File Sharing Difficulties Frustrate Tiger Admins 334
rmallico wrote in to mention a story currently running on Eweek about technical difficulties sites running Tiger are experiencing. From the article: "A number of sites running Apple's new 'Tiger' operating system are experiencing problems with SMB file sharing and authentication with Microsoft's Active Directory, Ziff Davis Internet News has learned. Although Apple Computer Inc.'s Tiger increases support for Server Message Block file sharing and Active Directory, several sources say that the Finder fails to log on to Windows and Linux Samba file servers."
Re:Oh, right, error code -36! (Score:5, Informative)
http://www.appleerrorcodes.com/ [appleerrorcodes.com]
Work-around (Score:5, Informative)
Command-K to bring up the connect menu and type in the full address INCLUDING THE SHARE NAME:
smb://SERVER/folder
Re:Work-around (Score:5, Informative)
$ mount_smbfs -W workgroup
Anecdotal... (Score:4, Informative)
I'm not sure whether he had to turn on the encrypted passwords at the Mac end or the PC end, but I seem to recall thinking "gosh, imagine that, doing something the secure way."
Not sure if it's this... (Score:5, Informative)
I got this solution from here [allinthehead.com] by the way. Thanks to Drew McLelland.
I fixed my problems (Score:4, Informative)
Re:Samba supports it (Score:3, Informative)
As far as the protocol, SMB is (IIRC, I could be wrong) an IBM-designed protocol. It's been around for ages - hell, NT domains were just hopped up lan manager networks. The authentication in active directory uses a slightly modified form of kerberos - also an open protocol. They have tried to put a few legal barriers in the way, but those have been mostly ineffective.
Now, there is another possibility - it might be against policy at your university for non-windows machines to authenticate. If it's set up so that all machines have to be added to the tree by an admin, it's certainly enforcable, and thus your admin would be right in that particular case. He's just not right in the general case.
Re:Samba supports it (Score:4, Informative)
Re:Oh, right, error code -36! (Score:2, Informative)
I've seen this with SMB filesharing, Mail.app, and sometimes Safari. They've all given me frustratingly useless error messages. Anyone frustrated by this should open an Apple Developer Connection account and submit a bug report to Apple's bug tracker [apple.com]. Maybe if enough people do, they'll realize this is a problem. Until then, I noticed that one of the other replies at least mentioned this site [appleerrorcodes.com] that gives some information on these codes.
Here's what I'd like to happen: error messages like "Filesharing error. Please relay these technical details to your system administrator: I tried to log in to 192.168.0.1:139 by sending a SMB_FOO_BAR and it replied with the unexpected SMB_GO_AWAY. See this link for details". They could even have the link contain interoperability information like "you're trying to connect to a Windows ME server, which doesn't work. Sorry." (Hypothetical; I've never tried this. But there's probably some such situation, and knowing it up front would save a lot of hassle.) Or even "you're trying to connect to Windows XP x.y.z; we suggest updating to x.y.z+1 to fix KBxxxx. Should work then." This is the sort of information I can often get by googling, but it's hard when the error messages can have so many different underlying causes. Better error messages and having Apple concentrate on an appropriate page (with the "Did this help?" thing at the bottom) would go a long way.
Other parts of OS X have better error behavior. For example, the crash dialog is excellent. It gives you the options of report, relaunch, and cancel.
If you pick relaunch, it will do so. If it crashes again during startup (by a timer? or before entering the main event loop? I'm not sure), it will give you the option of temporarily starting with fresh preferences.
If you pick report, it will pop up a dialog box with a stack trace in the lower half. You can examine it yourself. If you fill in information in the upper half and hit "Submit", it will send it off to Apple. It also keeps core dumps in a standard place.
