summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>2003-04-23 04:40:03 +0000
committerJohn Terpstra <jht@samba.org>2003-04-23 04:40:03 +0000
commita7d2c332fca9c85c21ff6dba424559c9323feacf (patch)
treebcaa48e2de741797cd6b80216845c975344c1fc0
parent4962f4d1764c3431f7141e030710873b714566a0 (diff)
downloadsamba-a7d2c332fca9c85c21ff6dba424559c9323feacf.tar.gz
samba-a7d2c332fca9c85c21ff6dba424559c9323feacf.tar.bz2
samba-a7d2c332fca9c85c21ff6dba424559c9323feacf.zip
Update - closed off for now
(This used to be commit 2ddb882596e5d2219ccc96fa11dffa0fdc900a17)
-rw-r--r--docs/docbook/projdoc/SWAT.sgml212
1 files changed, 199 insertions, 13 deletions
diff --git a/docs/docbook/projdoc/SWAT.sgml b/docs/docbook/projdoc/SWAT.sgml
index 763872d567..751138f138 100644
--- a/docs/docbook/projdoc/SWAT.sgml
+++ b/docs/docbook/projdoc/SWAT.sgml
@@ -35,6 +35,9 @@ a fully optimised file that has been stripped of all comments you might have pla
and only non-default settings will be written to the file.
</para></note>
+<sect2>
+<title>Enabling SWAT for use</title>
+
<para>
SWAT should be installed to run via the network super daemon. Depending on which system
your Unix/Linux system has you will have either an <filename>inetd</filename> or
@@ -79,27 +82,80 @@ A control file for the newer style xinetd could be:
disable = yes
}
</programlisting>
+
</para>
<para>
Both the above examples assume that the <filename>swat</filename> binary has been
located in the <filename>/usr/sbin</filename> directory. In addition to the above
-SWAT will use a directory access point from which it will load all it's help files,
+SWAT will use a directory access point from which it will load it's help files
as well as other control information. The default location for this on most Linux
-systems is in the directory <filename>/usr/share/samba/swat</filename>.
+systems is in the directory <filename>/usr/share/samba/swat</filename>. The default
+location using samba defaults will be <filename>/usr/local/samba/swat</filename>.
</para>
<para>
Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user
the only permission allowed is to view certain aspects of configuration as well as
-access to the password change facility.
+access to the password change facility. The buttons that will be exposed to the non-root
+user are: <emphasis>HOME, STATUS, VIEW, PASSWORD</emphasis>. The only page that allows
+change capability in this case is <emphasis>PASSWORD</emphasis>.
</para>
<para>
So long as you log onto SWAT as the user <command>root</command> you should obtain
-full change and commit ability.
+full change and commit ability. The buttons that will be exposed includes:
+<emphasis>HOME, GLOBALS, SHARES, PRINTERS, WIZARD, STATUS, VIEW, PASSWORD</emphasis>.
+</para>
+
+</sect2>
+
+<sect2>
+<title>Securing SWAT through SSL</title>
+
+<para>
+Lots of people have asked about how to setup SWAT with SSL to allow for secure remote
+administration of Samba. Here is a method that works, courtesy of Markus Krieger
+</para>
+
+<para>
+Modifications to the swat setup are as following:
+</para>
+
+<itemizedlist>
+ <listitem><para>
+ install OpenSSL
+ </para></listitem>
+
+ <listitem><para>
+ generate certificate and private key
+
+ <programlisting>
+ root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \
+ /usr/share/doc/packages/stunnel/stunnel.cnf \
+ -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
+ </programlisting><para></listitem>
+
+ <listitem><para>
+ remove swat-entry from [x]inetd
+ </para></listitem>
+
+ <listitem><para>
+ start stunnel
+
+ <programlisting>
+ root# stunnel -p /etc/stunnel/stunnel.pem -d 901 \
+ -l /usr/local/samba/bin/swat swat
+ </programlisting></para></listitem>
+</itemizedlist>
+
+<para>
+afterwards simply contact to swat by using the URL "https://myhost:901", accept the certificate
+and the SSL connection is up.
</para>
+</sect2>
+
<sect2>
<title>The SWAT Home Page</title>
@@ -109,46 +165,163 @@ each samba component is accessible from this page as are the Samba-HOWTO-Collect
document) as well as the O'Reilly book "Using Samba".
</para>
+<para>
+Administrators who wish to validate their samba configuration may obtain useful information
+from the man pages for the diganostic utilities. These are available from the SWAT home page
+also. One diagnostic tool that is NOT mentioned on this page, but that is particularly
+useful is <command>ethereal</command>, available from <ulink url="http://www.ethereal.com">
+http://www.ethereal.com</ulink>.
+</para>
+
+<note><para>
+SWAT can be configured to run in <emphasis>demo</emphasis> mode. This is NOT recommended
+as it runs SWAT without authentication and with full administrative ability. ie: Allows
+changes to smb.conf as well as general operation with root privilidges. The option that
+creates this ability is the <command>-a</command> flag to swat. DO NOT USE THIS IN ANY
+PRODUCTION ENVIRONMENT - you have been warned!
+</para></note>
+
</sect2>
+
<sect2>
<title>Global Settings</title>
<para>
-Document steps right here!
