Samba SMBv2 + Client under FreeBSD

Quite recently, the question arised several times as, following a Microsoft recommendation regarding the exploit "wanna cry", SMBv1 protocol is now dropped more and more... and this becomes critical.

Linux has migrated his embedded "mount.cifs" tool toward SMBv2+, and for the recent distributions SMBv1 has been deactivated by default. But client can still access to SMBv1 shares specifying in the command line the option "vers=1.0"

This is not the case of FreeBSD "mount.smbfs". Some people thought that the new FreeBSD 12 would solve this problem, this is not the case, "mount.smbfs" still only recognizes SMBv1

As long as net/samba4x is installed, any software can use the alternative "libsmbclient" library included in the package, and so should override the problem. But strangely, this is not always the case. For example sysutils/fusefs-smbnetfs is based on this samba package, but is locked on SMBv1. I don't know if there is a way to unlock that in the configuration file, but this is very stupid.

As a workaround, gnome devel/gvfs seems to be the only solution at this time. GVFS can be installed as an independent component, it doesn't require the full Gnome desktop. GVFS SMB module also depends on "libsmbclient". x11-fm/pcmanfm-qt which has not heavy gnome dependencies, will auto detect gvfs, and network discovery will be available... I have tested.... it connects well on SMBv1 and SMBv3 server... Halleluija !!!!!
You can also install sysutils/gigolo as a connexion center based on "gvfs", and it will as well install all dependencies.

gvfs can be used in command line and so should work in strict console mode. Unfortunately, there are very few easy documentation. The man page is poor, desesperately poor and it sends us to the developper site of "gio"... too complicated for a simple user.

I found the following syntax working, but it seems a "network shares" discovery process must be launched before as file managers do when we "click" on "network function". So the system will interactively ask for domain, user name, password... still in terminal (no graphic box popup)

gvfs-mount smb://username@192.168.0.200/shared-folder

Mount points are located in : /var/run/user/user_id_number/gvfs

I don't like at all the gnome "gvfs" solution, as I have experienced in the past some crashes caused by gvfs.
Gnome 3 / Plasma 5 are not a solution for my FreeBSD boxes, as I don't want such heavy things on stations mainly focused on server, and just delivering some basic desktop functions.

I don't like making run at the same time several "automounters"... in a perfect world I would love to find a full centralized solution around "devd/autofs" and only "devd/autofs" for any removable mounts. We should find solutions to void collisions between "autofs" and "gvfs", if not possible we should deactivate autofs.

.... as now "gvfs" is the only "light" solution to get SMBv2+ Client negotiation working, hoping that FreeBSD developpers will understand soon that situation IS CRITICAL. We should be able to mount CIFS without this f...ing gnome dependencies.

UPDATE
---------

I have tested again fusefs-smbnetfs and now it is working for SMBv2 + protocol. I don't exactly know what happens. I had a deprecated value in my smb.conf with "min protocol" set to "SMB1". I have set up "SMB2" but I am not sure at all this has changed anything.
But smbnetfs is very slow... I would say not decently usable and hanging too much, I must investigate to tweak some parameters.

For gvfs... well this is a little complicated if you want to use it under strict console (so with no X11 session launched)

Code:
dbus-run-session -- csh
gvfs-mount smb://SERVER/SHARE_FOLDER < ~/SERVER

Just create a file named "SERVER" in the user home directory and simply drop the following values without any prefix, and GVFS will read the value from the file.

Code:
username_value
workgroup_name
password

You can compile GVFS without "HAL" option, in such case GVFS will only detect SMB Shares, and will ignore any removable devices, avoiding conflict with "autofs".
 
Last edited:
Thank you for sharing this tips! I really didn't know gvfs can be used to mount Samba shares.
I am managing 7 FreeBSD machines where each have about 30 Windows shares mounted with mount_smbfs but as the Windows machines are upgraded to newer Windows version there are problems with mount_smbfs not capable of SMB2.
I am looking for the solution (otherwise those FreeBSD machines will be replaced by something else with better CIFS support).
I found sysutils/fusefs-smbnetfs but it is poorly documented. If it is able to use SMB2 protocol how can I configure it to mount 30 shares on boot from /etc/fstab? Where should I define about 10 Windows machines each with about 3 shares. Each machine using different login and password?
Or is it better to use gvfs-mount?
I read you have a stability problems with gfsv and performance problems with smbnetfs. It is sad. I need to use SMB2 mounts in production environment with sustained traffic of 50Mbps on headless FreeBSD machines.
Are there any other option for SMB2?
 
Back
Top