SMBv1 Deprecation / SMBv2 support in FreeBSD

[Miroslav Lachman]

Matt B wrote on 2017/06/24 16:35:
> It is about decreasing the attack surface. I certainly trust the level of
> security and validation the Kerberos provides. The physical act of going
> into the security gateways and opening ports is quite the menial task. The
> main problem I have with the implementation is the deployment of keytabs to
> the physical systems, which is a bit of a process to actually get the key
> over there, then configuring idmapping in Windows, which brings another
> round of issues regarding AD structure and permissions on the shares. More
> ports open between the DMZ and the core is just one more negative reason
> (to me) to not go forward with an NFS Kerberos deployment. Kerberos and NFS
> are definitely a great combination when the configuration suites the
> situation. I am looking into figuring out how to just implement SMBv2 for
> BSD as I believe that is the best solution for my network architecture.

I would like to resurrect this old thread from 2017-06 as I have the 
need to use mount_smbfs on FreeBSD but this old implementation (still) 
lacks support for SMB2/3.

I am not a developer so I cannot do any coding work. I would like to 
know if somebody tried to add support for SMBv2 to FreeBSD? Is it really 
hard to extend it to support SMB2? Or should it be implemented from scratch?
I tried to find more on this topic in mailing lists and FreeBSD forums 
without much success. I found that Apple open source has it. For example
https://opensource.apple.com/source/smb/smb-759.40.1/kernel/smbfs/smbfs_smb_2.c.auto.html
I know Apple kernel is too different but anyway - can it be ported to 
FreeBSD in some way?

It is very sad that FreeBSD is so far behind competitors in some network 
service where FreeBSD was very strong in the past.

CIFS/SMB2 is the only option in some heterogenous environments.

Kind regards
Miroslav Lachman