Intalling from PXE

I tried to boot regular FreeBSD ISO as described in some older versions of documentation, for FreeBSD 11.0 none of them worked as expected - kernel gets booted but when it wishes to mount root filesystem that never works.

Instead I resorted to downloading another version which is completely loaded to memory:

wget http://mfsbsd.vx.sk/files/iso/11/amd64/mfsbsd-se-11.0-RELEASE-amd64.iso \
    -O /var/lib/tftpboot/mfsbsd-se-11.0-RELEASE-amd64.iso

Create following entry at your PXE host:

label freebsd110
menu label FreeBSD 11.0
keeppxe
linux memdisk
initrd mfsbsd-se-11.0-RELEASE-amd64.iso
append iso raw

Boot the machine from PXE and let it start up, once started up log in with root and mfsroot.

Use following command to figure out what is the /dev/blah corresponding to your disk:

geom disk list

In my case the disk was at /dev/da0 exposed via SAS HBA, to perform install using ZFS filesystem:

zfsinstall -d /dev/da0

Post installation steps

Log in with root, no password should be prompted. Change password for user root:

passwd

Set hostname:

echo hostname=bsd.example.lan >> /etc/rc.conf

List network interfaces:

ifconfig

Acquire IP address for one of the interfaces, in my case bce0 was the interface:

dhclient -v bce0
echo 'ifconfig_bce0="DHCP"' >> /etc/rc.conf

Install OpenSSH server:

pkg install openssh

Note that pkg install is basically equivalent to apt install or yum install. Ports is somewhat like Portage in Gentoo and AUR in ArchLinux.

Enable familiar /proc:

echo "proc /proc procfs rw,auto 0 0" >> /etc/fstab
mount /proc

Add SSD as read cache device:

zpool add tank cache da1

Add another SSD as write log, this speeds up synchronous writes to the pool:

zpool add tank log da2

Enable online block-level deduplication on the ZFS pool:

zfs set dedup=on tank

To monitor usage:

zpool list -v 2 # Press Ctrl-C to stop

Monitor harddisks

pkg install smartmontools
/usr/local/sbin/smartctl -a /dev/da0

Joining AD domain

There is no realmd so some steps have to be done manually.

Install Samba 4.4 software suite:

pkg install samba44

Edit /usr/local/etc/smb4.conf, most notably there is no nogroup group, instead it's nobody:

[global]
invalid users = administrator root krbtgt guest
security = ads
netbios name = BSD
workgroup = EXAMPLE
realm = EXAMPLE.LAN

kerberos method = system keytab
winbind trusted domains only = no
winbind use default domain = yes
winbind refresh tickets = yes
winbind enum users  = yes
winbind enum groups = yes

map acl inherit = yes
store dos attributes = yes
template homedir = /home/%U
template shell = /bin/bash
idmap config *:backend = rid
allow dns updates = disabled
idmap config *:range = 1000000-16777216

[shared]
path = /home/shared
writable = yes
guest ok = yes
writable = yes
force user = nobody
force group = nobody
create mask = 0666
directory mask = 2777

Authenticate with domain administrator account:

kinit administrator@EXAMPLE.COM

Proceed to join domain:

net ads join -k

Start the service:

cat << EOF >> /etc/rc.conf
samba_server_enable="YES"
smbd_enable="YES"
nmbd_enable="YES"
winbindd_enable="YES"
EOF
service samba_server restart

Reconfigure user lookup:

sed -i -e "s/^passwd_compat:.*/passwd: compat winbind/" /etc/nsswitch.conf
sed -i -e "s/^group_compat:.*/group: compat winbind/" /etc/nsswitch.conf

This should suffice to be used as fileserver, if you need SSH login for AD accounts tweaking /etc/pam.d/sshd is necessary.

Running MATE desktop session over SSH

On the FreeBSD server:

pkg install mate-desktop mate xauth \
  firefox pulseaudio vlc mpv \
  pavucontrol paratype virt-manager

On a local Ubuntu or Fedora machine:

Xephyr -resizeable :1 &
DISPLAY=:1 ssh -X username@bsd.example.lan mate-session

Using FreeBSD as LTSP server

FreeBSD has SSH and desktop applications are compiled with X11 support as you would expect on any other Ubuntu machine such as LTSP server. Firefox package for FreeBSD even includes PulseAudio support so audio works. VLC and mpv unfortunately come without PulseAudio support.

Tricky part is that there is no ldminfod package available for FreeBSD which is serving the list of languages and desktop sessions available on the server. But we can easily emulate that behaviour.

On your FreeBSD box append into your /etc/inetd.conf:

echo ldminfo 9571/tcp >> /etc/services
ldminfo     stream  tcp     nowait  nobody  /usr/libexec/tcpd       /bin/cat /etc/ldminfo

You can extract current configuration from the LTSP server and store it to be served by internet superserver:

telnet ltsp.example.lan 9571 > /etc/ldminfo

Edit /etc/ldminfo, in this case following was the result:

language:et_EE.UTF-8
session:mate-session
session-with-name:MATE:mate-session
xsession:/etc/X11/Xsession
rating:99

Create very basic /etc/X11/Xsession:

#!/bin/sh

# redirect errors to a file in user's home directory if we can
errfile="$HOME/.xsession-errors"
if ( umask 077 && cp /dev/null "$errfile" 2> /dev/null )
then
        exec > "$errfile" 2>&1
else
        mktemp=/usr/bin/mktemp
        for errfile in "${TMPDIR-/tmp}/xses-$USER" "/tmp/xses-$USER"
        do
                if ef="$( umask 077 && $mktemp "$errfile.XXXXXX" 2> /dev/null)"
                then
                        exec > "$ef" 2>&1
                        mv "$ef" "$errfile" 2> /dev/null
                        break
                fi
        done
fi

exec /usr/local/bin/mate-session

# The startup script is not intended to have arguments.
startup=$HOME/.xsession
resources=$HOME/.Xresources
if [ -s "$startup" ]; then
        if [ -x "$startup" ]; then
                exec "$startup"
        else
                exec /bin/sh "$startup"
        fi
else
        if [ -r "$resources" ]; then
                /usr/local/bin/xrdb -load "$resources"
        fi
        exec /usr/local/bin/xsm
fi

Start internet superserver:

echo inetd_enable=yes >> /etc/rc.conf
service inetd start

In your lts.conf usually located at /var/lib/tftpboot/ltsp/lts.conf add additional LTSP servers like this:

LDM_SERVER=bsd.example.lan ltsp.example.lan

Additionally FreeBSD password prompt is slightly different from Ubuntu's, so LDM which is trying to log in on behalf of the user goes nuts. Again we can fix that easily by modifying /etc/pam.d/sshd on the FreeBSD box:

sed -E -e 's/^auth[[:space:]]+required[[:space:]]+pam_unix.so[[:space:]]+.*/auth required pam_unix.so no_warn try_first_pass authtok_prompt=Enter\ password,\ please:\\ /' -i.bak /etc/pam.d/sshd

Over at your LTSP server add additional SSH server keys to LTSP client known hosts file:

ssh-keyscan ltsp.example.lan bsd.example.lan | tee /opt/ltsp/*/etc/ssh_known_hosts
ltsp-update-image

Pics or it didn't happen:

LTSP client connected to FreeBSD 11.0 server