> On 26. märts 2017, at 21:04, James Blachly <[email protected]> wrote: > > >> On Mar 26, 2017, at 7:36 AM, Toomas Soome <[email protected] >> <mailto:[email protected]>> wrote: >> >>> >>> On 26. märts 2017, at 14:23, Andreas Wacknitz <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> >>> >>> Am 25.03.17 um 22:30 schrieb James Blachly: >>>> (I did not get any response on the -discuss list, so please forgive the >>>> re-posting) >>>> >>>> Speaking as a new OI user here, >>>> >>>> I am using the kernel CIFS/SMB service for the first time (on other >>>> systems including smartos I am using samba), which is quite convenient. >>>> However, it did not work out of the box. >>>> >>>> Is there any reason something along the lines of the following should not >>>> be in /etc/pam.conf in the installer/freshly installed image? >>>> >>>> # Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd >>>> other password required pam_smb_passwd.so.1 nowarn >>>> >>>> This seems like a reasonable change that would lower the barrier to entry >>>> / lower the frustration level for new users at a critical point in their >>>> go/no go decision. >>> I am not sure about the reasons it is missing in our standard installation. >>> Probably because not everybody is using smb/cifs and it might be >>> a security problem. I think the general idea behind it was (during Solaris >>> times) that it is safer to have as few as possible things "on" by default >>> and an admin should know what to activate. >>> So an alternative to enable this in /etc/pam.conf would be an enhanced >>> desription of admin steps after installation (on the wiki probably). >>> >>> Regards >>> Andreas >>> >> >> >> The problem is that smb setup is not consistent. From one hand you get this >> mantra “look how easy it is” - which is an lie. What actually should happen >> is: >> >> 1. creating an share should check if we also need to do smbadm join domain >> or workgroup; if its workgroup, then the join should also set up the pam >> entry. >> 2. Set up the default ACL for share. This one is major pain, it is not >> properly documented, the current default is useless and confusing. >> 3. create /etc/avahi/services/smb.service for SMB. >> >> Also note that if you need to read wiki just to set up the SMB share, it >> means the whole concept is already wrong - it has nothing to do with being >> simple nor easy nor user frendly. >> >> rgds, >> toomas > > I agree entirely with toomas’ sentiment vis-a-vis “it is not as simple as it > appears”, with the qualifier that in the case of a desired setup that is > Workgroup only / no AD/ no Windows Domain, the Oracle documentation and all > the relevant OI and illumos documentation I could find seemed to suggest that > “it should just work” after setting sharesmb property.
Yes, it does depend on how you define “it should just work”, because yea - if you have functional guest setup, sure;) > > **With this addition to pam.conf, it would** , and I advocate strongly for > its inclusion in the base installation. (Strictly speaking, the step 3, > mDNS/avahi) is not necessary to connect, only to browse) true, just another small thing. But the world is built on small things. And do not forget about permission setup;) We can only guess how many people have opted to use samba just because;) rgds, toomas
_______________________________________________ oi-dev mailing list [email protected] https://openindiana.org/mailman/listinfo/oi-dev
