SMBv1 Deprecation
Rick Macklem
rmacklem at uoguelph.ca
Thu Jun 22 21:30:23 UTC 2017
Well, the short answer is...somebody has to do it.
(At this time, I believe that there are two people employed by
the FreeBSD Foundation to do FreeBSD kernel work.)
The rest of FreeBSD's development is done by volunteers
(some of which do the work for an employer and get permission
from the employer to upstream the work).
I, for example, do NFS as a hobby and always have, but to be honest,
there aren't many out there as stupid as I am and willing to do this;-)
So, if you have the skills and time, feel free to do an implementation
and, so long it is appropriately licensed (no GPL or similar), I suspect
someone would be willing to work with you to get it into FreeBSD.
If there is an SMBv2 implementation in one of the other BSDen
(NetBSD, OpenBSD,...) the port wouldn't be an immense amount
of work, but there are differences in the VFS and similar that will
need to be dealt with.
Otherwise, you are pretty much implementing it from scratch, using
the SMBv1 code as a starting point.
rick
________________________________________
From: owner-freebsd-fs at freebsd.org <owner-freebsd-fs at freebsd.org> on behalf of Matt B <theunusualmatt at gmail.com>
Sent: Thursday, June 22, 2017 3:36:14 PM
To: freebsd-fs at freebsd.org
Subject: SMBv1 Deprecation
Long time user of FreeBSD here. I have been happily using the mount_smbfs
binary and in my fstab to mount Windows Shares on boot to be used by
various network services house on multiple FreeBSD systems. Sadly, it
appears these connections all use SMBv1 NT1 security to perform the mount
operation. With the new security landscape, post-WannaCry ransomware, in a
mixed-mode environment where all the shares live in Windows, that just
won't do. This has been discussed many times before in the past but there
hasn't been any headway AFAIK. Every other piece of software I have
encountered has moved away from this deprecated network protocol to the far
more secure versions of SMB to perform Windows share operations. As a stop
gap, I have implemented a very rudimentary NFS server advertising shares,
but configuring a Kerberos infrastructure and setting new accounts for each
and every service (not to mention the new permissions nightmares even with
Active Directory) on multiple BSD systems is arduous. Rather, I am
wondering why FreeBSD is behind the ball on the development? The other
Linux based systems I run required a simple addition of the vers=SMB2 flag
to the fstab entry to successfully mount. I understand the code base is
very old for the mount_smbfs, but what is the way forward here? NFS is
simply a workaround as far as I am concerned and every other *nix style
distro seems to play nice with SMB. Is there an ETR on this greatly needed
and long overdue update to mount newer style SMB shares?
_______________________________________________
freebsd-fs at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-fs
To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"
More information about the freebsd-fs
mailing list