Date: Fri, 23 Jun 2017 09:42:30 -0400 From: Matt B <theunusualmatt@gmail.com> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: Stefan Esser <se@freebsd.org>, "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org> Subject: Re: SMBv1 Deprecation Message-ID: <CALJ5sF=_9=-UK%2B6NyWg1Wp%2BcZZwu%2BSVDMLUjirjWD9DrHy%2BzEQ@mail.gmail.com> In-Reply-To: <YTXPR01MB0189251BCE0A17B8D0C51514DDD80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> References: <CALJ5sFkKMGvhgRYzegikDTiTTyV1xtA_WYJW_gLkHFN9Oh0OqA@mail.gmail.com> <YTXPR01MB01893E3AAB21A03677998D2FDDDB0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> <CALJ5sFnMWGAGS8oyUvzXfq_Z4ZeRzgs==EDZf%2BqO-4O269qdiw@mail.gmail.com> <9b556cbe-f9f3-ab15-6fcd-71397d18c126@freebsd.org> <20170623104654.07e5a3e0@ernst.home> <45b0864b-680c-8fe0-f5a5-353b6373d069@freebsd.org> <YTXPR01MB0189251BCE0A17B8D0C51514DDD80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
I am currently using the Win implementation of NFS 4.1 to provide share access in the interim. NFS does work, and it works well, but due to spread out local service accounts on the BSD systems, permissions has become a bit of a challenge. I would have to set up idmapping in the Win environment and then configure all shares with these new perms that Windows can understand. Right now, when the scripts and programs run, they plop down files/folders that have the perms of the user running the script/program. Windows loses its mind and I have to force grab ownership of the files and folders and re-inherit perms from the parent directory. Windows doesn't like that and thus it is a slow process to cascade down the NTFS ACLs. The other prong to the NFS approach is Kerberos. I would have to generate keytabs for all of these systems, some of them live in a DMZ and navigate to the shares through a firewall, which means I need to open up more ports from the DMZ back to the core for Kerberos to work. Not something I want to do. I have used the netsmb fuse module. It doesn't like being mounted via fstab. I had to modify the source code to get it to even try to mount from fstab, and even then it was clunky. I think the best way forward is to get mount_smbfs working with SMBv2 or higher. I'd love to get this working properly. I just don't know where to start here. Should I focus on getting smbfs updated? Is it even necessary to do that? Is the problem with just how mount_smbfs communicates with the share? Any ideas would be great. On Fri, Jun 23, 2017 at 8:10 AM, Rick Macklem <rmacklem@uoguelph.ca> wrote: > Stefan Esser <se@freebsd.org> wrote: > [lots of stuff snipped] > > You may want to have a look at FuseSMB, which might be easier to port to > > FreeBSD than teaching smbfs newer SMB protocols. > Yes, if there is a fuse module, that shouldn't be too hard to get working. > If there is something missing in the FreeBSD fuse interface it needs, I > might > be able to help with that, since I have done a few fuse patches (for the > kernel > interface that uses the module, not the module itself). > > > Windows servers (at least 2012 and 2016) support NFS upto version 4.1, > > and if you can configure the servers to provide NFS access to the > > relevant data, that might be the easiest route for you. > I've never tested the FreeBSD NFSv4.1 client against a Windows server > (to be honest, I didn't know they supported one until now;-), but I might > be able to help if go this route and have problems with the mounts. > > Good luck with it, rick >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALJ5sF=_9=-UK%2B6NyWg1Wp%2BcZZwu%2BSVDMLUjirjWD9DrHy%2BzEQ>