From e09d3b1ad86af9acf26bedb9d3bb36a63667f2a9 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Tue, 28 Jun 2005 20:23:06 +0000 Subject: Update. (This used to be commit 8055cc5af4821b244edc6b567fb7a69b31ba258e) --- docs/Samba3-HOWTO/TOSHARG-SWAT.xml | 58 ++++++++++++++++++++++++++++++-------- 1 file changed, 47 insertions(+), 11 deletions(-) diff --git a/docs/Samba3-HOWTO/TOSHARG-SWAT.xml b/docs/Samba3-HOWTO/TOSHARG-SWAT.xml index 1f05a3f25d..73b092f7f0 100644 --- a/docs/Samba3-HOWTO/TOSHARG-SWAT.xml +++ b/docs/Samba3-HOWTO/TOSHARG-SWAT.xml @@ -9,25 +9,28 @@ SWAT: The Samba Web Administration Tool -There are many and varied opinions regarding the usefulness of SWAT. -No matter how hard one tries to produce the perfect configuration tool, it remains -an object of personal taste. SWAT is a tool that allows Web-based configuration -of Samba. It has a wizard that may help to get Samba configured -quickly, it has context-sensitive help on each &smb.conf; parameter, it provides for monitoring of current state -of connection information, and it allows networkwide MS Windows network password -management. +configuration tool +SWAT +Web-based configuration +There are many and varied opinions regarding the usefulness of SWAT. No matter how hard one tries to produce +the perfect configuration tool, it remains an object of personal taste. SWAT is a tool that allows Web-based +configuration of Samba. It has a wizard that may help to get Samba configured quickly, it has +context-sensitive help on each &smb.conf; parameter, it provides for monitoring of current state of connection +information, and it allows networkwide MS Windows network password management. Features and Benefits +internetworking super daemon SWAT is a facility that is part of the Samba suite. The main executable is called swat and is invoked by the internetworking super daemon. See appropriate section for details. +man SWAT uses integral Samba components to locate parameters supported by the particular version of Samba. Unlike tools and utilities that are external to Samba, SWAT is always up to date as known Samba parameters change. SWAT provides context-sensitive help for each @@ -35,6 +38,9 @@ configuration parameter, directly from man page entries. +documentation +configuration files +internal ordering Some network administrators believe that it is a good idea to write systems documentation inside configuration files, and for them SWAT will always be a nasty tool. SWAT does not store the configuration file in any intermediate form; rather, it stores only the @@ -45,6 +51,7 @@ Additionally, the parameters will be written back in internal ordering. +stripped of comments Before using SWAT, please be warned &smbmdash; SWAT will completely replace your &smb.conf; with a fully optimized file that has been stripped of all comments you might have placed there and only nondefault settings will be written to the file. @@ -56,6 +63,7 @@ and only nondefault settings will be written to the file. Guidelines and Technical Tips +internationalization support This section aims to unlock the dark secrets behind how SWAT may be made to work, how it can be made more secure, and how to solve internationalization support problems. @@ -64,6 +72,7 @@ how it can be made more secure, and how to solve internationalization support pr Validate SWAT Installation +SWAT binary support The very first step that should be taken before attempting to configure a host system for SWAT operation is to check that it is installed. This may seem a trivial point to some, but several Linux distributions do not install SWAT by default, @@ -72,6 +81,7 @@ on the distribution media. +swat When you have confirmed that SWAT is installed, it is necessary to validate that the installation includes the binary swat file as well as all the supporting text and Web files. A number of operating system distributions @@ -80,6 +90,8 @@ in the past have failed to include the necessary support files, even though the +inetd +xinetd Finally, when you are sure that SWAT has been fully installed, please check that SWAT is enabled in the control file for the internetworking super-daemon (inetd or xinetd) that is used on your operating system platform. @@ -89,6 +101,9 @@ that is used on your operating system platform. Locating the <command>SWAT</command> File +/usr/local/samba/bin +/usr/sbin +/opt/samba/bin To validate that SWAT is installed, first locate the swat binary file on the system. It may be found under the following directories: @@ -109,6 +124,9 @@ The following methods may be helpful. +swat +operating system search path +swat command-line options If swat is in your current operating system search path, it will be easy to find it. You can ask what are the command-line options for swat as shown here: @@ -274,6 +292,10 @@ as shown. +swat +/usr/sbin +/usr/share/samba/swat +/usr/local/samba/swat Both of the previous examples assume that the swat binary has been located in the /usr/sbin directory. In addition to the above, SWAT will use a directory access point from which it will load its Help files @@ -283,6 +305,8 @@ location using Samba defaults will be /usr/local/samba/swat +SWAT permission allowed +password change facility Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user, the only permission allowed is to view certain aspects of configuration as well as access to the password change facility. The buttons that will be exposed to the non-root @@ -305,6 +329,7 @@ full change and commit ability. The buttons that will be exposed include +SSL swatsecurity Many people have asked about how to set up SWAT with SSL to allow for secure remote administration of Samba. Here is a method that works, courtesy of Markus Krieger. @@ -316,12 +341,15 @@ Modifications to the SWAT setup are as follows: +OpenSSL Install OpenSSL. +certificate +private key Generate certificate and private key. - +/usr/bin/openssl &rootprompt;/usr/bin/openssl req -new -x509 -days 365 -nodes -config \ /usr/share/doc/packages/stunnel/stunnel.cnf \ @@ -333,6 +361,7 @@ Modifications to the SWAT setup are as follows: +stunnel Start stunnel. @@ -342,8 +371,8 @@ Modifications to the SWAT setup are as follows: -Afterward, simply connect to SWAT by using the URL https://myhost:901, accept the certificate, -and the SSL connection is up. +Afterward, simply connect to SWAT by using the URL https://myhost:901, accept the certificate, and the SSL connection is up. @@ -373,11 +402,16 @@ To enable this feature: +msg file +Japanese +French +English The name of the msg file is the same as the language ID sent by the browser. For example, en means English, ja means Japanese, fr means French. +locale If you do not like some of messages, or there are no msg files for your locale, you can create them simply by copying the en.msg files to the directory for your language ID.msg and filling in proper strings @@ -387,11 +421,13 @@ to each msgstr. For example, in it.msg, the msgid "Set Default" msgstr "Imposta Default" +msg and so on. If you find a mistake or create a new msg file, please email it to us so we will consider it in the next release of Samba. The msg file should be encoded in UTF-8. +UTF-8 encoding Note that if you enable this feature and the is not matched to your browser's setting, the SWAT display may be corrupted. In a future version of Samba, SWAT will always display messages with UTF-8 encoding. You will then not need to set @@ -416,7 +452,7 @@ documents that have been found useful for solving Windows networking problems. The SWAT title page provides access to the latest Samba documentation. The manual page for -each Samba component is accessible from this page, as are the Samba HOWTO-Collection (this +each Samba component is accessible from this page, as are the Samba3-HOWTO (this document) as well as the O'Reilly book Using Samba. -- cgit