in 3825 in Proposed?

  Zach
  After reading the SRND, I believe the best design is to move the 512 to the Cores. Please see the updated Visio and planned configs. Here's my updated requirements:
  1. Calif is hub
  2. All traffic to India (10.2/10.26) should go through the VPN tunnel through (ASA5520)
  3. All traffic to 10.3 and 10.5 should go through WAN via (R-Voice2)
  4. Latency to India is btwn 280 to 340msec and BW is 2mb. Do I also need to be concern with the BDP, L2 redirect(forwarding), and Mask assignments?
  TIA

• WAAS and SSA Baan ERP

  Hi all,
  Anybody how have setup Cisco WAAS and ERP application BAAN?
  I am interesting to setup a full optimization for ERP Baan.
  Jan

  Hi all,
  We found the problem.
  TCP/512 was in Classifier Unix-Remote-Execution and this Classifier was in pt.
  Jan

• DS 6.x posix and samba objectclass?

  How do I had objectclasses for posix and samba attributes? Are they already included? Dont see them in the docs. I am attempting to configure a ds 6.1 to hold posix and samba account information for users. Can I implement RFC 2307 Network Information Service schema? And do I need to be running solaris to do this?

  There is no default schema for Samba shipped with Sun Directory Server...
  It should be pretty straightforward to adapt the OpenLDAP specific copy to Sun DS.
  We do not intend to deliver Sun DS with all possible existing schema definitions in the world... Especially when there is no standard describing it.
  The mail, calendar and other Netscape based products schema delivered are mostly there for historical reasons. In my personal opinion, they should not be installed by default, and probably not directly delivered by the product.
  Regards,
  Ludovic.

• Problem with Finder and Samba

  I have done some looking around and apparently this has been an issue for others. I have not noticed it until Snow Leopard. Basically when trying to copy files to a samba server share I will get the error:
  The Finder can’t complete the operation because some data in “” can’t be read or written.
  (Error code -36)
  I have tried copying this same file in the terminal and it works fine. From what I was reading it has to do with the way finder negotiates the encryption to the samba server. I have never seen this until now but when thought I had was to try to dis-join from the Active Directory domain I'm connected to. I saw the apple document to allow clear text passwords but I really don't see that as a solution clear text passwords are not good enough.
  It seems that this is related to active directory membership.

  I have confirmed I can copy the same file using the terminal to /Volumes/ShareName.
  I dis-joined from the domain logged on the local account and copied the same file connected as the same user to the file server and it worked perfectly. The only people that have had issues since Snow Leopard are the ones that have their Mac joined to the domain. We didn't see this issue with Leopard.

• [SOLVED] Problem with Audio and Samba

  Hi, this is my first post. I think I should put here.
  I have a hard drive connected via network, and accessed the protocol with samba (smb). Mapping shared everything perfectly even see pictures without problems, but when it comes to playing music all players remain "flipped" do nothing, or give an error, but does not sound.
  On another computer with Ubuntu works without problem.
  I used VLC and Rytmmbox with the same results.
  Sorry for my English, I'm Spanish
  EDIT:  I tried with totem and if it works.
  Last edited by karendon (2013-03-01 17:57:42)

  No ideas

• Active Directory and Samba issues

  When I updated a few of the computers here at work to Leopard, I tried mounting some authenticated samba shares here at work, and they worked just fine. However, with other users, it denies their password, and then re-prompts for the password, despite said password being correct. It doesn't appear to be related to administrator permission on the domain, either, because it denies me when I change my permissions to only have access to specific machines, instead of 'all computers'
  If you need any further information, I would be happy to give it.

  Hi
  I confess I don't know if this is in any way helpful or relevant but I do know changes have been made in Leopard viz Samba since you can no longer setup a Windows Printer via Samba in the GUI as you have previously been able to do. You can do it in CUPS but this isn't for all types of users. Thus I don't know if this has any bearing on your problem but it may help to look for more general based samba support changes.
  cheers

• SMB problems with Vista and Samba 3.0.25a

  I've got a huge problem with my network setup here. I've read the previous posts about non working samba shares, but I did not found any working tips. I have done some additional tests, and I would like to share them with you, maybe anyone finds the solution based on them.
  So the problem is that I cannot access smb based shares. Not on my Windows (Vista) workstation, and not on my freebsd server (samba 3.0.25a). Login seems to be successful. When I enter a wrong username, or a wrong password, the finder tells me that this credentials are wrong. So as far as I can see the problem must be behind the login step.
  My samba logfile does not report anything, same for the firewall logs from Leopard. When I try to list the shares from the terminal (with smbclient) it works fine. I even can mount this shares, but the goal was to have it available in the finder.
  When I use +K to mount the share the manual way, I can enter the username and password (if they are wrong, I get the right error message), but after that I get only the connecting dialog.
  Thank you very much to everyone who might have any idea how that could be fixed.
  Have a nice day.

