> On Mar 26, 2017, at 7:36 AM, Toomas Soome <[email protected]> wrote: > >> >> On 26. märts 2017, at 14:23, Andreas Wacknitz <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> >> Am 25.03.17 um 22:30 schrieb James Blachly: >>> (I did not get any response on the -discuss list, so please forgive the >>> re-posting) >>> >>> Speaking as a new OI user here, >>> >>> I am using the kernel CIFS/SMB service for the first time (on other systems >>> including smartos I am using samba), which is quite convenient. However, it >>> did not work out of the box. >>> >>> Is there any reason something along the lines of the following should not >>> be in /etc/pam.conf in the installer/freshly installed image? >>> >>> # Kernel SMB/CIFS service for insertion into /var/smb/smbpasswd >>> other password required pam_smb_passwd.so.1 nowarn >>> >>> This seems like a reasonable change that would lower the barrier to entry / >>> lower the frustration level for new users at a critical point in their >>> go/no go decision. >> I am not sure about the reasons it is missing in our standard installation. >> Probably because not everybody is using smb/cifs and it might be >> a security problem. I think the general idea behind it was (during Solaris >> times) that it is safer to have as few as possible things "on" by default >> and an admin should know what to activate. >> So an alternative to enable this in /etc/pam.conf would be an enhanced >> desription of admin steps after installation (on the wiki probably). >> >> Regards >> Andreas >> > > > The problem is that smb setup is not consistent. From one hand you get this > mantra “look how easy it is” - which is an lie. What actually should happen > is: > > 1. creating an share should check if we also need to do smbadm join domain or > workgroup; if its workgroup, then the join should also set up the pam entry. > 2. Set up the default ACL for share. This one is major pain, it is not > properly documented, the current default is useless and confusing. > 3. create /etc/avahi/services/smb.service for SMB. > > Also note that if you need to read wiki just to set up the SMB share, it > means the whole concept is already wrong - it has nothing to do with being > simple nor easy nor user frendly. > > rgds, > toomas
I agree entirely with toomas’ sentiment vis-a-vis “it is not as simple as it appears”, with the qualifier that in the case of a desired setup that is Workgroup only / no AD/ no Windows Domain, the Oracle documentation and all the relevant OI and illumos documentation I could find seemed to suggest that “it should just work” after setting sharesmb property. **With this addition to pam.conf, it would** , and I advocate strongly for its inclusion in the base installation. (Strictly speaking, the step 3, mDNS/avahi) is not necessary to connect, only to browse) Kind regards
_______________________________________________ oi-dev mailing list [email protected] https://openindiana.org/mailman/listinfo/oi-dev
