From owner-freebsd-fs@freebsd.org Fri Jun 23 13:42:32 2017 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C539DA4F54 for ; Fri, 23 Jun 2017 13:42:32 +0000 (UTC) (envelope-from theunusualmatt@gmail.com) Received: from mail-yw0-x236.google.com (mail-yw0-x236.google.com [IPv6:2607:f8b0:4002:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BB3251088; Fri, 23 Jun 2017 13:42:31 +0000 (UTC) (envelope-from theunusualmatt@gmail.com) Received: by mail-yw0-x236.google.com with SMTP id 63so17185029ywr.0; Fri, 23 Jun 2017 06:42:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Div+2/YZb05mhJUWBRFoDA6hX0Oqbi+F7aw7J2BEmnc=; b=dQbnblQ2KUg4yG0srdWwYfnnp/JmtiJFEeKDYdlanhJljQNMimVBlpu93SD4G9p7ea 7M2I8tvQD5zWpb3hb9EJzjUI7eHNi7xL+Uy66P5RMe9TU1QrREmMq/CGR1WXDkjs09Lv LoPgptdeaoW7yzjaUslBPpsJ6rg4VXVwdKOhtLEJhouaLPg8ayMoPKAng4y2LBYG4LOd KrXUoW2T+UE2YKiElx3IbdTZ6asNvmHqweN4ybnjYFS7NrGilcL4Mj19FY6aGCkDzz+/ zqcqON030a8wicFko2PXsrq/vj/r1GMmzkrzs2SMOqGOkGWJzxVJRr6i65eBN0o8dnJL jp0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Div+2/YZb05mhJUWBRFoDA6hX0Oqbi+F7aw7J2BEmnc=; b=byflntHjQOkMktpclJQmf2ZB8hipTSE+R+zlG/JB1XFIx7XxBnp7i7OOzm8MPQn8Lo 9mOAXzw2Q+mCc/O0MUGWWkZdKezT2SdmqPCg9jpsr4NWh9VeIEivt9ujVFxVWx5S+DBY pq8fjRHOH+Yl9CLEo+P21ggouaFi9qQI+I+V9rezXiULzsznTo3qOv4HIWqoZRrj3DRE nStPH3VK6EbKBxWw9v3+Szv13/RMZhvV5Ax8VVtLd53AlEsy+aoXiU20GNXvgO4Ij+JA RYQ5qT7Gr/UoPDE1g1xflQm6NZbB5dkLLjCRAPlHBNFi5BxxNx/s1E78mD53J4mKFRhM j+cQ== X-Gm-Message-State: AKS2vOxgxyO09PqS4RkQYBEpKbax5PZtBmC72cBH522ebcLQi94GcpGn 0Cg9xdwsXy+5YKu9H3U4qTBM+alraVIa6cs= X-Received: by 10.129.156.71 with SMTP id t68mr6532525ywg.257.1498225350994; Fri, 23 Jun 2017 06:42:30 -0700 (PDT) MIME-Version: 1.0 Received: by 10.129.103.70 with HTTP; Fri, 23 Jun 2017 06:42:30 -0700 (PDT) In-Reply-To: References: <9b556cbe-f9f3-ab15-6fcd-71397d18c126@freebsd.org> <20170623104654.07e5a3e0@ernst.home> <45b0864b-680c-8fe0-f5a5-353b6373d069@freebsd.org> From: Matt B Date: Fri, 23 Jun 2017 09:42:30 -0400 Message-ID: Subject: Re: SMBv1 Deprecation To: Rick Macklem Cc: Stefan Esser , "freebsd-fs@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 13:42:32 -0000 I am currently using the Win implementation of NFS 4.1 to provide share access in the interim. NFS does work, and it works well, but due to spread out local service accounts on the BSD systems, permissions has become a bit of a challenge. I would have to set up idmapping in the Win environment and then configure all shares with these new perms that Windows can understand. Right now, when the scripts and programs run, they plop down files/folders that have the perms of the user running the script/program. Windows loses its mind and I have to force grab ownership of the files and folders and re-inherit perms from the parent directory. Windows doesn't like that and thus it is a slow process to cascade down the NTFS ACLs. The other prong to the NFS approach is Kerberos. I would have to generate keytabs for all of these systems, some of them live in a DMZ and navigate to the shares through a firewall, which means I need to open up more ports from the DMZ back to the core for Kerberos to work. Not something I want to do. I have used the netsmb fuse module. It doesn't like being mounted via fstab. I had to modify the source code to get it to even try to mount from fstab, and even then it was clunky. I think the best way forward is to get mount_smbfs working with SMBv2 or higher. I'd love to get this working properly. I just don't know where to start here. Should I focus on getting smbfs updated? Is it even necessary to do that? Is the problem with just how mount_smbfs communicates with the share? Any ideas would be great. On Fri, Jun 23, 2017 at 8:10 AM, Rick Macklem wrote: > Stefan Esser wrote: > [lots of stuff snipped] > > You may want to have a look at FuseSMB, which might be easier to port to > > FreeBSD than teaching smbfs newer SMB protocols. > Yes, if there is a fuse module, that shouldn't be too hard to get working. > If there is something missing in the FreeBSD fuse interface it needs, I > might > be able to help with that, since I have done a few fuse patches (for the > kernel > interface that uses the module, not the module itself). > > > Windows servers (at least 2012 and 2016) support NFS upto version 4.1, > > and if you can configure the servers to provide NFS access to the > > relevant data, that might be the easiest route for you. > I've never tested the FreeBSD NFSv4.1 client against a Windows server > (to be honest, I didn't know they supported one until now;-), but I might > be able to help if go this route and have problems with the mounts. > > Good luck with it, rick >