Re:Anecdotal... (Score:3, Informative)
Re:Oh, right, error code -36! (Score:5, Informative)
It does give a more detailed output. for example when i try to connect to my existant SMB share it gives me I would have given an example of the error output from the specific problem , but i am doing some work on the linux comp that runs my nfs and samba shares right now
Re:Work-around (Score:2, Informative)
History of SMB problems with OS X (Score:5, Informative)
The pain I had getting SMB to perform acceptably under 10.2 nearly put me off OS X. Basically, the way that 10.2 handled mounting network filesystems really sucked. It was unreliable and often left the system hanging with a spinning beachball (the Mac equivalent of an egg timer). Often, powering off was the only solution.
This was fortunately fixed later on in the 10.2 lifecycle with some networking updates. Things got much better from then on.
When I got my own iBook several months later, it arrived with 10.3. This release seemed to have a reasonably good SMB implementation, but the performance was truly sucky. File transfer speeds between the iBooks and my Linux-based Samba server were low, but at least mounting was reliable.
As 10.3 progressed, this problem went away and performance/reliability are currently both very good. It means I can use SMB between my Linux server and both iBook and Windows XP clients. All works just fine.
I am, however, considering a move to WebDAV for file sharing on the network. WebDAV is a nicely lightweight protocol and has the benefit of being an open standard. Most good implementations are open source too. There are also client libraries for most decent scripting/programming languages. The added benefit is that you can integrate the WebDAV server in to OS X to perform iSync backups of your system and do calendar sharing etc. All nice, geeky, stuff.
The only major problem I can see at the moment is that the way the WebDAV server interacts with the underlying filesystem is a bit complex, given that my server runs under Apache. The model it appears to assume is that the server will have a dedicated directory or area for WebDAV files, and not simply share out a user's home directory or a backup drive.
I do need to go and RTFM, however.
Re:Oh, right, error code -36! (Score:3, Informative)
I think this is the case. Ultimately, they'll be right -- there are only a few places where the Mac shows obscure error codes. Actually, file sharing is aobut it now. Prior to Tiger, you could also get obscure error messages for dropped connections, but Tiger introduces a pretty neat Network Diagnostic tool that it offers instead.
Considering that SMB file sharing has been a problem since 10.1, it seems to be time for a SMB troubleshooter as well.
Re:Finder and Linux Sambda shares (Score:2, Informative)
Finder will not be able to write files into places it thinks it can't - apparently without checking if it really is the case.
Conversely, Finder will attempt to write into places it thinks it can, but it can't, only to fail with a somewhat weird error message.
I don't know if this has been fixed under Tiger.
The myth of perfection (Score:3, Informative)
This is a common complaint heard about all kinds of products from cars to drugs. What it reflects is ignorance of the statistics of testing. By necessity, testing must be done on a pool of people that is orders of magnitude smaller than the final pool of users (a test on everybody is not a test, it is a product roll-out ). So let us say that you beta test on 1,000 people and roll the product out to a million. Then you will have about a 35% chance of missing a problem that affects 1 person in 1,000. On roll-out, each such problem translates into 1,000 people with problems.
Re:Work-around (Score:3, Informative)
There's a lot to be said for having a location bar.
Re:Finder and Linux Sambda shares (Score:2, Informative)
Re:Oh, right, error code -36! (Score:5, Informative)
Admittedly this is an esoteric implementation detail. It's not really meant to communicate anything to the user other than "I'm waiting."
Re:Work-around (Score:2, Informative)
We've changed the way filesystem events are propagated through the system in Tiger, so this is no longer necessary. Command-line mounts work just like Finder mounts now.
Re:Anecdotal... (Score:3, Informative)
Works better than before for me (Score:3, Informative)
I'm running into the exact opposite scenario:
Under Tiger, SMB filesharing *screams* as compared to how it ran under Panther and earlier incarnations of OS X. I'm able to connect to my samba fileshare on my Linux box, and my Win XP box, without any trouble whatsoever.
In the past, I was always able to connect, but file transfers were dog-slow. They seem normal now.
Go figure.
The Mac OS X 'wait cursor' (Score:3, Informative)
You can still switch to another application. Swinging the cursor over a window of a background app that was unresponsive will give you quick feedback in the form of the wait cursor if that app is still unresponsive.