  FYI: This issue was fixed in 10.5.2, and there is a workaround for previous versions: Remote % signs from the password.

• WAAS and WCCP - looping packet detected

  Hi,
  Has anyone ran into this senario before. Before anyone answers with "move your WAE off the user subnet", it already has been.
  I have wccp 61 redirect in on the user subnet (gig0/0.83 of a dot1q trunk). The WAE is on gig0/1. Before I apply wccp62 to the serial link, I attempt to telnet from a user pc to the router (same subnet, clients default gateway), and the telnet fails. I get a "looping packet detected" on the router console. It shows the source of the packet as the router (wccp router id actually), and the destination ip of the WAE, but the packet came in gig0/1 (interface connected to wae). Obviously the WAE returned the packet to the router (with the original GRE headers, (router as source)). I thought WCCP would understand this as "don't redirect this traffic to me anymore", but the router, actually tries to route it back down gig0/1 and then sees it as a looping packet. I believe the WAE is returning the encapsulated packet to the router to indicate it doesn't want the flow, and the router is attempting to route the GRE packet, instead of realizing it should remove the GRE header and route the internal packet. Router is IOS 12.4(12) as recommended by my Cisco engineer. 2821 router.
  For kicks, I continue the WCCP setup on the datatcenter side. As expected, it doesn't work. When I apply the WCCP to the datacenter router (only redirecting lab subnet), the entire lab subnet is unreachable via TCP (but icmp still works as expected).
  The WCCP configuration isn't very complex, I can't believe its something I'm doing. I think its a code issue.
  Any advise?

  no "out" anywhere. The LAB router has a WAE list to only allow redirect to the lab WAE. I don't even need the 62 in on the WAN side, just applying 61 in on the LAN side breaks telnet to the router.
  LOOPING PACKET DETECTION:
  from router console
  Feb 27 14:56:32.924: %IP-3-LOOPPAK: Looping packet detected and dropped -
  src=132.242.11.18, dst=153.61.83.70, hl=20, tl=76, prot=47, sport=0, dport=0
  in=GigabitEthernet0/1, nexthop=153.61.83.70, out=GigabitEthernet0/1
  options=none -Process= "IP Input", ipl= 0, pid= 77 -Traceback= 0x410F6978 0x415CC960 0x415CDC60 0x415BBB38 0x415BCF18 0x415BD27C 0x415BD2FC 0x415BD4E8
  Router configuration:
  ip wccp 61 redirect-list REDIRECT-WAAS-SUBNETS-61 group-list remote-waas-box
  interface Loopback0
  ip address 132.242.11.18 255.255.255.255
  h323-gateway voip bind srcaddr 132.242.11.18
  interface GigabitEthernet0/0.83
  description << data vlan 83 >>
  encapsulation dot1Q 83
  ip address 153.61.83.3 255.255.255.192
  ip helper-address 192.127.250.22
  ip helper-address 149.25.1.182
  no ip proxy-arp
  ip wccp 61 redirect in
  standby 83 ip 153.61.83.1
  standby 83 priority 200
  standby 83 preempt
  standby 83 track Serial0/1/0:0.99 100
  interface GigabitEthernet0/1
  description << WHQ LAB CE connection >>
  ip address 153.61.83.65 255.255.255.192
  load-interval 30
  duplex full
  speed 100
  ip access-list standard remote-waas-box
  permit 153.61.83.70
  ip access-list extended REDIRECT-WAAS-SUBNETS-61
  permit ip 153.61.83.0 0.0.0.63 any
  WAE configuration:
  device mode application-accelerator
  primary-interface GigabitEthernet 1/0
  interface GigabitEthernet 1/0
  ip address 153.61.83.70 255.255.255.192
  no autosense
  bandwidth 100
  full-duplex
  exit
  wccp router-list 1 153.61.83.65
  wccp tcp-promiscuous router-list-num 1
  wccp version 2
  wccp slow-start enable

• MAC OS and LDAP and Samba Server

  How can I make my Mac OS authenticate against LDAP and automatically map shared by a Samba server folders? (samba domain)? The idea is that any person who is registered in the database of LDAP can log into any Mac machine and automatically access the folders stored on the Samba server.

  Are you using TopLink 11g or TopLink Essentials?
  You seem to be wanting to use TopLink 11g, but you have the provider set to Essentials in your persistence.xml.
  <provider>oracle.toplink.essentials.PersistenceProvider</provider>
  Change this to,
  <provider>oracle.toplink.PersistenceProvider</provider>
  The sessions-xml properties are only supported with TopLink 11g.
  Note that currently in 11g when using a sessions-xml it must contain a project xml that completely defines the mappings. It will not merge with annotations nor defaults.