Am 26.03.17 um 13:36 schrieb Toomas Soome:
On 26. märts 2017, at 14:23, Andreas Wacknitz <a.wackn...@gmx.de
<mailto:a.wackn...@gmx.de>> wrote:
Am 25.03.17 um 22:30 schrieb James Blachly:
(I did not get any response on the -discuss list, so please forgive
the re-posting)
Speaking as a new OI user here,
I am using the kernel CIFS/SMB service for the first time (on other
systems including smartos I am using samba), which is quite
convenient. However, it did not work out of the box.
Is there any reason something along the lines of the following
should not be in /etc/pam.conf in the installer/freshly installed image?
# Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd
other password required pam_smb_passwd.so.1 nowarn
This seems like a reasonable change that would lower the barrier to
entry / lower the frustration level for new users at a critical
point in their go/no go decision.
I am not sure about the reasons it is missing in our standard
installation. Probably because not everybody is using smb/cifs and it
might be
a security problem. I think the general idea behind it was (during
Solaris times) that it is safer to have as few as possible things
"on" by default
and an admin should know what to activate.
So an alternative to enable this in /etc/pam.conf would be an
enhanced desription of admin steps after installation (on the wiki
probably).
Regards
Andreas
The problem is that smb setup is not consistent. From one hand you get
this mantra “look how easy it is” - which is an lie. What actually
should happen is:
1. creating an share should check if we also need to do smbadm join
domain or workgroup; if its workgroup, then the join should also set
up the pam entry.
2. Set up the default ACL for share. This one is major pain, it is not
properly documented, the current default is useless and confusing.
3. create /etc/avahi/services/smb.service for SMB.
Also note that if you need to read wiki just to set up the SMB share,
it means the whole concept is already wrong - it has nothing to do
with being simple nor easy nor user frendly.
I am with you. But I don't see anybody stand up and do the necessary
things. I am not even close to be able to do so as I don't have enough admin
knowledge. The wiki was my first idea to enhance the documentation as I
don't see any new documentation in form of books for oi in the near future.
There are too few people working on oi.
I have another question regarding these issues: I have a heterogenous
home network with some Macs and Windows. What would be the necessary
steps to at least have the authentication on my oi server? Is there any
documentation about it?
Regards
Andreas
_______________________________________________
oi-dev mailing list
oi-dev@openindiana.org
https://openindiana.org/mailman/listinfo/oi-dev
