From owner-freebsd-fs@freebsd.org Fri Jun 23 05:03:43 2017 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E394CD9C883 for ; Fri, 23 Jun 2017 05:03:43 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B67DE780EC for ; Fri, 23 Jun 2017 05:03:43 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (124-148-108-84.dyn.iinet.net.au [124.148.108.84]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id v5N53bew062278 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 22 Jun 2017 22:03:41 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: SMBv1 Deprecation To: Matt B , Rick Macklem Cc: "freebsd-fs@freebsd.org" References: From: Julian Elischer Message-ID: <9b556cbe-f9f3-ab15-6fcd-71397d18c126@freebsd.org> Date: Fri, 23 Jun 2017 13:03:31 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2017 05:03:44 -0000 On 23/6/17 8:14 am, Matt B wrote: > I totally understand. I try to support the FreeBSD Foundation with > donations as often as I can as well as reporting bugs promptly as I am sure > resources are spread thin. My skill set isn't really that of a programmer > though. I am working right now at checking the Darwin/OS X code for > mount_smbfs and other modules associated with smbfs in the hopes of > possibly getting something viable for BSD, even if it has to be a port due > to license issues. Progress is slow just due to lack of knowledge in the > programming arena. That's how we all started out.. some personal itch that had to be scratched. You do some work on it. From that you build up an expertise in that field, and then you start answering questions when people ask about that area, and then you find you've a commit bit and are spending serious time on it, and then a company offers you serious money to fix something (*) and before you know it... (*) seriously that happens. Companies have itches too but instead of spare time, they have cash. > > On Thu, Jun 22, 2017 at 5:30 PM, Rick Macklem wrote: > >> Well, the short answer is...somebody has to do it. >> (At this time, I believe that there are two people employed by >> the FreeBSD Foundation to do FreeBSD kernel work.) >> The rest of FreeBSD's development is done by volunteers >> (some of which do the work for an employer and get permission >> from the employer to upstream the work). >> I, for example, do NFS as a hobby and always have, but to be honest, >> there aren't many out there as stupid as I am and willing to do this;-) >> >> So, if you have the skills and time, feel free to do an implementation >> and, so long it is appropriately licensed (no GPL or similar), I suspect >> someone would be willing to work with you to get it into FreeBSD. >> >> If there is an SMBv2 implementation in one of the other BSDen >> (NetBSD, OpenBSD,...) the port wouldn't be an immense amount >> of work, but there are differences in the VFS and similar that will >> need to be dealt with. >> Otherwise, you are pretty much implementing it from scratch, using >> the SMBv1 code as a starting point. >> >> rick >> ________________________________________ >> From: owner-freebsd-fs@freebsd.org on >> behalf of Matt B >> Sent: Thursday, June 22, 2017 3:36:14 PM >> To: freebsd-fs@freebsd.org >> Subject: SMBv1 Deprecation >> >> Long time user of FreeBSD here. I have been happily using the mount_smbfs >> binary and in my fstab to mount Windows Shares on boot to be used by >> various network services house on multiple FreeBSD systems. Sadly, it >> appears these connections all use SMBv1 NT1 security to perform the mount >> operation. With the new security landscape, post-WannaCry ransomware, in a >> mixed-mode environment where all the shares live in Windows, that just >> won't do. This has been discussed many times before in the past but there >> hasn't been any headway AFAIK. Every other piece of software I have >> encountered has moved away from this deprecated network protocol to the far >> more secure versions of SMB to perform Windows share operations. As a stop >> gap, I have implemented a very rudimentary NFS server advertising shares, >> but configuring a Kerberos infrastructure and setting new accounts for each >> and every service (not to mention the new permissions nightmares even with >> Active Directory) on multiple BSD systems is arduous. Rather, I am >> wondering why FreeBSD is behind the ball on the development? The other >> Linux based systems I run required a simple addition of the vers=SMB2 flag >> to the fstab entry to successfully mount. I understand the code base is >> very old for the mount_smbfs, but what is the way forward here? NFS is >> simply a workaround as far as I am concerned and every other *nix style >> distro seems to play nice with SMB. Is there an ETR on this greatly needed >> and long overdue update to mount newer style SMB shares? >> _______________________________________________ >> freebsd-fs@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-fs >> To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-fs@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-fs > To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" >