<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 26. märts 2017, at 18:31, Andreas Wacknitz <<a href="mailto:A.Wacknitz@gmx.de" class="">A.Wacknitz@gmx.de</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div text="#000000" bgcolor="#FFFFFF" class=""><p class=""><br class="">
</p>
<br class="">
<div class="moz-cite-prefix">Am 26.03.17 um 13:36 schrieb Toomas
Soome:<br class="">
</div>
<blockquote cite="mid:D3587869-95FC-461F-9CA6-A9B91F5759D1@me.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252" class="">
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On 26. märts 2017, at 14:23, Andreas Wacknitz
<<a moz-do-not-send="true" href="mailto:A.Wacknitz@gmx.de" class="">A.Wacknitz@gmx.de</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><br style="font-family: Helvetica; font-size:
12px; font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">Am 25.03.17 um 22:30 schrieb
James Blachly:</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<blockquote type="cite" style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-size-adjust: auto;
-webkit-text-stroke-width: 0px;" class="">(I did not get
any response on the -discuss list, so please forgive the
re-posting)<br class="">
<br class="">
Speaking as a new OI user here,<br class="">
<br class="">
I am using the kernel CIFS/SMB service for the first time
(on other systems including smartos I am using samba),
which is quite convenient. However, it did not work out of
the box.<br class="">
<br class="">
Is there any reason something along the lines of the
following should not be in /etc/pam.conf in the
installer/freshly installed image?<br class="">
<br class="">
# Kernel SMB/CIFS service for insertion into
/var/smb/smbpasswd<br class="">
other password required pam_smb_passwd.so.1
nowarn<br class="">
<br class="">
This seems like a reasonable change that would lower the
barrier to entry / lower the frustration level for new
users at a critical point in their go/no go decision.<br class="">
</blockquote>
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">I am not sure about the
reasons it is missing in our standard installation.
Probably because not everybody is using smb/cifs and it
might be</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">a security problem. I think
the general idea behind it was (during Solaris times) that
it is safer to have as few as possible things "on" by
default</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">and an admin should know what
to activate.</span><br style="font-family: Helvetica;
font-size: 12px; font-style: normal; font-variant-caps:
normal; font-weight: normal; letter-spacing: normal;
orphans: auto; text-align: start; text-indent: 0px;
text-transform: none; white-space: normal; widows: auto;
word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">So an alternative to enable
this in /etc/pam.conf would be an enhanced desription of
admin steps after installation (on the wiki probably).</span><br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">Regards</span><br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<span style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px; float: none; display:
inline !important;" class="">Andreas</span><br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
<br style="font-family: Helvetica; font-size: 12px;
font-style: normal; font-variant-caps: normal;
font-weight: normal; letter-spacing: normal; orphans:
auto; text-align: start; text-indent: 0px; text-transform:
none; white-space: normal; widows: auto; word-spacing:
0px; -webkit-text-stroke-width: 0px;" class="">
</div>
</blockquote>
</div>
<br class="">
<div class=""><br class="">
</div>
<div class="">The problem is that smb setup is not consistent.
From one hand you get this mantra “look how easy it is” - which
is an lie. What actually should happen is:</div>
<div class=""><br class="">
</div>
<div class="">1. creating an share should check if we also need to
do smbadm join domain or workgroup; if its workgroup, then the
join should also set up the pam entry.</div>
<div class="">2. Set up the default ACL for share. This one is
major pain, it is not properly documented, the current default
is useless and confusing.</div>
<div class="">3. create <span style="font-family: Hack;
background-color: rgb(255, 255, 255);" class="">/etc/avahi/services/smb.service
for SMB.</span></div>
</blockquote>
Toomas, is there any documentation on how to do that? I have
installed avahi but there is no /etc/avahi folder and I haven't
found a documentation for it.<br class="">
<br class="">
Regards<br class="">
Andreas<br class="">
<br class="">
</div></div></blockquote><br class=""></div><div>I found it from googling around, but there is an sample, the avahi-service.dtd should describe it - in example below the Xserve is of course just for giggles;)</div><div><br class=""></div><div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><?xml version="1.0" encoding="UTF-8"?></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><!DOCTYPE service-group SYSTEM "avahi-service.dtd"></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><service-group></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <name replace-wildcards="yes">%h</name></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <service></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <type>_smb._tcp</type></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <port>445</port></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </service></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <service></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <type>_device-info._tcp</type></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <port>0</port></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> <txt-record>model=Xserve</txt-record></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> </service></span></div><div style="margin: 0px; line-height: normal; font-family: Hack; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></service-group></span></div></div><br class=""><div class=""><br class=""></div><div class="">rgds,</div><div class="">toomas</div></body></html>