[OT} 10.7.x SMB traffic & proventia appliances

ImAMacGuy
Valued Contributor II

We have been going round after round with apple and our security group. Since we've had lion we've been getting false positives from the SMB client, which is causing our proventia appliance to block all mac traffic from the 10.7 machine (particularly SMB traffic). Has anybody else experienced issues like this?

1 REPLY 1

gregp
Contributor

Oh yes, we certainly did.

Its probably the ISS's SMB_MaxBuffer_Bo filter blocking it. If the SMB buffer negotiated is > 32767, then the ISS drops the connection. The default in Lion and later is 261120. If you watch a tcpdump on both sides, right after the Mac sends the buffer negotiation packet, both machines receive a RST packet, although neither sends one.

It was to protect from a Windows exploit back in the summer of 2005, which was patched shortly after it was found.

You can try to get the filter changed on the ISS, which is ideal, or as a workaround, you can:
sudo sysctl -w net.smb.fs.tcpsndbuf=32767

That takes effect immediately, no reboot or anything required.

To have it survive across reboots, create (or add to) /etc/sysctl.conf:
net.smb.fs.tcpsndbuf=32767