+The Globals button will expose a page that allows configuration of the global parameters
+in smb.conf. There are three levels of exposure of the parameters:
</para>
+<itemizedlist>
+ <listitem><para>
+ <command>Basic</command> - exposes common configuration options.
+ </para></listitem>
+
+ <listitem><para>
+ <command>Advanced</command> - exposes configuration options needed in more
+ complex environments.
+ </para></listitem>
+
+ <listitem><para>
+ <command>Developer</command> - exposes configuration options that only the brave
+ will want to tamper with.
+ </para></listitem>
+</itemizedlist>
+
+<para>
+To switch to other than <emphasis>Basic</emphasis> editing ability click on either the
+<emphasis>Advanced</emphasis> or the <emphasis>Developer</emphasis> dial, then click the
+<emphasis>Commit Changes</emphasis> button.
+</para>
+
+<para>
+After making any changes to configuration parameters make sure that you click on the
+<emphasis>Commit Changes</emphasis> button before moving to another area otherwise
+your changes will be immediately lost.
+</para>
+
+<note><para>
+SWAT has context sensitive help. To find out what each parameter is for simply click the
+<command>Help</command> link to the left of the configurartion parameter.
+</para></note>
+
</sect2>
+
<sect2>
-<title>The SWAT Wizard</title>
+<title>Share Settings</title>
<para>
-Lots of blah blah here.
+To affect a currenly configured share, simple click on the pull down button between the
+<emphasis>Choose Share</emphasis> and the <emphasis>Delete Share</emphasis> buttons,
+select the share you wish to operation on, then to edit the settings click on the
+<emphasis>Choose Share</emphasis> button, to delete the share simply press the
+<emphasis>Delete Share</emphasis> button.
+</para>
+
+<para>
+To create a new share, next to the button labelled <emphasis>Create Share</emphasis> enter
+into the text field the name of the share to be created, then click on the
+<emphasis>Create Share</emphasis> button.
</para>
</sect2>
<sect2>
-<title>Share Settings</title>
+<title>Printers Settings</title>
+
+<para>
+To affect a currenly configured printer, simple click on the pull down button between the
+<emphasis>Choose Printer</emphasis> and the <emphasis>Delete Printer</emphasis> buttons,
+select the printer you wish to operation on, then to edit the settings click on the
+<emphasis>Choose Printer</emphasis> button, to delete the share simply press the
+<emphasis>Delete Printer</emphasis> button.
+</para>
<para>
-Document steps right here!
+To create a new printer, next to the button labelled <emphasis>Create Printer</emphasis> enter
+into the text field the name of the share to be created, then click on the
+<emphasis>Create Printer</emphasis> button.
</para>
</sect2>
<sect2>
-<title>Printing Settings</title>
+<title>The SWAT Wizard</title>
+
+<para>
+The purpose if the SWAT Wizard is to help the Microsoft knowledgable network administrator
+to configure Samba with a minimum of effort.
+</para>
+
+<para>
+The Wizard page provides a tool for rewiting the smb.conf file in fully optimised format.
+This will also happen if you press the commit button. The two differ in the the rewrite button
+ignores any changes that may have been made, while the Commit button causes all changes to be
+affected.
+</para>
+
+<para>
+The <emphasis>Edit</emphasis> button permits the editing (setting) of the minimal set of
+options that may be necessary to create a working samba server.
+</para>
<para>
-Document steps right here!
+Finally, there are a limited set of options that will determine what type of server samba
+will be configured for, whether it will be a WINS server, participate as a WINS client, or
+operate with no WINS support. By clicking on one button you can elect to epose (or not) user
+home directories.
</para>
</sect2>
+
<sect2>
<title>The Status Page</title>
<para>
-Document steps right here!
+The status page serves a limited purpose. Firstly, it allows control of the samba daemons.
+The key daemons that create the samba server environment are: <command> smbd, nmbd, winbindd</command>.
+</para>
+
+<para>
+The daemons may be controlled individually or as a total group. Additionally, you may set
+an automatic screen refresh timing. As MS Windows clients interact with Samba new smbd processes
+will be continually spawned. The auto-refresh facility will allow you to track the changing
+conditions with minimal effort.
+</para>
+
+<para>
+Lastly, the Status page may be used to terminate specific smbd client connections in order to
+free files that may be locked.
+</para>
+
+</sect2>
+
+<sect2>
+<title>The View Page</title>
+
+<para>
+This page allows the administrator to view the optimised smb.conf file and if you are
+particularly massochistic will permit you also to see all possible global configuration
+parameters and their settings.
</para>
</sect2>
@@ -157,7 +330,20 @@ Document steps right here!
<title>The Password Change Page</title>
<para>
-Document steps right here!
+The Password Change page is a popular tool. This tool allows to creation, deletion, deactivation
+and reactivation of MS Windows networking users on the local machine. Alternatively, you can use
+this tool to change a local password for a user account.
+</para>
+
+<para>
+When logged in as a non-root account the user will have to provide the old password as well as
+the new password (twice). When logged in as <command>root</command> only the new password is
+required.
+</para>
+
+<para>
+One popular use for this tool is to change user passwords across a range of remote MS Windows
+servers.
</para>
</sect2>