Re: [oi-dev] Install defaults re. SMB and pam.conf

Sun, 26 Mar 2017 08:32:45 -0700 


Am 26.03.17 um 13:36 schrieb Toomas Soome:



On 26. märts 2017, at 14:23, Andreas Wacknitz <[email protected] 
<mailto:[email protected]>> wrote:




Am 25.03.17 um 22:30 schrieb James Blachly:

(I did not get any response on the -discuss list, so please forgive 
the re-posting)


Speaking as a new OI user here,


I am using the kernel CIFS/SMB service for the first time (on other 
systems including smartos I am using samba), which is quite 
convenient. However, it did not work out of the box.



Is there any reason something along the lines of the following 
should not be in /etc/pam.conf in the installer/freshly installed image?


# Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd
other   password required       pam_smb_passwd.so.1     nowarn


This seems like a reasonable change that would lower the barrier to 
entry / lower the frustration level for new users at a critical 
point in their go/no go decision.

I am not sure about the reasons it is missing in our standard 
installation. Probably because not everybody is using smb/cifs and it 
might be
a security problem. I think the general idea behind it was (during 
Solaris times) that it is safer to have as few as possible things 
"on" by default

and an admin should know what to activate.

So an alternative to enable this in /etc/pam.conf would be an 
enhanced desription of admin steps after installation (on the wiki 
probably).


Regards
Andreas





The problem is that smb setup is not consistent. From one hand you get 
this mantra “look how easy it is” - which is an lie. What actually 
should happen is:



1. creating an share should check if we also need to do smbadm join 
domain or workgroup; if its workgroup, then the join should also set 
up the pam entry.
2. Set up the default ACL for share. This one is major pain, it is not 
properly documented, the current default is useless and confusing.

3. create /etc/avahi/services/smb.service for SMB.

Toomas, is there any documentation on how to do that? I have installed 
avahi but there is no /etc/avahi folder and I haven't found a 
documentation for it.


Regards
Andreas


_______________________________________________
oi-dev mailing list
[email protected]
https://openindiana.org/mailman/listinfo/oi-dev





















					Reply via email to