Date: Mon, 12 Apr 2004 15:30:42 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Bart Silverstrim <bsilver@chrononomicon.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: OS X and FreeBSD: What could be a good setup Message-ID: <20040412143042.GA67287@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <E6F31F15-8954-11D8-A222-000A956D2452@chrononomicon.com> References: <E6F31F15-8954-11D8-A222-000A956D2452@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--k+w/mQv8wyuph6w0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Apr 08, 2004 at 08:04:35AM -0400, Bart Silverstrim wrote:
> See, this is part of where I was getting a little munged up in trying=20
> to figure out how I want to aim for renetworking my home...
>=20
> I'm looking at using FreeBSD on a server (web, mail, file server) with=20
> OS X, Windows, and probably Linux clients. I'd like the FreeBSD server=
=20
> to handle authentication, but that may be a pipe dream to accomplish=20
> across platforms easily :-/
Some sort of LDAP + Kerberos setup should do the trick. You can (in
theory) use Samba 3.0.x as an Active Directory server for the Windows
machines, and all the Unix-oid machines can use pam_krb and nss_ldap
(or whatever the equivalents under MacOS X are).
=20
> For the file serving I was looking at NFS (especially using the NFS=20
> server with Services for Unix under Windows), but the common=20
> cross-platform version may too insecure to use comfortably, especially=20
> with wireless (most of my wireless connections are wrapped in ssh if=20
> they're important anyway).
If you're that worried about WEP not being secure enough, you could
wrap the NFS connections in ipsec instead. It might have a bit of a
performance impact though.
=20
> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone=20
> able to tell me if CIFS is secure "over the wire". I seem to recall a=20
> utility that would sniff network packets and if NFS is used, it can=20
> capture the files as they're travelling over the network; can this=20
> happen with CIFS?
No -- Samba would send packets over the wire in clear text, unless
specifically configured to do otherwise.
=20
> I would really rather NOT use mixed protocols to share; NFS for=20
> Linux/OS X, CIFS for Windows...then I'd have increased overhead to=20
> managing permissions, etc...
Actually, if you run your whole system out of the same LDAP directory
structure, you users will have shared credentials over all your
machines. There shouldn't be any extra work involved in trying to
manage permissions and ownerships.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--k+w/mQv8wyuph6w0
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAeqgSdtESqEQa7a0RAsMvAJ9kNDs3zMqoazAXmhGtimehJGU/WwCfcb8Q
wDAgWlksO9r1F+Q9FWtQdBk=
=Ippz
-----END PGP SIGNATURE-----
--k+w/mQv8wyuph6w0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040412143042.GA67287>