<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">Am 26.03.17 um 13:36 schrieb Toomas
Soome:<br>
</div>
<blockquote cite="mid:D3587869-95FC-461F-9CA6-A9B91F5759D1@me.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On 26. märts 2017, at 14:23, Andreas Wacknitz
<<a moz-do-not-send="true"
href="mailto:A.Wacknitz@gmx.de" class="">A.Wacknitz@gmx.de</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><br style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">Am 25.03.17 um 22:30 schrieb
James Blachly:</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px;" class="">(I did not get
any response on the -discuss list, so please forgive the
re-posting)<br class="">
<br class="">
Speaking as a new OI user here,<br class="">
<br class="">
I am using the kernel CIFS/SMB service for the first time
(on other systems including smartos I am using samba),
which is quite convenient. However, it did not work out of
the box.<br class="">
<br class="">
Is there any reason something along the lines of the
following should not be in /etc/pam.conf in the
installer/freshly installed image?<br class="">
<br class="">
# Kernel SMB/CIFS service for insertion into
/var/smb/smbpasswd<br class="">
other password required pam_smb_passwd.so.1
nowarn<br class="">
<br class="">
This seems like a reasonable change that would lower the
barrier to entry / lower the frustration level for new
users at a critical point in their go/no go decision.<br
class="">
</blockquote>
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">I am not sure about the
reasons it is missing in our standard installation.
Probably because not everybody is using smb/cifs and it
might be</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">a security problem. I think
the general idea behind it was (during Solaris times) that
it is safer to have as few as possible things "on" by
default</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">and an admin should know what
to activate.</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;"
class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">So an alternative to enable
this in /etc/pam.conf would be an enhanced desription of
admin steps after installation (on the wiki probably).</span><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">Regards</span><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">Andreas</span><br
style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</blockquote>
</div>
<br class="">
<div class=""><br class="">
</div>
<div class="">The problem is that smb setup is not consistent.
From one hand you get this mantra “look how easy it is” - which
is an lie. What actually should happen is:</div>
<div class=""><br class="">
</div>
<div class="">1. creating an share should check if we also need to
do smbadm join domain or workgroup; if its workgroup, then the
join should also set up the pam entry.</div>
<div class="">2. Set up the default ACL for share. This one is
major pain, it is not properly documented, the current default
is useless and confusing.</div>
<div class="">3. create <span style="font-family: Hack;
background-color: rgb(255, 255, 255);" class="">/etc/avahi/services/smb.service
for SMB.</span></div>
<div class=""><span style="font-family: Hack; background-color:
rgb(255, 255, 255);" class=""><br class="">
</span></div>
<div class="">Also note that if you need to read wiki just to set
up the SMB share, it means the whole concept is already wrong -
it has nothing to do with being simple nor easy nor user
frendly.</div>
</blockquote>
I am with you. But I don't see anybody stand up and do the necessary
things. I am not even close to be able to do so as I don't have
enough admin<br>
knowledge. The wiki was my first idea to enhance the documentation
as I don't see any new documentation in form of books for oi in the
near future.<br>
There are too few people working on oi.<br>
<br>
I have another question regarding these issues: I have a
heterogenous home network with some Macs and Windows. What would be
the necessary<br>
steps to at least have the authentication on my oi server? Is there
any documentation about it?<br>
<br>
Regards<br>
Andreas<br>
<br>
</body>
</html>