diff options
Diffstat (limited to 'docs/htmldocs/SWAT.html')
| -rw-r--r-- | docs/htmldocs/SWAT.html | 375 |
1 files changed, 0 insertions, 375 deletions
diff --git a/docs/htmldocs/SWAT.html b/docs/htmldocs/SWAT.html deleted file mode 100644 index d4c8b78dcf..0000000000 --- a/docs/htmldocs/SWAT.html +++ /dev/null @@ -1,375 +0,0 @@ -<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 32. SWAT The Samba Web Administration Tool</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.60.1"><link rel="home" href="index.html" title="SAMBA Project Documentation"><link rel="up" href="migration.html" title="Part IV. Migration and Updating"><link rel="previous" href="NT4Migration.html" title="Chapter 31. Migration from NT4 PDC to Samba-3 PDC"><link rel="next" href="troubleshooting.html" title="Part V. Troubleshooting"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 32. SWAT The Samba Web Administration Tool</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="NT4Migration.html">Prev</a> </td><th width="60%" align="center">Part IV. Migration and Updating</th><td width="20%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="SWAT"></a>Chapter 32. SWAT The Samba Web Administration Tool</h2></div><div><div class="author"><h3 class="author"><span class="firstname">John</span> <span class="othername">H.</span> <span class="surname">Terpstra</span></h3><div class="affiliation"><span class="orgname">Samba Team<br></span><div class="address"><p><tt class="email"><<a href="mailto:jht@samba.org">jht@samba.org</a>></tt></p></div></div></div></div><div><p class="pubdate">April 21, 2003</p></div></div><div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><a href="SWAT.html#id2967624">Features and Benefits</a></dt><dt><a href="SWAT.html#id2967718">Guidelines and Technical Tips</a></dt><dd><dl><dt><a href="SWAT.html#id2967733">Validate SWAT Installation</a></dt><dt><a href="SWAT.html#xinetd">Enabling SWAT for Use</a></dt><dt><a href="SWAT.html#id2968330">Securing SWAT through SSL</a></dt><dt><a href="SWAT.html#id2968458">Enabling SWAT Internationalization Support</a></dt></dl></dd><dt><a href="SWAT.html#id2968628">Overview and Quick Tour</a></dt><dd><dl><dt><a href="SWAT.html#id2968644">The SWAT Home Page</a></dt><dt><a href="SWAT.html#id2968718">Global Settings</a></dt><dt><a href="SWAT.html#id2968838">Share Settings</a></dt><dt><a href="SWAT.html#id2968902">Printers Settings</a></dt><dt><a href="SWAT.html#id2968967">The SWAT Wizard</a></dt><dt><a href="SWAT.html#id2969040">The Status Page</a></dt><dt><a href="SWAT.html#id2969092">The View Page</a></dt><dt><a href="SWAT.html#id2969115">The Password Change Page</a></dt></dl></dd></dl></div><p> -There are many and varied opinions regarding the usefulness of SWAT. -No matter how hard one tries to produce the perfect configuration tool, it remains -an object of personal taste. SWAT is a tool that will allow Web-based configuration -of Samba. It has a wizard that may help to get Samba configured -quickly, it has context-sensitive help on each <tt class="filename">smb.conf</tt> parameter, it provides for monitoring of current state -of connection information, and it allows network-wide MS Windows network password -management. -</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2967624"></a>Features and Benefits</h2></div></div><div></div></div><p> -SWAT is a facility that is part of the Samba suite. The main executable is called -<b class="command">swat</b> and is invoked by the inter-networking super daemon. -See <link linkend="xinetd"> for details. -</p><p> -SWAT uses integral samba components to locate parameters supported by the particular -version of Samba. Unlike tools and utilities that are external to Samba, SWAT is always -up to date as known Samba parameters change. SWAT provides context-sensitive help for each -configuration parameter, directly from <b class="command">man</b> page entries. -</p><p> -There are network administrators who believe that it is a good idea to write systems -documentation inside configuration files, and for them SWAT will aways be a nasty tool. SWAT -does not store the configuration file in any intermediate form, rather, it stores only the -parameter settings, so when SWAT writes the <tt class="filename">smb.conf</tt> file to disk, it will write only -those parameters that are at other than the default settings. The result is that all comments, -as well as parameters that are no longer supported, will be lost from the <tt class="filename">smb.conf</tt> file. -Additionally, the parameters will be written back in internal ordering. -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -Before using SWAT, please be warned SWAT will completely replace your <tt class="filename">smb.conf</tt> with -a fully-optimized file that has been stripped of all comments you might have placed there -and only non-default settings will be written to the file. -</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2967718"></a>Guidelines and Technical