diff options
author | John Terpstra <jht@samba.org> | 2003-04-23 04:40:03 +0000 |
---|---|---|
committer | John Terpstra <jht@samba.org> | 2003-04-23 04:40:03 +0000 |
commit | a7d2c332fca9c85c21ff6dba424559c9323feacf (patch) | |
tree | bcaa48e2de741797cd6b80216845c975344c1fc0 | |
parent | 4962f4d1764c3431f7141e030710873b714566a0 (diff) | |
download | samba-a7d2c332fca9c85c21ff6dba424559c9323feacf.tar.gz samba-a7d2c332fca9c85c21ff6dba424559c9323feacf.tar.bz2 samba-a7d2c332fca9c85c21ff6dba424559c9323feacf.zip |
Update - closed off for now
(This used to be commit 2ddb882596e5d2219ccc96fa11dffa0fdc900a17)
-rw-r--r-- | docs/docbook/projdoc/SWAT.sgml | 212 |
1 files changed, 199 insertions, 13 deletions
diff --git a/docs/docbook/projdoc/SWAT.sgml b/docs/docbook/projdoc/SWAT.sgml index 763872d567..751138f138 100644 --- a/docs/docbook/projdoc/SWAT.sgml +++ b/docs/docbook/projdoc/SWAT.sgml @@ -35,6 +35,9 @@ a fully optimised file that has been stripped of all comments you might have pla and only non-default settings will be written to the file. </para></note> +<sect2> +<title>Enabling SWAT for use</title> + <para> SWAT should be installed to run via the network super daemon. Depending on which system your Unix/Linux system has you will have either an <filename>inetd</filename> or @@ -79,27 +82,80 @@ A control file for the newer style xinetd could be: disable = yes } </programlisting> + </para> <para> Both the above examples assume that the <filename>swat</filename> binary has been located in the <filename>/usr/sbin</filename> directory. In addition to the above -SWAT will use a directory access point from which it will load all it's help files, +SWAT will use a directory access point from which it will load it's help files as well as other control information. The default location for this on most Linux -systems is in the directory <filename>/usr/share/samba/swat</filename>. +systems is in the directory <filename>/usr/share/samba/swat</filename>. The default +location using samba defaults will be <filename>/usr/local/samba/swat</filename>. </para> <para> Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user the only permission allowed is to view certain aspects of configuration as well as -access to the password change facility. +access to the password change facility. The buttons that will be exposed to the non-root +user are: <emphasis>HOME, STATUS, VIEW, PASSWORD</emphasis>. The only page that allows +change capability in this case is <emphasis>PASSWORD</emphasis>. </para> <para> So long as you log onto SWAT as the user <command>root</command> you should obtain -full change and commit ability. +full change and commit ability. The buttons that will be exposed includes: +<emphasis>HOME, GLOBALS, SHARES, PRINTERS, WIZARD, STATUS, VIEW, PASSWORD</emphasis>. +</para> + +</sect2> + +<sect2> +<title>Securing SWAT through SSL</title> + +<para> +Lots of people have asked about how to setup SWAT with SSL to allow for secure remote +administration of Samba. Here is a method that works, courtesy of Markus Krieger +</para> + +<para> +Modifications to the swat setup are as following: +</para> + +<itemizedlist> + <listitem><para> + install OpenSSL + </para></listitem> + + <listitem><para> + generate certificate and private key + + <programlisting> + root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \ + /usr/share/doc/packages/stunnel/stunnel.cnf \ + -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem + </programlisting><para></listitem> + + <listitem><para> + remove swat-entry from [x]inetd + </para></listitem> + + <listitem><para> + start stunnel + + <programlisting> + root# stunnel -p /etc/stunnel/stunnel.pem -d 901 \ + -l /usr/local/samba/bin/swat swat + </programlisting></para></listitem> +</itemizedlist> + +<para> +afterwards simply contact to swat by using the URL "https://myhost:901", accept the certificate +and the SSL connection is up. </para> +</sect2> + <sect2> <title>The SWAT Home Page</title> @@ -109,46 +165,163 @@ each samba component is accessible from this page as are the Samba-HOWTO-Collect document) as well as the O'Reilly book "Using Samba". </para> +<para> +Administrators who wish to validate their samba configuration may obtain useful information +from the man pages for the diganostic utilities. These are available from the SWAT home page +also. One diagnostic tool that is NOT mentioned on this page, but that is particularly +useful is <command>ethereal</command>, available from <ulink url="http://www.ethereal.com"> +http://www.ethereal.com</ulink>. +</para> + +<note><para> +SWAT can be configured to run in <emphasis>demo</emphasis> mode. This is NOT recommended +as it runs SWAT without authentication and with full administrative ability. ie: Allows +changes to smb.conf as well as general operation with root privilidges. The option that +creates this ability is the <command>-a</command> flag to swat. DO NOT USE THIS IN ANY +PRODUCTION ENVIRONMENT - you have been warned! +</para></note> + </sect2> + <sect2> <title>Global Settings</title> <para> -Document steps right here! +The Globals button will expose a page that allows configuration of the global parameters +in smb.conf. There are three levels of exposure of the parameters: </para> +<itemizedlist> + <listitem><para> + <command>Basic</command> - exposes common configuration