OS X and FreeBSD: What could be a good setup

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Apr 12 07:31:00 PDT 2004

On Thu, Apr 08, 2004 at 08:04:35AM -0400, Bart Silverstrim wrote:

> See, this is part of where I was getting a little munged up in trying 
> to figure out how I want to aim for renetworking my home...
> I'm looking at using FreeBSD on a server (web, mail, file server) with 
> OS X, Windows, and probably Linux clients.  I'd like the FreeBSD server 
> to handle authentication, but that may be a pipe dream to accomplish 
> across platforms easily :-/

Some sort of LDAP + Kerberos setup should do the trick.  You can (in
theory) use Samba 3.0.x as an Active Directory server for the Windows
machines, and all the Unix-oid machines can use pam_krb and nss_ldap
(or whatever the equivalents under MacOS X are).
> For the file serving I was looking at NFS (especially using the NFS 
> server with Services for Unix under Windows), but the common 
> cross-platform version may too insecure to use comfortably, especially 
> with wireless (most of my wireless connections are wrapped in ssh if 
> they're important anyway).

If you're that worried about WEP not being secure enough, you could
wrap the NFS connections in ipsec instead.  It might have a bit of a
performance impact though.
> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone 
> able to tell me if CIFS is secure "over the wire".  I seem to recall a 
> utility that would sniff network packets and if NFS is used, it can 
> capture the files as they're travelling over the network; can this 
> happen with CIFS?

No -- Samba would send packets over the wire in clear text, unless
specifically configured to do otherwise.
> I would really rather NOT use mixed protocols to share; NFS for 
> Linux/OS X, CIFS for Windows...then I'd have increased overhead to 
> managing permissions, etc...

Actually, if you run your whole system out of the same LDAP directory
structure, you users will have shared credentials over all your
machines.  There shouldn't be any extra work involved in trying to
manage permissions and ownerships.



Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040412/4ffa062b/attachment.bin

More information about the freebsd-questions mailing list