Mailinglist Archive: opensuse-features (365 mails)

< Previous Next >
[openFATE 305535] [webyast] Samba module
  • From: fate_noreply@xxxxxxx
  • Date: Wed, 3 Mar 2010 11:43:41 +0100 (CET)
  • Message-id: <feature-305535-28@xxxxxxxxxxxxxx>
Feature changed by: Klaus Kämpf (kwk)
Feature #305535, revision 28
Title: [webyast] Samba module

openSUSE-11.2: Rejected by Christoph Thiel (cthiel1)
reject date: 2009-06-05 15:10:01
reject reason: Missing details.
Priority
Requester: Important

- openSUSE-11.3: Evaluation
+ openSUSE-11.3: Rejected by (kwk)
+ reject date: 2010-03-03 11:43:38
+ reject reason: Rejected on advise of a very experienced project
+ manageer
Priority
Requester: Important
Projectmanager: Important

Requested by: James McDonough (jmcdough)
Partner organization: openSUSE.org

Description:
Original request stated in bugzilla:
At the moment, it has to be decided if a user has an samba account can
only be decided when the account is created.
If an samba account shall be added later for a user, this is not
possible with the Yast UsersPluginSamba, as this requires changing the
password (or setting the same password again).
IMHO, this restriction is to strict. The following should be possible:
* Activate the samba account for the user
: this should add the sambaSamAccount objectClass to the user, : at
least set the user sid, optionally the group sid : leave the password
empty
* The user can then later on change/reset his password with "passwd"
: The user has a valid posixAccount, which allows him to authenticate :
himself against LDAP.
: if there is an LDAP ACL "access to attrs=sambaNTPassword by self
write", : the user is able to set his samba password even without an
preexisting : samba password
Additional comment from bugzilla
The above described scenario is just one corner case where having no
sambaNTPassword/sambaLMPassword could workout. Unfortunately:
* Or samba configuration as created by YaST by default disallows write
access to the samba*Password attributes, IIRC.
* The user might be a pure Windows User, so he can't set his initial
samba password using his Linux/Unix Account.


References:
https://bugzilla.novell.com/show_bug.cgi?id=444603

Business case (Partner benefit):
openSUSE.org: Many customers report difficulties with various areas of
samba yast administration, both with new features requested and layout
of current ones.

Discussion:
#1: Christoph Thiel (cthiel1) (2009-05-28 15:34:16)
James, do you have more details yet? Otherwise, we'll have to reject it
for openSUSE 11.2 right away.

#2: Wyatt Gosling (beachchairs) (2009-06-08 21:40:29)
As someone who just spent a day configuring Samba, I support this.
The Samba module is a bit advanced, but my main problem was I just
didn't know I had to allow Samba in the firewall. I think the module
should do something about this. Perhaps when you hit Ok you get a
prompt allong the lines of "You have enabled Samba, but the Firewall is
set to block Samba. Would you like to change the Firewall to allow
Samba?"
Still I would like to see a simpler module. Perhaps one that has a just
a few options (then takes a reasonable stab at the rest). Maybe have a
global "Enable Folder and Printer Sharing" toggle, and a toggle to
enable password protection (and set the password!). Then have "Enable
Printer Sharing", "Enable Folder Sharing" subcategories. I don't have
any interest in printer sharing, so I don't know if any sub-options
would be applicable or not. For folder sharing, you would need a list
of directories to share. Not much else needs to be presented to the
user IMO.
Also have it so when you use the KDE Item Properties Panel (and the
Gnome equivelent), it is pre-setup to allow users to add shares without
root priveleges.

#7: Ralph Ulrich (ulenrich) (2009-08-21 16:57:02)
Would be great to see the module
yast-samba
as an input/substitute module for
kde-systemsettings-advanced-samba

#9: Klaus Kämpf (kwk) (2009-08-25 09:45:45)
Out of scope for openSUSE 11.2 or SLE11 SP1. To be revisited for
openSUSE 11.3



--
openSUSE Feature:
https://features.opensuse.org/305535

< Previous Next >
This Thread
  • No further messages