Tips</h2></div></div><div></div></div><p> -This section aims to unlock the dark secrets behind how SWAT may be made to work, -may be made more secure, and how to solve Internationalization support problems. -</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2967733"></a>Validate SWAT Installation</h3></div></div><div></div></div><p> -The very first step that should be taken before attempting to configure a host -system for SWAT operation is to check that it is installed. This may seem a trivial -point to some, however several Linux distributions do not install SWAT by default, -even though they do ship an installable binary support package containing SWAT -on the distribution media. -</p><p> -When you have configrmed that SWAT is installed it is necessary to validate -that the installation includes the binary <b class="command">swat</b> file as well -as all the supporting text and Web files. A number of operating system distributions -in the past have failed to include the necessary support files, evne though the -<b class="command">swat</b> binary executable file was installed. -</p><p> -Finally, when you are sure that SWAT has been fully installed, please check the SWAT -has been enebled in the control file for the internetworking super-daemon (inetd or xinetd) -that is used on your operating system platform. -</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2967782"></a>Locating the <b class="command">swat</b> File</h4></div></div><div></div></div><p> -To validate that SWAT is installed, first locate the <b class="command">swat</b> binary -file on the system. It may be found under the following directories: -</p><table class="simplelist" border="0" summary="Simple list"><tr><td><tt class="filename">/usr/local/samba/bin</tt> the default Samba location.</td></tr><tr><td><tt class="filename">/usr/sbin</tt> the default location on most Linux systems.</td></tr><tr><td><tt class="filename">/opt/samba/bin</tt></td></tr></table><p> -</p><p> -The actual location is much dependant on the choice of the operating system vendor, or as determined -by the administrator who compiled and installed Samba. -</p><p> -There are a number methods that may be used to locate the <b class="command">swat</b> binary file. -The following methods may be helpful: -</p><p> -If <b class="command">swat</b> is in your current operating system search path it will be easy to -find it. You can ask what are the command-line options for <b class="command">swat</b> as shown here: -</p><pre class="screen"> -frodo:~ # swat -? -Usage: swat [OPTION...] - -a, --disable-authentication Disable authentication (demo mode) - -Help options: - -?, --help Show this help message - --usage Display brief usage message - -Common samba options: - -d, --debuglevel=DEBUGLEVEL Set debug level - -s, --configfile=CONFIGFILE Use alternative configuration file - -l, --log-basename=LOGFILEBASE Basename for log/debug files - -V, --version Print version -</pre><p> -</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2967911"></a>Locating the SWAT Support Files</h4></div></div><div></div></div><p> -Now that you have found that <b class="command">swat</b> is in the search path, it is easy -to identify where the file is located. Here is another simple way this may be done: -</p><pre class="screen"> -frodo:~ # whereis swat -swat: /usr/sbin/swat /usr/share/man/man8/swat.8.gz -</pre><p> -</p><p> -If the above measures fail to locate the <b class="command">swat</b> binary, another approach -is needed. The following may be used: -</p><pre class="screen"> -frodo:/ # find / -name swat -print -/etc/xinetd.d/swat -/usr/sbin/swat -/usr/share/samba/swat -frodo:/ # -</pre><p> -</p><p> -This list shows that there is a control file for <b class="command">xinetd</b>, the internetwork -super-daemon that is installed on this server. The location of the SWAT binary file is -<tt class="filename">/usr/sbin/swat</tt>, and the support files for it are located under the -directory <tt class="filename">/usr/share/samba/swat</tt>. -</p><p> -We must now check where <b class="command">swat</b> expects to find its support files. This can -be done as follows: -</p><pre class="screen"> -frodo:/ # strings /usr/sbin/swat | grep "/swat" -/swat/ -... -/usr/share/samba/swat -frodo:/ # -</pre><p> -</p><p> -The <tt class="filename">/usr/share/samba/swat/</tt> entry shown in this listing is the location of the -support files. You should verify that the support files exist under this directory. A sample -list is as shown: -</p><pre class="screen"> -jht@frodo:/> find /usr/share/samba/swat -print -/usr/share/samba/swat -/usr/share/samba/swat/help -/usr/share/samba/swat/lang -/usr/share/samba/swat/lang/ja -/usr/share/samba/swat/lang/ja/help -/usr/share/samba/swat/lang/ja/help/welcome.html -/usr/share/samba/swat/lang/ja/images -/usr/share/samba/swat/lang/ja/images/home.gif -... -/usr/share/samba/swat/lang/ja/include -/usr/share/samba/swat/lang/ja/include/header.nocss.html -... -/usr/share/samba/swat/lang/tr -/usr/share/samba/swat/lang/tr/help -/usr/share/samba/swat/lang/tr/help/welcome.html -/usr/share/samba/swat/lang/tr/images -/usr/share/samba/swat/lang/tr/images/home.gif -... -/usr/share/samba/swat/lang/tr/include -/usr/share/samba/swat/lang/tr/include/header.html -/usr/share/samba/swat/using_samba -... -/usr/share/samba/swat/images -/usr/share/samba/swat/images/home.gif -... -/usr/share/samba/swat/include -/usr/share/samba/swat/include/footer.html -/usr/share/samba/swat/include/header.html -jht@frodo:/> -</pre><p> -</p><p> -If the files needed are not available it will be necessary to obtain and install them -before SWAT can be used. -</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="xinetd"></a>Enabling SWAT for Use</h3></div></div><div></div></div><p> -SWAT should be installed to run via the network super-daemon. Depending on which system -your UNIX/Linux system has, you will have either an <b class="command">inetd</b>- or -<b class="command">xinetd</b>-based system. -</p><p> -The nature and location of the network super-daemon varies with the operating system -implementation. The control file (or files) can be located in the file -<tt class="filename">/etc/inetd.conf</tt> or in the directory <tt class="filename">/etc/[x]inet[d].d</tt> -or similar. -</p><p> -The control entry for the older style file might be: -<a class="indexterm" name="id2968135"></a> -</p><pre class="programlisting"> - # swat is the Samba Web Administration Tool - swat stream tcp nowait.400 root /usr/sbin/swat swat -</pre><p> -A control file for the newer style xinetd could be: -</p><p> -</p><pre class="programlisting"> -# default: off -# description: SWAT is the Samba Web Admin Tool. Use swat \ -# to configure your Samba server. To use SWAT, \ -# connect to port 901 with your favorite web browser. -service swat -{ - port = 901 - socket_type = stream - wait = no - only_from = localhost - user = root - server = /usr/sbin/swat - log_on_failure += USERID - disable = yes -} -</pre><p> - -</p><p> -Both of the above examples assume that the <b class="command">swat</b> binary has been -located in the <tt class="filename">/usr/sbin</tt> directory. In addition to the above, -SWAT will use a directory access point from which it will load its Help files -as well as other control information. The default location for this on most Linux -systems is in the directory <tt class="filename">/usr/share/samba/swat</tt>. The default -location using Samba defaults will be <tt class="filename">/usr/local/samba/swat</tt>. -</p><p> -Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user, -the only permission allowed is to view certain aspects of configuration as well as -access to the password change facility. The buttons that will be exposed to the non-root -user are: <span class="guibutton">HOME</span>, <span class="guibutton">STATUS</span>, <span class="guibutton">VIEW</span>, -<span class="guibutton">PASSWORD</span>. The only page that allows -change capability in this case is <span class="guibutton">PASSWORD</span>. -</p><p> -As long as you log onto SWAT as the user <span class="emphasis"><em>root</em></span>, you should obtain -full change and commit ability. The buttons that will be exposed include: -<span class="guibutton">HOME</span>, <span class="guibutton">GLOBALS</span>, <span class="guibutton">SHARES</span>, <span class="guibutton">PRINTERS</span>, -<span class="guibutton">WIZARD</span>, <span class="guibutton">STATUS</span>, <span class="guibutton">VIEW</span>, <span class="guibutton">PASSWORD</span>. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968330"></a>Securing SWAT through SSL</h3></div></div><div></div></div><p> -<a class="indexterm" name="id2968341"></a> -Many people have asked about how to setup SWAT with SSL to allow for secure remote -administration of Samba. Here is a method that works, courtesy of Markus Krieger. -</p><p> -Modifications to the SWAT setup are as follows: -</p><div class="procedure"><ol type="1"><li><p> - Install OpenSSL. - </p></li><li><p> - Generate certificate and private key. - -</p><pre class="screen"> -<tt class="prompt">root# </tt><b class="userinput"><tt>/usr/bin/openssl req -new -x509 -days 365 -nodes -config \ - /usr/share/doc/packages/stunnel/stunnel.cnf \ - -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem</tt></b> -</pre></li><li><p> - Remove swat-entry from [x]inetd. - </p></li><li><p> - Start <b class="command">stunnel</b>. - -</p><pre class="screen"> -<tt class="prompt">root# </tt><b class="userinput"><tt>stunnel -p /etc/stunnel/stunnel.pem -d 901 \ - -l /usr/local/samba/bin/swat swat </tt></b> -</pre></li></ol></div><p> -Afterward, simply connect to swat by using the URL <ulink url="https://myhost:901">https://myhost:901</ulink>, accept the certificate -and the SSL connection is up. