From owner-freebsd-questions@FreeBSD.ORG Sun Apr 2 18:41:34 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B610616A400 for ; Sun, 2 Apr 2006 18:41:34 +0000 (UTC) (envelope-from nospam@mgedv.net) Received: from mgedv.at (mail.mgedv.at [195.3.87.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 550F543D73 for ; Sun, 2 Apr 2006 18:41:33 +0000 (GMT) (envelope-from nospam@mgedv.net) Received: from metis (localhost [127.0.0.1]) by mgedv.at (SMTPServer) with ESMTP id 93715186864 for ; Sun, 2 Apr 2006 20:41:31 +0200 (MEST) From: "No@SPAM@mgEDV.net" To: Date: Sun, 2 Apr 2006 20:41:34 +0200 Message-ID: <000e01c65685$1193dd20$0a86a8c0@avalon.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Thread-Index: AcZWhRFhzxm1rYe8S22tbB2qY78hpg== Subject: hunting for secure fileserver-connection! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: nospam@mgedv.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Apr 2006 18:41:34 -0000 hi 2 all gurus! the scenario: - freebsd-fileserver with encrypted HDD's (GELI) (1.5TB) - windows (sorry for that, it's a requirement) as client the quest: - securely mount shared filesystems from the server from the windows client w/o being open to sniffers/network hacks (non-weak encryption required) - files should be accessible like with windows-fileserver shares through UNC and/or drive-name(s) - server and clients should share the same network. (no tunnelling etc...) - authentication should be done against local defined users what we don't want: - VPN/IPSEC/... between the hosts - webdav we've been looking on solutions like secure nfs over tcp, samba, etc... but except making it slower, there have been no real good solutions until yet. anybody out there, who has a good advice on that? br & cu... ps: i know it's crazy, but it should be possible, nope?