Hello,
probably this, or a very similar scenario, has been posted before therefore sorry for asking again.
Let my describe my scenario (Windows clients are working fine, therfore will be out of the scope)
Netapp Filer with ONTAP 8.2.2 7-Mode acting as the filer server, Volume and Share with NTFS security style.
Microsoft DFS running in a Windows 2008 R2 Server with ABE (Access based enumeration) enabled
MAC clients with Yosemite 10.10.5 not joined to our Windows Domain, connecting to the DFS namespace using cifs://namespace/folder and after that entering the Windows domain credentials.
The problems we are facing :
Some Macs computers are very slow when browsing the share folders (probably ABE is not helping in this point)
Some Macs are just working "fine" (slow but stable) but after some hours of inactivity (1 hour pause for example) the share becomes disconnected from the computer.
Some Macs suffers both problems, slow and erratic disconnections of the share
What we have checked/tried :
Ethernet seetings seems to be fine. Primary and secondary DNS Servers are our main Domain Controllers, Domain name added to the Domain Search list, Workgroup name like our Domain name. Network link is in Auto but it must be 1Gb link.
Time sinchronization is done with our main Domain Controller
smbutil statshares -a reflects that the share connection is, by default, done using SMB 2.1 (which we think it works faster but more erratic and unestable than SMB 1)
smbutil dfs shows that it seems there is no error in our DFS referals
Forcing SMB to be SMB1 in the snmb.conf file seems that makes the connection more stable (and slower of course) but disconnection of the share still happen after some period of inactivity.
Energy saving settings habe been reviewed forcing the computer to be aways alive. With a continuous ping to a Mac computer we saw that the Ethernet connection was always working while the share was disconnected, therefore probably is not a network problem.
With klist we see that connecting with the DFS will not make a Kerberos ticket creation (don´t sure it this will help to speed up or mantain the share connected). Connecting directly to the Netapp share will create a Kerberos ticket. Why this is working different between the two connection methods? (unfortunately we need to use DFS and ABE).
What can we do?
Is there any other thing we can try? Any other tweak in the snmb.conf file? My first option was to think in the Neatpp Filer but as far as it seems that the share is disconnected from the DFS namespace, could it be posible that is there something that must be checked in the DFS side?
Thanks in advance for your help and answers.