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968458"></a>Enabling SWAT Internationalization Support</h3></div></div><div></div></div><p> -SWAT can be configured to display its messages to match the settings of -the language configurations of your Web browser. It will be passed to SWAT -in the Accept-Language header of the HTTP request. -</p><p> - -</p><p> -To enable this feature: -</p><p> - -</p><div class="itemizedlist"><ul type="disc"><li><p> - Install the proper <b class="command">msg</b> files from the Samba - <tt class="filename">source/po</tt> directory into $LIBDIR. - </p></li><li><p> - Set the correct locale value for <a class="indexterm" name="id2968509"></a><i class="parameter"><tt>display charset</tt></i>. - </p></li><li><p> - Set your browser's language setting. - </p></li></ul></div><p> - -</p><p> -The name of msg file is same as the language ID sent by the browser. For -example en means "English", ja means "Japanese", fr means "French. -</p><p> - -</p><p> -If you do not like some of messages, or there are no <b class="command">msg</b> files for -your locale, you can create them simply by copying the <b class="command">en.msg</b> files -to the dirertory for “<span class="quote">your language ID.msg</span>” and filling in proper strings -to each “<span class="quote">msgstr</span>”. For example, in <tt class="filename">it.msg</tt>, the -<b class="command">msg</b> file for the Italian locale, just set: -</p><pre class="screen"> -msgid "Set Default" -msgstr "Imposta Default" -</pre><p> -and so on. If you find a mistake or create a new <b class="command">msg</b> file, please email it -to us so we will include this in the next release of Samba. -</p><p> - -</p><p> -Note that if you enable this feature and the <a class="indexterm" name="id2968601"></a><i class="parameter"><tt>display charset</tt></i> is not -matched to your browser's setting, the SWAT display may be corrupted. In a future version of -Samba, SWAT will always display messages with UTF-8 encoding. You will then not need to set -this <tt class="filename">smb.conf</tt> file parameter. -</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2968628"></a>Overview and Quick Tour</h2></div></div><div></div></div><p> -SWAT is a tools that many be used to configure Samba, or just to obtain useful links -to important reference materials such as the contents of this book, as well as other -documents that have been found useful for solving Windows networking problems. -</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968644"></a>The SWAT Home Page</h3></div></div><div></div></div><p> -The SWAT title page provides access to the latest Samba documentation. The manual page for -each Samba component is accessible from this page, as are the Samba HOWTO-Collection (this -document) as well as the O'Reilly book “<span class="quote">Using Samba.</span>” -</p><p> -Administrators who wish to validate their Samba configuration may obtain useful information -from the man pages for the diagnostic utilities. These are available from the SWAT home page -also. One diagnostic tool that is not mentioned on this page, but that is particularly -useful is <ulink url="http://www.ethereal.com/">ethereal.</ulink> -</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> -SWAT can be configured to run in <span class="emphasis"><em>demo</em></span> mode. This is not recommended -as it runs SWAT without authentication and with full administrative ability. Allows -changes to <tt class="filename">smb.conf</tt> as well as general operation with root privileges. The option that -creates this ability is the <tt class="option">-a</tt> flag to swat. <span class="emphasis"><em>Do not use this in a -production environment.</em></span> -</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968718"></a>Global Settings</h3></div></div><div></div></div><p> -The <span class="guibutton">GLOBALS</span> button will expose a page that allows configuration of the global parameters -in <tt class="filename">smb.conf</tt>. There are two levels of exposure of the parameters: -</p><div class="itemizedlist"><ul type="disc"><li><p> - <span class="guibutton">Basic</span> exposes common configuration options. - </p></li><li><p> - <span class="guibutton">Advanced</span> exposes configuration options needed in more - complex environments. - </p></li></ul></div><p> -To switch to other than <span class="guibutton">Basic</span> editing ability, click on <span class="guibutton">Advanced</span>. -You may also do this by clicking on the radio button, then click on the <span class="guibutton">Commit Changes</span> button. -</p><p> -After making any changes to configuration parameters, make sure that -you click on the -<span class="guibutton">Commit Changes</span> button before moving to another area, otherwise -your changes will be lost. -</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p> -SWAT has context-sensitive help. To find out what each parameter is -for, simply click on the -<span class="guibutton">Help</span> link to the left of the configuration parameter. -</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968838"></a>Share Settings</h3></div></div><div></div></div><p> -To effect a currently configured share, simply click on the pull down button between the -<span class="guibutton">Choose Share</span> and the <span class="guibutton">Delete Share</span> buttons, -select the share you wish to operate on, then to edit the settings -click on the -<span class="guibutton">Choose Share</span> button. To delete the share, simply press the -<span class="guibutton">Delete Share</span> button. -</p><p> -To create a new share, next to the button labeled <span class="guibutton">Create Share</span> enter -into the text field the name of the share to be created, then click on the -<span class="guibutton">Create Share</span> button. