I recently acquired a small core 2 duo system for free, and since it is well suited to the tasks I currently require of a server, I installed a 1tb WD blue HDD which will provide plenty of storage for my use. However, when setting up the server for file sharing on my 750GB data partition, I discovered that NFS does not appear to support the authentication method that I would prefer since my clients are not stable, with changing addresses, one time clients and no domain system. With much searching, I still have not found a way to use accounts and keys/passwords as security with NFS. Samba is the obvious alternative, but a more *nix friendly solution would be greatly preferred, since the speed and ease of use (mountable, more compatible) of NFS make it far more attractive an option. Currently, sshfs is what I have set up for linux clients, but it is not easy to use on windows and android clients, meaning samba will have to be set up, but I don't think that the speed is optimal (although fine), and traffic encryption is not required, just secure authentication (It would also be nice to not have the very high CPU usage on both machines during data transfer). Are there any other alternatives that support the features I need?
I might be totally reading your post wrong, but cant you set it to allow your whole network, ref https://wiki.debian.org/NFSServerSetup ?
That is sort of the problem that I have; I can secure the NFS server based on network addressing, but that relies on my router being able to securely handle ip assignments, and does not allow quick and easy adding of new/one time clients if I still want to have access to the files secured. That route is also not preferred for me because I do not have much confidence in the security of my router, but cannot change that at this time. That is why I am looking for an alternative to NFS that works on a user authentication model for security; Ideally similar to ssh with keys and passwords. sshfs just does not feel ideal because it is less common (may not work well/have good clients on android/windows, and will most of the time require installing software to use it, rather than it being built in) and because of traffic encryption, uses a lot of cpu during transfers.
You could use something like nextcloud and do things via browser but to me it sounds like you want something more like Samba with OpenLDAP. I have a setup at work that utilizes the AD controller for user accounts but you could just as easily use *nix accounts instead.
I have solved this issue by using ZeroTier-one as a mesh VPN and leaving ports closed on my router. This may or may be of any use to you but it's worth checking out.
I have had no issues for about a year and have done extensive testing as well as monitored traffic.
My setup is an odd use case with samba and NFS. I basically have a network between a handful of friends that consists of raspberry pis and old netbooks with zerotier. This has created a very large filesharing network as well as deliver services like eBook servers, Media Streaming, remote desktop, and playing warcraft 3 over a virtual lan
I treat all machines as if they are connected to the internet and lock down services even though the protocol is secure and ZT has additional firewalling available in the admin interface. all in all no issues or security concerns. https://www.zerotier.com/
If I'm not mistaken, mounting Samba drives is extremely simply in the *nix environment thanks to the cifs implementation.
You might want to take a look at CIFS documentation for that one.
For NFS, you might want to take a look at Kerberos implementations as I believe they can use user-authentication as well.
Otherwise, an FTP server is always an option and is extremely *nix friendly.
Here's a Linux friendly solution for FTP: https://linuxconfig.org/mount-remote-ftp-directory-host-locally-into-linux-filesystem
I too recommend samba (smb/cifs). Has the best support on all kinds of clients. Does authentication, transport encryption, has a larger user base and is well tested.
Samba with user auth isn't a bad choice for typical home / small office use.
For nfs you definitely need kerberos and ldap (krb5 and slapd), which is a bit of a pain since you need to remember to kinit or mess with pam to refresh your tickets, or you need to trust your network. There's really no practically secure middle ground.
fwiw there's always sshfs.
Well, based on what I know and the replies here, I think I will just setup samba properly (and look into a way to mount a share like a normal filesystem) , and then use sshfs when samba is not a good option.
Thanks for the advice!