Date: Thu, 19 Dec 2019 00:12:00 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: Matt B <theunusualmatt@gmail.com> Cc: "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org> Subject: Re: SMBv1 Deprecation / SMBv2 support in FreeBSD Message-ID: <b09c975c-e627-feca-a9a6-c01cddd5d848@quip.cz> In-Reply-To: <CALJ5sFm%2BeKPonELuo2gTYR88qQz4mocFbd6fOVrTWu5FoPeWcg@mail.gmail.com> References: <CALJ5sFkKMGvhgRYzegikDTiTTyV1xtA_WYJW_gLkHFN9Oh0OqA@mail.gmail.com> <YTXPR01MB01893E3AAB21A03677998D2FDDDB0@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> <CALJ5sFnMWGAGS8oyUvzXfq_Z4ZeRzgs==EDZf%2BqO-4O269qdiw@mail.gmail.com> <9b556cbe-f9f3-ab15-6fcd-71397d18c126@freebsd.org> <20170623104654.07e5a3e0@ernst.home> <45b0864b-680c-8fe0-f5a5-353b6373d069@freebsd.org> <YTXPR01MB0189251BCE0A17B8D0C51514DDD80@YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM> <CALJ5sF=_9=-UK%2B6NyWg1Wp%2BcZZwu%2BSVDMLUjirjWD9DrHy%2BzEQ@mail.gmail.com> <20170624045543.GY39245@kduck.kaduk.org> <CALJ5sFm%2BeKPonELuo2gTYR88qQz4mocFbd6fOVrTWu5FoPeWcg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt B wrote on 2017/06/24 16:35: > It is about decreasing the attack surface. I certainly trust the level of > security and validation the Kerberos provides. The physical act of going > into the security gateways and opening ports is quite the menial task. The > main problem I have with the implementation is the deployment of keytabs to > the physical systems, which is a bit of a process to actually get the key > over there, then configuring idmapping in Windows, which brings another > round of issues regarding AD structure and permissions on the shares. More > ports open between the DMZ and the core is just one more negative reason > (to me) to not go forward with an NFS Kerberos deployment. Kerberos and NFS > are definitely a great combination when the configuration suites the > situation. I am looking into figuring out how to just implement SMBv2 for > BSD as I believe that is the best solution for my network architecture. I would like to resurrect this old thread from 2017-06 as I have the need to use mount_smbfs on FreeBSD but this old implementation (still) lacks support for SMB2/3. I am not a developer so I cannot do any coding work. I would like to know if somebody tried to add support for SMBv2 to FreeBSD? Is it really hard to extend it to support SMB2? Or should it be implemented from scratch? I tried to find more on this topic in mailing lists and FreeBSD forums without much success. I found that Apple open source has it. For example https://opensource.apple.com/source/smb/smb-759.40.1/kernel/smbfs/smbfs_smb_2.c.auto.html I know Apple kernel is too different but anyway - can it be ported to FreeBSD in some way? It is very sad that FreeBSD is so far behind competitors in some network service where FreeBSD was very strong in the past. CIFS/SMB2 is the only option in some heterogenous environments. Kind regards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b09c975c-e627-feca-a9a6-c01cddd5d848>