zirias@
Developer
I'm running into a lot of dead ends here and looking for some tips what else to try, so I'll first describe my scenario:
For my house, I built a single server (as this is a private home, it's important that it's a single real machine with acceptable power consumption). The server should provide (at least) storage, authentication and decent security to several client machines. The current setup looks like this:
I didn't use NFS so far because it won't work in a jail -- it would need to run on the host system, and I didn't plan to allow network connections from my internal network to it. So I tried anything to get my home directories with mount_smbfs(8) with no luck at all. It's always giving me authentication errors. Does it even work in an active directory scenario?
I also tried running net/unfs3 in a jail. This seemed to work, but exposes strange behavior: Trying to access the files as a non-root user always gives "permission denied", although the IDs are correct.
Now I'm thinking about enabling the NFS server on the host system, and have the router/firewall VM forward all NFS requests -- could this actually work? Does anybody have a better idea?
For my house, I built a single server (as this is a private home, it's important that it's a single real machine with acceptable power consumption). The server should provide (at least) storage, authentication and decent security to several client machines. The current setup looks like this:
- Host system: FreeBSD 11.1 built without kerberos and a few other things and a kernel with VIMAGE enabled. This system manages storage (ZFS pool) and some jails and bhyve vms that get network connectivity using bridges (with tap(4) members for vms and epair(4) members for jails). On the bridge meant for the management network, the host itself has IPv4 configured.
- A bhyve virtual machine also running (a minimal) FreeBSD 11.1 that gets the physical NICs by PCI passthru and is plugged in all the bridges, as the central router and firewall. It connects to my switch through lagg(4) with several VLAN devices on top.
- A jail for building packages with poudriere
- A jail running nginx as the internal webserver, currently only serving the package repository
- A jail running Samba 4.8 as AD DC
- A jail also running Samba 4.8 as domain member, serving user / home directories, windows profiles and a common shared directory
I didn't use NFS so far because it won't work in a jail -- it would need to run on the host system, and I didn't plan to allow network connections from my internal network to it. So I tried anything to get my home directories with mount_smbfs(8) with no luck at all. It's always giving me authentication errors. Does it even work in an active directory scenario?
I also tried running net/unfs3 in a jail. This seemed to work, but exposes strange behavior: Trying to access the files as a non-root user always gives "permission denied", although the IDs are correct.
Now I'm thinking about enabling the NFS server on the host system, and have the router/firewall VM forward all NFS requests -- could this actually work? Does anybody have a better idea?