[oi-dev] Install defaults re. SMB and pam.conf
Andreas Wacknitz
A.Wacknitz at gmx.de
Sun Mar 26 12:25:12 UTC 2017
Am 26.03.17 um 13:36 schrieb Toomas Soome:
>
>> On 26. märts 2017, at 14:23, Andreas Wacknitz <A.Wacknitz at gmx.de
>> <mailto:A.Wacknitz at gmx.de>> wrote:
>>
>>
>>
>> Am 25.03.17 um 22:30 schrieb James Blachly:
>>> (I did not get any response on the -discuss list, so please forgive
>>> the re-posting)
>>>
>>> Speaking as a new OI user here,
>>>
>>> I am using the kernel CIFS/SMB service for the first time (on other
>>> systems including smartos I am using samba), which is quite
>>> convenient. However, it did not work out of the box.
>>>
>>> Is there any reason something along the lines of the following
>>> should not be in /etc/pam.conf in the installer/freshly installed image?
>>>
>>> # Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd
>>> other password required pam_smb_passwd.so.1 nowarn
>>>
>>> This seems like a reasonable change that would lower the barrier to
>>> entry / lower the frustration level for new users at a critical
>>> point in their go/no go decision.
>> I am not sure about the reasons it is missing in our standard
>> installation. Probably because not everybody is using smb/cifs and it
>> might be
>> a security problem. I think the general idea behind it was (during
>> Solaris times) that it is safer to have as few as possible things
>> "on" by default
>> and an admin should know what to activate.
>> So an alternative to enable this in /etc/pam.conf would be an
>> enhanced desription of admin steps after installation (on the wiki
>> probably).
>>
>> Regards
>> Andreas
>>
>
>
> The problem is that smb setup is not consistent. From one hand you get
> this mantra “look how easy it is” - which is an lie. What actually
> should happen is:
>
> 1. creating an share should check if we also need to do smbadm join
> domain or workgroup; if its workgroup, then the join should also set
> up the pam entry.
> 2. Set up the default ACL for share. This one is major pain, it is not
> properly documented, the current default is useless and confusing.
> 3. create /etc/avahi/services/smb.service for SMB.
>
> Also note that if you need to read wiki just to set up the SMB share,
> it means the whole concept is already wrong - it has nothing to do
> with being simple nor easy nor user frendly.
I am with you. But I don't see anybody stand up and do the necessary
things. I am not even close to be able to do so as I don't have enough admin
knowledge. The wiki was my first idea to enhance the documentation as I
don't see any new documentation in form of books for oi in the near future.
There are too few people working on oi.
I have another question regarding these issues: I have a heterogenous
home network with some Macs and Windows. What would be the necessary
steps to at least have the authentication on my oi server? Is there any
documentation about it?
Regards
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20170326/2d8ad91d/attachment-0005.html>
More information about the oi-dev
mailing list