Re:Oh, right, error code -36! (Score:2, Informative)
So far I'm having the opposite experience (Score:4, Informative)
The other day a colleague of mine installed Tiger on his laptop (he never had it bound before, just connected to whatever shares with Cmd-K, etc.). He asked about using his AD credentials to log on. I told him "Sure, we just need to bind it to AD, do a few tweaks and anyone with an AD account could log in, just like Windows." Meanwhile, I was mentally crossing my fingers that there wouldn't be any new tweaks that needed to be learned.
So I pointed him to Utilities/Directory Access and had him click the Active Directory option, put in his domain (this is where I would usually start my VooDoo dances with the "advanced" options -- but I thought, "what the hell, lets give it a shot") click on Bind. It asked for a domain admin account, which I entered, and it bound without a hitch (I about fainted). I had him reboot (just to make sure) and then had him log in with his AD account. I worked beautifully, including mounting his home directory off our Win2K server. This had NEVER worked without tweaking for us under panther (although with a little tweaking under 10.2.8+ it worked fine). We transfered files, which went smoothly and quickly, and we looked around the network a bit.
Although I haven't thoroughly tested it yet, I'd say my initial experience with Tiger and SMB/AD has been great. That being said, MOST of our problems with Macs using our AD domain has been Windows-related (missing DNS entries, Sites-and-Services borked, or WINS not working/configured right, etc). Hearing about problems like this after a major change doesn't exactly surprise me, and I'm willing to cut Apple a bit of slack here. They are dealing with a reverse-engeneered protocol on networks where it is very likely that AD isn't in pristine or "best-practices" condition.
We have 35 sites using AD right now in our domain, and the migration from NT4 to Win2K/AD was a learning experience, to say the least. We've learned a lot in the process and, we've found that if you mess up something in AD in the beginning, it's damn near impossible to cleanly remove or fix it. I suspect that there are a lot of installations out there that still have AD ghosts hanging around that make 3rd-party integration a crap-shoot at best. What apple needs to work on is improving their tolerance for broken AD implementations, like windows does.
Of course, if MS would publish the full SMB/AD protocol it would be easier.
Re:Work-around (Score:3, Informative)
More like Apple wants all data on an OS X client machine to be somewhere in a user's folder rather than placed arbitrarily elsewhere on the drive. I have to agree with this stance-- in the pre-OS X days people would put their files wherever they wanted them (and frequently, accidentally and unknowingly where they didn't want them). If their machine became problematic and needed to be rebuilt I'd have to look in every directory for errant data files that might be important and retrieve them before wiping the drive. With OS X, stuff *must* go in their user folder. If the machine needs to be rebuilt I just have to back up the Users folder to know that I got everything of importance.
If you're too lazy to use your Public and Drop Box folders for sharing your local data with peers on the LAN, (or if you legitimately want to use a spare OS X Client machine as a cheapie file server with a 10-simultaneous-connection limit) you can always download and use SharePoints [hornware.com]-- just not on any network that I admin.
~Philly
Re:seen this before... (Score:3, Informative)
(Macintosh is abbreviated Mac, not MAC.)
Re:I don't use samba anymore (Score:3, Informative)
- mounts disappear occasionally for no apparent reason, and the automounter won't remount them, forcing me to reboot.
- NFS client performance is significantly worse than Linux (~20MB/sec vs ~100MB/sec reading from the same server over the same gigabit network)
- Some (very important to us) OSX apps have significant problems dealing with NFS paths. Final Cut Pro doesn't use symlinks properly, instead it hard-codes the target of the symlink into your project files, making it impossible to change where the link points without breaking your project. FCP also doesn't record projects on NFS shares in its "open recent" menu. (though DVD Studio Pro does).
And while I'm ranting about OSX filesystems:
- their FAT implementation has performance problems when dealing with very large directories. Copying thousands of film frames into a single directory starts quickly but then gets MUCH slower as the directory fills up. Linux's FAT driver does not exhibit this slowdown.