Thanks Jim, yes, we've been using OpenVPN on XStreamOS for many years, but that's not what we want on our cloud: vpn to customers for their own pourposes are hard to mantain and secure within other cloud users. Your idea about openvpn-udp dedicated may be a nice route, but I will rather look if there is any "smb proxy" that can secure the smb access via ssl from the public network and proxy everything to/from LAN, always under ipfilter control... I will share any result here Gabriele Sonicle S.r.l. http://www.sonicle.com Music: http://www.gabrielebulfon.com Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon ---------------------------------------------------------------------------------- Da: Jim Klimov A: Gabriele Bulfon Jim Klimov illumos-discuss Data: 22 dicembre 2018 11.01.12 CET Oggetto: Re: [discuss] Access CIFS shares with SFTP On December 21, 2018 10:20:50 PM UTC, Gabriele Bulfon wrote: Thanks Jim, that's what I intended, access same data both over CIFS/AD and over some other internet mean, read/write. Think about a cloud web application, with java vfs multi protocols, willing to browse and access an on-prims CIFS storage, securely: I don't think there is any secure way to access smb/cifs from the outside, while I can access sftp. I can almost do it with smb inside and webdav outside, but when you go with cifs/ad acls become hard. Sonicle S.r.l. http://www.sonicle.com Music: http://www.gabrielebulfon.com Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon ---------------------------------------------------------------------------------- Da: Jim Klimov A: illumos-discuss Gabriele Bulfon [email protected] Data: 21 dicembre 2018 22.01.21 CET Oggetto: Re: [discuss] Access CIFS shares with SFTP On December 21, 2018 6:00:38 PM UTC, Gabriele Bulfon wrote: Hi, probably a strange question... Is there any way I can gain access via sftp on CIFS folder joined to an AD domain using an AD user/pass to gain all required ACL access (read and write)? Gabriele Sonicle S.r.l. http://www.sonicle.com Music: http://www.gabrielebulfon.com Quantum Mechanics : http://www.cdbaby.com/cd/gabrielebulfon ------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/Teaad69d75cbc5da7-M7b5eb03657d556b5cea20ac3 Delivery options: https://illumos.topicbox.com/groups/discuss/subscription Probably not, these are different independent protocols. You can probably set up SFTP to serve files from the same dataset as the CIFS share by administrative coincidence, and set up filesystem (not CIFS share) ACLs to manage access. That is, if I got your question correctly - of serving same data from an illumos server over two protocols. If you mean that your illumos-based server is a CIFS client to another and wants to re-publish that data over SFTP, I don't see why not - as long as you've figured out the (auto)mounting for the illumos CIFS client. This will indeed be constrained by access rights your box has to that CIFS share of the other server. Jim -- Typos courtesy of K-9 Mail on my Android Well, a bit of googling uncovers that SMBv3 adds protocol-level encryption, but I am not sure we have that in illumos already. So the next good option would be a VPN. OpenVPN fares well on Solarish OSes; though to avoid double penalties for TCP backing down on bad connections you might see better results with openvpn-udp connection for data-heavy TCP applications. Note you can configure several openvpn servers on same system (so try both TCP and UDP links), and for added safety it can be in its own local zone with firewalling. Jim -- Typos courtesy of K-9 Mail on my Android
------------------------------------------ illumos: illumos-discuss Permalink: https://illumos.topicbox.com/groups/discuss/Teaad69d75cbc5da7-M43344036bcde008a6c3c75ce Delivery options: https://illumos.topicbox.com/groups/discuss/subscription
