OS X and FreeBSD: What could be a good setup
m.seaman at infracaninophile.co.uk
Mon Apr 12 07:31:00 PDT 2004
On Thu, Apr 08, 2004 at 08:04:35AM -0400, Bart Silverstrim wrote:
> See, this is part of where I was getting a little munged up in trying
> to figure out how I want to aim for renetworking my home...
> I'm looking at using FreeBSD on a server (web, mail, file server) with
> OS X, Windows, and probably Linux clients. I'd like the FreeBSD server
> to handle authentication, but that may be a pipe dream to accomplish
> across platforms easily :-/
Some sort of LDAP + Kerberos setup should do the trick. You can (in
theory) use Samba 3.0.x as an Active Directory server for the Windows
machines, and all the Unix-oid machines can use pam_krb and nss_ldap
(or whatever the equivalents under MacOS X are).
> For the file serving I was looking at NFS (especially using the NFS
> server with Services for Unix under Windows), but the common
> cross-platform version may too insecure to use comfortably, especially
> with wireless (most of my wireless connections are wrapped in ssh if
> they're important anyway).
If you're that worried about WEP not being secure enough, you could
wrap the NFS connections in ipsec instead. It might have a bit of a
performance impact though.
> That would leave SMB/CIFS, meaning SAMBA, but I haven't found anyone
> able to tell me if CIFS is secure "over the wire". I seem to recall a
> utility that would sniff network packets and if NFS is used, it can
> capture the files as they're travelling over the network; can this
> happen with CIFS?
No -- Samba would send packets over the wire in clear text, unless
specifically configured to do otherwise.
> I would really rather NOT use mixed protocols to share; NFS for
> Linux/OS X, CIFS for Windows...then I'd have increased overhead to
> managing permissions, etc...
Actually, if you run your whole system out of the same LDAP directory
structure, you users will have shared credentials over all your
machines. There shouldn't be any extra work involved in trying to
manage permissions and ownerships.
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040412/4ffa062b/attachment.bin
More information about the freebsd-questions