Update... > So I changed the rules to: > > REJECT tcp -- xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy tcp > dpts:137:139 reject-with icmp-port-unreachable > REJECT udp -- xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy udp > dpts:137:139 reject-with icmp-port-unreachable > > And "run as..." was fast again.
Except, after several hours, it was slow again! I believe there was some issue with the Samba server retaining netbios names after the REJECT is set, but then it eventually loses those due to the REJECT. Once that happens "run as..." is once again slow, even though ports 137-139 are still REJECTing connections from the client machine. This is a complex interaction, with what appears to be stored values timing out - because restarting Samba may be needed to fix it (quickly) even if the server has the firewall shut off. Rather than experimenting with further firewall rules for the campus Winbind servers (I think) I gave up and once again set ports 137-139 to ACCEPT for on campus machines. Note that that alone did not immediately speed up "run as...", but a subsequent restart of samba did, and it is still fast 14 hours later. If one of the Samba developers could explain this messy interaction it would be greatly appreciated. Thank you, David Mathog [EMAIL PROTECTED] Manager, Sequence Analysis Facility, Biology Division, Caltech -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
