Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 23 Jun 2017 09:42:30 -0400
From:      Matt B <theunusualmatt@gmail.com>
To:        Rick Macklem <rmacklem@uoguelph.ca>
Cc:        Stefan Esser <se@freebsd.org>, "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org>
Subject:   Re: SMBv1 Deprecation
Message-ID:  <CALJ5sF=_9=-UK%2B6NyWg1Wp%2BcZZwu%2BSVDMLUjirjWD9DrHy%2BzEQ@mail.gmail.com>
In-Reply-To: <YTXPR01MB0189251BCE0A17B8D0C51514DDD80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
References:  <CALJ5sFkKMGvhgRYzegikDTiTTyV1xtA_WYJW_gLkHFN9Oh0OqA@mail.gmail.com> <YTXPR01MB01893E3AAB21A03677998D2FDDDB0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> <CALJ5sFnMWGAGS8oyUvzXfq_Z4ZeRzgs==EDZf%2BqO-4O269qdiw@mail.gmail.com> <9b556cbe-f9f3-ab15-6fcd-71397d18c126@freebsd.org> <20170623104654.07e5a3e0@ernst.home> <45b0864b-680c-8fe0-f5a5-353b6373d069@freebsd.org> <YTXPR01MB0189251BCE0A17B8D0C51514DDD80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>

next in thread | previous in thread | raw e-mail | index | archive | help
I am currently using the Win implementation of NFS 4.1 to provide share
access in the interim. NFS does work, and it works well, but due to spread
out local service accounts on the BSD systems, permissions has become a bit
of a challenge. I would have to set up idmapping in the Win environment and
then configure all shares with these new perms that Windows can understand.
Right now, when the scripts and programs run, they plop down files/folders
that have the perms of the user running the script/program. Windows loses
its mind and I have to force grab ownership of the files and folders and
re-inherit perms from the parent directory. Windows doesn't like that and
thus it is a slow process to cascade down the NTFS ACLs. The other prong to
the NFS approach is Kerberos. I would have to generate keytabs for all of
these systems, some of them live in a DMZ and navigate to the shares
through a firewall, which means I need to open up more ports from the DMZ
back to the core for Kerberos to work. Not something I want to do.

I have used the netsmb fuse module. It doesn't like being mounted via
fstab. I had to modify the source code to get it to even try to mount from
fstab, and even then it was clunky. I think the best way forward is to get
mount_smbfs working with SMBv2 or higher. I'd love to get this working
properly. I just don't know where to start here. Should I focus on getting
smbfs updated? Is it even necessary to do that? Is the problem with just
how mount_smbfs communicates with the share? Any ideas would be great.

On Fri, Jun 23, 2017 at 8:10 AM, Rick Macklem <rmacklem@uoguelph.ca> wrote:

> Stefan Esser <se@freebsd.org> wrote:
> [lots of stuff snipped]
> > You may want to have a look at FuseSMB, which might be easier to port to
> > FreeBSD than teaching smbfs newer SMB protocols.
> Yes, if there is a fuse module, that shouldn't be too hard to get working.
> If there is something missing in the FreeBSD fuse interface it needs, I
> might
> be able to help with that, since I have done a few fuse patches (for the
> kernel
> interface that uses the module, not the module itself).
>
> > Windows servers (at least 2012 and 2016) support NFS upto version 4.1,
> > and if you can configure the servers to provide NFS access to the
> > relevant data, that might be the easiest route for you.
> I've never tested the FreeBSD NFSv4.1 client against a Windows server
> (to be honest, I didn't know they supported one  until now;-), but I might
> be able to help if go this route and have problems with the mounts.
>
> Good luck with it, rick
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALJ5sF=_9=-UK%2B6NyWg1Wp%2BcZZwu%2BSVDMLUjirjWD9DrHy%2BzEQ>