options. + </para></listitem> + + <listitem><para> + <command>Advanced</command> - exposes configuration options needed in more + complex environments. + </para></listitem> + + <listitem><para> + <command>Developer</command> - exposes configuration options that only the brave + will want to tamper with. + </para></listitem> +</itemizedlist> + +<para> +To switch to other than <emphasis>Basic</emphasis> editing ability click on either the +<emphasis>Advanced</emphasis> or the <emphasis>Developer</emphasis> dial, then click the +<emphasis>Commit Changes</emphasis> button. +</para> + +<para> +After making any changes to configuration parameters make sure that you click on the +<emphasis>Commit Changes</emphasis> button before moving to another area otherwise +your changes will be immediately lost. +</para> + +<note><para> +SWAT has context sensitive help. To find out what each parameter is for simply click the +<command>Help</command> link to the left of the configurartion parameter. +</para></note> + </sect2> + <sect2> -<title>The SWAT Wizard</title> +<title>Share Settings</title> <para> -Lots of blah blah here. +To affect a currenly configured share, simple click on the pull down button between the +<emphasis>Choose Share</emphasis> and the <emphasis>Delete Share</emphasis> buttons, +select the share you wish to operation on, then to edit the settings click on the +<emphasis>Choose Share</emphasis> button, to delete the share simply press the +<emphasis>Delete Share</emphasis> button. +</para> + +<para> +To create a new share, next to the button labelled <emphasis>Create Share</emphasis> enter +into the text field the name of the share to be created, then click on the +<emphasis>Create Share</emphasis> button. </para> </sect2> <sect2> -<title>Share Settings</title> +<title>Printers Settings</title> + +<para> +To affect a currenly configured printer, simple click on the pull down button between the +<emphasis>Choose Printer</emphasis> and the <emphasis>Delete Printer</emphasis> buttons, +select the printer you wish to operation on, then to edit the settings click on the +<emphasis>Choose Printer</emphasis> button, to delete the share simply press the +<emphasis>Delete Printer</emphasis> button. +</para> <para> -Document steps right here! +To create a new printer, next to the button labelled <emphasis>Create Printer</emphasis> enter +into the text field the name of the share to be created, then click on the +<emphasis>Create Printer</emphasis> button. </para> </sect2> <sect2> -<title>Printing Settings</title> +<title>The SWAT Wizard</title> + +<para> +The purpose if the SWAT Wizard is to help the Microsoft knowledgable network administrator +to configure Samba with a minimum of effort. +</para> + +<para> +The Wizard page provides a tool for rewiting the smb.conf file in fully optimised format. +This will also happen if you press the commit button. The two differ in the the rewrite button +ignores any changes that may have been made, while the Commit button causes all changes to be +affected. +</para> + +<para> +The <emphasis>Edit</emphasis> button permits the editing (setting) of the minimal set of +options that may be necessary to create a working samba server. +</para> <para> -Document steps right here! +Finally, there are a limited set of options that will determine what type of server samba +will be configured for, whether it will be a WINS server, participate as a WINS client, or +operate with no WINS support. By clicking on one button you can elect to epose (or not) user +home directories. </para> </sect2> + <sect2> <title>The Status Page</title> <para> -Document steps right here! +The status page serves a limited purpose. Firstly, it allows control of the samba daemons. +The key daemons that create the samba server environment are: <command> smbd, nmbd, winbindd</command>. +</para> + +<para> +The daemons may be controlled individually or as a total group. Additionally, you may set +an automatic screen refresh timing. As MS Windows clients interact with Samba new smbd processes +will be continually spawned. The auto-refresh facility will allow you to track the changing +conditions with minimal effort. +</para> + +<para> +Lastly, the Status page may be used to terminate specific smbd client connections in order to +free files that may be locked. +</para> + +</sect2> + +<sect2> +<title>The View Page</title> + +<para> +This page allows the administrator to view the optimised smb.conf file and if you are +particularly massochistic will permit you also to see all possible global configuration +parameters and their settings. </para> </sect2> @@ -157,7 +330,20 @@ Document steps right here! <title>The Password Change Page</title> <para> -Document steps right here! +The Password Change page is a popular tool. This tool allows to creation, deletion, deactivation +and reactivation of MS Windows networking users on the local machine. Alternatively, you can use +this tool to change a local password for a user account. +</para> + +<para> +When logged in as a non-root account the user will have to provide the old password as well as +the new password (twice). When logged in as <command>root</command> only the new password is +required. +</para> + +<para> +One popular use for this tool is to change user passwords across a range of remote MS Windows +servers. </para> </sect2> |