From owner-freebsd-fs@freebsd.org  Fri May 19 06:45:39 2017
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3ED6AD74D7A
 for <freebsd-fs@mailman.ysv.freebsd.org>; Fri, 19 May 2017 06:45:39 +0000 (UTC)
 (envelope-from rainer@ultra-secure.de)
Received: from connect.ultra-secure.de (connect.ultra-secure.de
 [88.198.71.201])
 by mx1.freebsd.org (Postfix) with ESMTP id 7F40F1015;
 Fri, 19 May 2017 06:45:38 +0000 (UTC)
 (envelope-from rainer@ultra-secure.de)
Received: (Haraka outbound); Fri, 19 May 2017 08:45:31 +0200
Authentication-Results: connect.ultra-secure.de; auth=pass (login);
 spf=none smtp.mailfrom=ultra-secure.de
Received-SPF: None (connect.ultra-secure.de: domain of ultra-secure.de does
 not designate 127.0.0.10 as permitted sender)
 receiver=connect.ultra-secure.de; identity=mailfrom; client-ip=127.0.0.10;
 helo=connect.ultra-secure.de; envelope-from=<rainer@ultra-secure.de>
Received: from connect.ultra-secure.de (webmail [127.0.0.10])
 by connect.ultra-secure.de (Haraka/2.6.2-toaster) with ESMTPSA id
 61818624-283D-4392-9634-17489D1421E4.1
 envelope-from <rainer@ultra-secure.de> (authenticated bits=0)
 (version=TLSv1/SSLv3 cipher=AES256-SHA verify=NO);
 Fri, 19 May 2017 08:45:28 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 19 May 2017 08:45:27 +0200
From: rainer@ultra-secure.de
To: Miroslav Lachman <000.fbsd@quip.cz>
Cc: Pedro Giffuni <pfg@freebsd.org>, freebsd-fs@freebsd.org, Bob Eager
 <rde@tavi.co.uk>
Subject: Re: smbfs and SMB1
In-Reply-To: <591E4D01.9080600@quip.cz>
References: <665caabc-cf2d-7f6a-2187-465907ea6ae7@FreeBSD.org>
 <591E4D01.9080600@quip.cz>
Message-ID: <0705de1f8af4602661ed1d7bc801e9a4@ultra-secure.de>
X-Sender: rainer@ultra-secure.de
User-Agent: Roundcube Webmail/1.2.0
X-Haraka-GeoIP: --, , NaNkm
X-Haraka-GeoIP-Received: 
X-Haraka-p0f: os="undefined undefined" link_type="undefined"
 distance=undefined total_conn=undefined shared_ip=Y
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on spamassassin
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,
 URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.1
X-Haraka-Karma: score: 6, good: 153, bad: 0, connections: 153, history: 153,
 pass:all_good, relaying
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 19 May 2017 06:45:39 -0000

Am 2017-05-19 03:40, schrieb Miroslav Lachman:

> I am not suru but I think Samba does not provide CIFS/SMBFS mount
> binaries. There is just ftp-like client.
> FreeBSD is used in networks for filesharing, storage etc. and I feel
> SMB mount is very vital feature.


Microsoft hat advocated for disabling SMBv1 for a long time.

I'm not a Windows expert at all - but I've seen what can be achieved 
(from a security point of view) in a network with only Server 2016 and 
Windows 10.

I'm not sure even Linux would be much use in such an environment.

But the SMBv1-less world is here - and vendors of Linux-based appliances 
are scrambling for solutions.

Like here:
https://community.sophos.com/kb/en-us/126757

(We opened a ticket with them, too)

Apparently, having SMBv1 enabled violates PCI (DSS) compliance.