Is FreeBSD for me?

[janit]

So, I've been working in devops for a while... and I have a bunch - 20ish of headless Linux boxes to look after - spread around the planet. These exist in a mixed environment - on-premise, off-premise, some are iron and some are virtual, and just don't ask about the time-zones.

A friend I respect said "Take a look at BSD... simplicity and security reign there!"(and they are important to what I do).

I've just spent a paid day playing, first with OpenBSD, and then with FreeBSD. Both feel pretty good, they take me back to the good old days - but some basic things seem to be unexpectedly missing?

OpenBSD httpd doesn't seem to support HTTP/2 despite the NGINX bashing... hmmm well maybe it does and no-one is saying? I might be able to live with this if it's in the near pipeline...

More importantly, I have to be able to automount SMB shares... hmmm an open unloved 2017 bug-report - SMB1 is dead, and SMB2+ support has never been added into mount_smbfs?

So am I completely missing something? Is there a BSD PumpKing (individual/group)? Who looks after the core basics? Is there some unlove in the community for SMB and HTTP/2?

I want to join the BSD party - maybe I just missed the Beer, Spirits and Drinks? Point me in the right direction please.

TIA

 

[mark_j]

So, what's your question? FreeBSD != OpenBSD, BTW.

 

[balanga]

This may help regarding newer versions of SMB.

 

[zirias@]

More importantly, I have to be able to automount SMB shares... hmmm an open unloved 2017 bug-report - SMB1 is dead, and SMB2+ support has never been added into mount_smbfs?

I'm running an AD domain controller and a SMB file server both using samba (currently net/samba411) on FreeBSD and this works very well. But FreeBSD isn't suited for mounting SMB shares from other machines, cause indeed, the integrated smbfs only supports SMB1, and userspace solutions are cumbersome and don't perform well. If you want to access network shares from FreeBSD, use NFS. If this isn't an option, FreeBSD isn't for you.

No comment on other BSD systems (I just don't use them), but a HTTP server isn't part of FreeBSD base, you typically just use www/nginx which works pretty well.

 

[drhowarddrfine]

Careful. Technical discussion of other operating systems besides FreeBSD is not allowed here.

Take a look at the FreeBSD Documentation list. Specifically the Handbook.

I've been running HTTP/2 servers on FreeBSD since HTTP/2 began. The development platform for nginx was FreeBSD till just about five years ago or so.

 

[janit]

So, what's your question? FreeBSD != OpenBSD, BTW.

How do I reliably automount shares on a headless FreeBSD host from other servers that require SMB2+ (as there are security issues in SMB1).

 

[janit]

Careful. Technical discussion of other operating systems besides FreeBSD is not allowed here.

Take a look at the FreeBSD Documentation list. Specifically the Handbook.

I've been running HTTP/2 servers on FreeBSD since HTTP/2 began. The development platform for nginx was FreeBSD till just about five years ago or so.

Thanks - comfortable with NGINX for HTTP/2, that being in my current stack.

 

[janit]

This may help regarding newer versions of SMB.

Unfortunately not - as far as I can determine, mount_smbfs only supports the older SMB1 protocol - which was deprecated in 2014 due to security issues.
I don't control the other servers - it's a mixed environment, and they won't allow use of long deprecated and insecure protocols.

I was hoping to find that there was an option in FreeBSD to reliably mount SMB shares, or that mount_smbfs had an update in the near-future pipeline?

 

[zirias@]

If you absolutely need client SMB, don't use FreeBSD. I agree SMB1 should never be used. I don't expect any development here as it won't be a priority ever: just provide whatever you need on FreeBSD via NFS (v3 or v4).

I wouldn't recommend trying some userspace solutions. If THIS is your "must-have", Linux will serve you better.

 

[mark_j]

How do I reliably automount shares on a headless FreeBSD host from other servers that require SMB2+ (as there are security issues in SMB1).

Install a samba port that has smb2 support rather than the native mount_smbfs?

 

[zirias@]

Install a samba port that has smb2 support rather than the native mount_smbfs?

Samba has smbclient for accessing shares, but no support for mounting them.

 

[janit]

If you absolutely need client SMB, don't use FreeBSD. I agree SMB1 should never be used. I don't expect any development here as it won't be a priority ever: just provide whatever you need on FreeBSD via NFS (v3 or v4).

I wouldn't recommend trying some userspace solutions. If THIS is your "must-have", Linux will serve you better.

Thanks - I had come to this conclusion, and was hoping against the odds that there was a solution that I hadn't found.

"I don't expect any development here as it won't be a priority ever" - Yeah, given that SMB1 was deprecated in 2014, I can see that.

Do you know WHY being able to mount data from Windows shares will never be a priority? (Trying to understand the FreeBSD mindset)

 

[mark_j]

I chatted to someone who knows more about samba than I and he suggested freebsd users with a gnome desktop could use gvfs. Just throwing it out there.

