[oi-dev] Install defaults re. SMB and pam.conf
Andreas Wacknitz
A.Wacknitz at gmx.de
Sun Mar 26 15:31:28 UTC 2017
Am 26.03.17 um 13:36 schrieb Toomas Soome:
>
>> On 26. märts 2017, at 14:23, Andreas Wacknitz <A.Wacknitz at gmx.de
>> <mailto:A.Wacknitz at gmx.de>> wrote:
>>
>>
>>
>> Am 25.03.17 um 22:30 schrieb James Blachly:
>>> (I did not get any response on the -discuss list, so please forgive
>>> the re-posting)
>>>
>>> Speaking as a new OI user here,
>>>
>>> I am using the kernel CIFS/SMB service for the first time (on other
>>> systems including smartos I am using samba), which is quite
>>> convenient. However, it did not work out of the box.
>>>
>>> Is there any reason something along the lines of the following
>>> should not be in /etc/pam.conf in the installer/freshly installed image?
>>>
>>> # Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd
>>> other password required pam_smb_passwd.so.1 nowarn
>>>
>>> This seems like a reasonable change that would lower the barrier to
>>> entry / lower the frustration level for new users at a critical
>>> point in their go/no go decision.
>> I am not sure about the reasons it is missing in our standard
>> installation. Probably because not everybody is using smb/cifs and it
>> might be
>> a security problem. I think the general idea behind it was (during
>> Solaris times) that it is safer to have as few as possible things
>> "on" by default
>> and an admin should know what to activate.
>> So an alternative to enable this in /etc/pam.conf would be an
>> enhanced desription of admin steps after installation (on the wiki
>> probably).
>>
>> Regards
>> Andreas
>>
>
>
> The problem is that smb setup is not consistent. From one hand you get
> this mantra “look how easy it is” - which is an lie. What actually
> should happen is:
>
> 1. creating an share should check if we also need to do smbadm join
> domain or workgroup; if its workgroup, then the join should also set
> up the pam entry.
> 2. Set up the default ACL for share. This one is major pain, it is not
> properly documented, the current default is useless and confusing.
> 3. create /etc/avahi/services/smb.service for SMB.
Toomas, is there any documentation on how to do that? I have installed
avahi but there is no /etc/avahi folder and I haven't found a
documentation for it.
Regards
Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20170326/bbe01745/attachment-0005.html>
More information about the oi-dev
mailing list