On December 21, 2018 10:20:50 PM UTC, Gabriele Bulfon <[email protected]> wrote: >Thanks Jim, that's what I intended, access same data both over CIFS/AD >and over some other internet mean, read/write. >Think about a cloud web application, with java vfs multi protocols, >willing to browse and access an on-prims CIFS storage, securely: I >don't think there is any secure way to access smb/cifs from the >outside, while I can access sftp. >I can almost do it with smb inside and webdav outside, but when you go >with cifs/ad acls become hard. >Sonicle S.r.l. >http://www.sonicle.com >Music: >http://www.gabrielebulfon.com >Quantum Mechanics : >http://www.cdbaby.com/cd/gabrielebulfon >---------------------------------------------------------------------------------- >Da: Jim Klimov >A: illumos-discuss >Gabriele Bulfon >[email protected] >Data: 21 dicembre 2018 22.01.21 CET >Oggetto: Re: [discuss] Access CIFS shares with SFTP >On December 21, 2018 6:00:38 PM UTC, Gabriele Bulfon >wrote: >Hi, > >probably a strange question... > >Is there any way I can gain access via sftp on CIFS folder joined to an >AD domain using an AD user/pass to gain all required ACL access (read >and write)? > >Gabriele >Sonicle S.r.l. >http://www.sonicle.com >Music: >http://www.gabrielebulfon.com >Quantum Mechanics : >http://www.cdbaby.com/cd/gabrielebulfon >------------------------------------------ >illumos: illumos-discuss >Permalink: >https://illumos.topicbox.com/groups/discuss/Teaad69d75cbc5da7-M7b5eb03657d556b5cea20ac3 >Delivery options: >https://illumos.topicbox.com/groups/discuss/subscription >Probably not, these are different independent protocols. You can >probably set up SFTP to serve files from the same dataset as the CIFS >share by administrative coincidence, and set up filesystem (not CIFS >share) ACLs to manage access. >That is, if I got your question correctly - of serving same data from >an illumos server over two protocols. >If you mean that your illumos-based server is a CIFS client to another >and wants to re-publish that data over SFTP, I don't see why not - as >long as you've figured out the (auto)mounting for the illumos CIFS >client. This will indeed be constrained by access rights your box has >to that CIFS share of the other server. >Jim >-- >Typos courtesy of K-9 Mail on my Android
Well, a bit of googling uncovers that SMBv3 adds protocol-level encryption, but I am not sure we have that in illumos already. So the next good option would be a VPN. OpenVPN fares well on Solarish OSes; though to avoid double penalties for TCP backing down on bad connections you might see better results with openvpn-udp connection for data-heavy TCP applications. Note you can configure several openvpn servers on same system (so try both TCP and UDP links), and for added safety it can be in its own local zone with firewalling. Jim -- Typos courtesy of K-9 Mail on my Android ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/Teaad69d75cbc5da7-M896e0093c15eba7573442a5b Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