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968902"></a>Printers Settings</h3></div></div><div></div></div><p> -To affect a currently configured printer, simply click on the pull down button between the -<span class="guibutton">Choose Printer</span> and the <span class="guibutton">Delete Printer</span> buttons, -select the printer you wish to operate on, then to edit the settings -click on the -<span class="guibutton">Choose Printer</span> button. To delete the share, simply press the -<span class="guibutton">Delete Printer</span> button. -</p><p> -To create a new printer, next to the button labeled <span class="guibutton">Create Printer</span> enter -into the text field the name of the share to be created, then click on the -<span class="guibutton">Create Printer</span> button. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2968967"></a>The SWAT Wizard</h3></div></div><div></div></div><p> -The purpose if the SWAT Wizard is to help the Microsoft-knowledgeable network administrator -to configure Samba with a minimum of effort. -</p><p> -The Wizard page provides a tool for rewriting the <tt class="filename">smb.conf</tt> file in fully optimized format. -This will also happen if you press the <span class="guibutton">Commit</span> button. The two differ -since the <span class="guibutton">Rewrite</span> button ignores any changes that may have been made, -while the <span class="guibutton">Commit</span> button causes all changes to be affected. -</p><p> -The <span class="guibutton">Edit</span> button permits the editing (setting) of the minimal set of -options that may be necessary to create a working Samba server. -</p><p> -Finally, there are a limited set of options that will determine what type of server Samba -will be configured for, whether it will be a WINS server, participate as a WINS client, or -operate with no WINS support. By clicking one button, you can elect to expose (or not) user -home directories. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2969040"></a>The Status Page</h3></div></div><div></div></div><p> -The status page serves a limited purpose. First, it allows control of the Samba daemons. -The key daemons that create the Samba server environment are: <span class="application">smbd</span>, <span class="application">nmbd</span>, <span class="application">winbindd</span>. -</p><p> -The daemons may be controlled individually or as a total group. Additionally, you may set -an automatic screen refresh timing. As MS Windows clients interact with Samba, new smbd processes -will be continually spawned. The auto-refresh facility will allow you to track the changing -conditions with minimal effort. -</p><p> -Lastly, the Status page may be used to terminate specific smbd client connections in order to -free files that may be locked. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2969092"></a>The View Page</h3></div></div><div></div></div><p> -This page allows the administrator to view the optimized <tt class="filename">smb.conf</tt> file and, if you are -particularly masochistic, will permit you also to see all possible global configuration -parameters and their settings. -</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2969115"></a>The Password Change Page</h3></div></div><div></div></div><p> -The Password Change page is a popular tool that allows the creation, deletion, deactivation, -and reactivation of MS Windows networking users on the local machine. Alternately, you can use -this tool to change a local password for a user account. -</p><p> -When logged in as a non-root account, the user will have to provide the old password as well as -the new password (twice). When logged in as <span class="emphasis"><em>root</em></span>, only the new password is -required. -</p><p> -One popular use for this tool is to change user passwords across a range of remote MS Windows -servers. -</p></div></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="NT4Migration.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="migration.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="troubleshooting.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">Chapter 31. Migration from NT4 PDC to Samba-3 PDC </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> Part V. Troubleshooting</td></tr></table></div></body></html> |