Also, a few years ago I recall ixsystems being interested in sponsoring/performing a write of smbv3 under bsd licence. I'm not sure anything came of that, though, because it would have been 2017.
Edit: I should've searched before I wrote:

MateuszPiotrowski/AccessingSmbSharesWithSambaClient - FreeBSD Wiki

Accessing SMB2 (and maybe SMB3) Samba shares on FreeBSD with smbclient.

wiki.freebsd.org

(Under 2. Research)

 

[zirias@]

"I don't expect any development here as it won't be a priority ever" - Yeah, given that SMB1 was deprecated in 2014, I can see that.

If you'd consider SMB an important functionality. Sure, client SMBv3 is on some wishlist for some time, but there are lots of things going on that are much more important and give much more value, like e.g. the huge locking refactoring for FreeBSD 13.

Do you know WHY being able to mount data from Windows shares will never be a priority?

It just isn't a frequent usecase? Accessing remote files on Unix was always done with NFS which works fine and is supported in all versions. And if you really MUST have a Windows machine hosting the files, NFS services exist for Windows as well. In the same way you add SMB shares to a Unix fileserver (using Samba) to also support Windows clients, you can add NFS to a Windows fileserver to also support Unix clients.

I chatted to someone who knows more about samba than I and he suggested freebsd users with a gnome desktop could use gvfs. Just throwing it out there.

This solution is intended for user mounts and performance is horrible, according to this posting worse than sshfs: View: https://www.reddit.com/r/freebsd/comments/9z5p2b/mounting_smb_v2v3_shares_gvfs/eaf618p/

(Under 2. Research)

Yes. But still it doesn't have priority, so I wouldn't rely on it becoming available at any specific time.

 

[mark_j]

Well I don't even think it's a zero priority at present. I would envisage ZFS on Windows to be more of an option before SMBv2+ is on FreeBSD.

Supporting proprietary file systems is always a bad thing[tm].

 

[SirDice]

The specifications for SMB 2 and 3 have been publicly available for quite some time.

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3

Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources

docs.microsoft.com

 

[mark_j]

True, but it's still Microsoft's and at a whim they can change it or remove it. It's not open source and it's well known that a lot of vulnerabilities come via it. I can understand why FreeBSD's system devs don't want anything to do with it.

 

[unitrunker]

The trouble with SMB is, for me, Samba. It reappears in pkg audit time after time.

 

[Mjölnir]

The trouble with SMB is, for me, Samba. It reappears in pkg audit time after time.

Well, the underlying problem seems to be the SMB protocol itself. IIRC M$ developers admitted publicly that they needed a few years to correctly understand their own protocol, didn't implement it correctly in the beginning & then had to apply dirty tricks to maintain backwards compatibility... Samba as an external project suffers badly from that. Sorry I have no link to support this statement, it's just dark fuzzy memories.

 

[unitrunker]

It might be useful to have an SMB3 only flavor of Samba.

 

[mark_j]

Samba should be dumped entirely and replaced by NFS. Problem solved.

 

[zirias@]

I would strongly oppose dumping samba, it's incredibly helpful for mixed networks. My samba in AD-DC mode (running in a jail) is used for authentication by Windows and FreeBSD machines (the latter with winbind integration in PAM and nsswitch) and also for freeradius to provide IEEE802.X authentication on the Wifi with EAP-PEAP. This is all painless and well integrated, samba supports RFC2307bis for storing uid/gid and group membership information in the directory suitable for Unix systems. The samba fileserver for "SMB shares" runs in another jail. Keeping it jailed and behind a firewall is good enough for me to deal with the occassional security issues (and of course, timely updates).

What I personally don't need is client-side SMB. It's not a big deal to offer your shares both via SMB and NFS. I guess that's a reason why client-side SMB isn't a top priority for FreeBSD.

 

[tux2bsd]

I've just spent a paid day playing, first with OpenBSD, and then with FreeBSD. Both feel pretty good, they take me back to the good old days - but some basic things seem to be unexpectedly missing?

It's good to use to help learn *nix, it gives you a different angle to view the system from. I agree, the good old days feel to it.
FreeBSD:
The separation of OS vs other is great.
pkg is very good, except that it insists on updating its repository catalogue too often.
Reality is hardware support is lacking but where it does run it will run well. Also choices of VPS providers feels more unknown.
freebsd-update is incredibly slow, I hope FreeBSD 13 going to help this situation(?).

 

[SirDice]

It reappears in pkg audit time after time.

As do a lot of other applications. The fact that security issues are found is not a big problem. It's how fast those issues are fixed.

 

[oops]

Why not sysutils/fusefs-smbnetfs? SMB2+ is supported via libsmbclient.so from net/samba412 (for newer add DEFAULT_VERSIONS+=samba=4.13 to /etc/make.conf).