From d315de898bedcaf64e6a27ffb8ab29223a123f10 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Wed, 23 Apr 2003 04:39:34 +0000 Subject: Update - closed off for now (This used to be commit 8511042ff6f664eb2f5cc80a59859fb004f5be13) --- docs/docbook/projdoc/SWAT.sgml | 212 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 199 insertions(+), 13 deletions(-) (limited to 'docs/docbook/projdoc') diff --git a/docs/docbook/projdoc/SWAT.sgml b/docs/docbook/projdoc/SWAT.sgml index 763872d567..751138f138 100644 --- a/docs/docbook/projdoc/SWAT.sgml +++ b/docs/docbook/projdoc/SWAT.sgml @@ -35,6 +35,9 @@ a fully optimised file that has been stripped of all comments you might have pla and only non-default settings will be written to the file. + +Enabling SWAT for use + SWAT should be installed to run via the network super daemon. Depending on which system your Unix/Linux system has you will have either an inetd or @@ -79,27 +82,80 @@ A control file for the newer style xinetd could be: disable = yes } + Both the above examples assume that the swat binary has been located in the /usr/sbin directory. In addition to the above -SWAT will use a directory access point from which it will load all it's help files, +SWAT will use a directory access point from which it will load it's help files as well as other control information. The default location for this on most Linux -systems is in the directory /usr/share/samba/swat. +systems is in the directory /usr/share/samba/swat. The default +location using samba defaults will be /usr/local/samba/swat. Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user the only permission allowed is to view certain aspects of configuration as well as -access to the password change facility. +access to the password change facility. The buttons that will be exposed to the non-root +user are: HOME, STATUS, VIEW, PASSWORD. The only page that allows +change capability in this case is PASSWORD. So long as you log onto SWAT as the user root you should obtain -full change and commit ability. +full change and commit ability. The buttons that will be exposed includes: +HOME, GLOBALS, SHARES, PRINTERS, WIZARD, STATUS, VIEW, PASSWORD. + + + + + +Securing SWAT through SSL + + +Lots of people have asked about how to setup SWAT with SSL to allow for secure remote +administration of Samba. Here is a method that works, courtesy of Markus Krieger + + + +Modifications to the swat setup are as following: + + + + + install OpenSSL + + + + generate certificate and private key + + + root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \ + /usr/share/doc/packages/stunnel/stunnel.cnf \ + -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem + + + + remove swat-entry from [x]inetd + + + + start stunnel + + + root# stunnel -p /etc/stunnel/stunnel.pem -d 901 \ + -l /usr/local/samba/bin/swat swat + + + + +afterwards simply contact to swat by using the URL "https://myhost:901", accept the certificate +and the SSL connection is up. + + The SWAT Home Page @@ -109,46 +165,163 @@ each samba component is accessible from this page as are the Samba-HOWTO-Collect document) as well as the O'Reilly book "Using Samba". + +Administrators who wish to validate their samba configuration may obtain useful information +from the man pages for the diganostic utilities. These are available from the SWAT home page +also. One diagnostic tool that is NOT mentioned on this page, but that is particularly +useful is ethereal, available from +http://www.ethereal.com. + + + +SWAT can be configured to run in demo mode. This is NOT recommended +as it runs SWAT without authentication and with full administrative ability. ie: Allows +changes to smb.conf as well as general operation with root privilidges. The option that +creates this ability is the -a flag to swat. DO NOT USE THIS IN ANY +PRODUCTION ENVIRONMENT - you have been warned! + + + Global Settings -Document steps right here! +The Globals button will expose a page that allows configuration of the global parameters +in smb.conf. There are three levels of exposure of the parameters: + + + Basic - exposes common configuration options. + + + + Advanced - exposes configuration options needed in more + complex environments. + + + + Developer - exposes configuration options that only the brave + will want to tamper with. + + + + +To switch to other than Basic editing ability click on either the +Advanced or the Developer dial, then click the +Commit Changes button. + + + +After making any changes to configuration parameters make sure that you click on the +Commit Changes button before moving to another area otherwise +your changes will be immediately lost. + + + +SWAT has context sensitive help. To find out what each parameter is for simply click the +Help link to the left of the configurartion parameter. + + + -The SWAT Wizard +Share Settings -Lots of blah blah here. +To affect a currenly configured share, simple click on the pull down button between the +Choose Share and the Delete Share buttons, +select the share you wish to operation on, then to edit the settings click on the +Choose Share button, to delete the share simply press the +Delete Share button. + + + +To create a new share, next to the button labelled Create Share enter +into the text field the name of the share to be created, then click on the +Create Share button. -Share Settings +Printers Settings + + +To affect a currenly configured printer, simple click on the pull down button between the +Choose Printer and the Delete Printer buttons, +select the printer you wish to operation on, then to edit the settings click on the +Choose Printer button, to delete the share simply press the +Delete Printer button. + -Document steps right here! +To create a new printer, next to the button labelled Create Printer enter +into the text field the name of the share to be created, then click on the +Create Printer button. -Printing Settings +The SWAT Wizard + + +The purpose if the SWAT Wizard is to help the Microsoft knowledgable network administrator +to configure Samba with a minimum of effort. + + + +The Wizard page provides a tool for rewiting the smb.conf file in fully optimised format. +This will also happen if you press the commit button. The two differ in the the rewrite button +ignores any changes that may have been made, while the Commit button causes all changes to be +affected. + + + +The Edit button permits the editing (setting) of the minimal set of +options that may be necessary to create a working samba server. + -Document steps right here! +Finally, there are a limited set of options that will determine what type of server samba +will be configured for, whether it will be a WINS server, participate as a WINS client, or +operate with no WINS support. By clicking on one button you can elect to epose (or not) user +home directories. + The Status Page -Document steps right here! +The status page serves a limited purpose. Firstly, it allows control of the samba daemons. +The key daemons that create the samba server environment are: smbd, nmbd, winbindd. + + + +The daemons may be controlled individually or as a total group. Additionally, you may set +an automatic screen refresh timing. As MS Windows clients interact with Samba new smbd processes +will be continually spawned. The auto-refresh facility will allow you to track the changing +conditions with minimal effort. + + + +Lastly, the Status page may be used to terminate specific smbd client connections in order to +free files that may be locked. + + + + + +The View Page + + +This page allows the administrator to view the optimised smb.conf file and if you are +particularly massochistic will permit you also to see all possible global configuration +parameters and their settings. @@ -157,7 +330,20 @@ Document steps right here! The Password Change Page -Document steps right here! +The Password Change page is a popular tool. This tool allows to creation, deletion, deactivation +and reactivation of MS Windows networking users on the local machine. Alternatively, you can use +this tool to change a local password for a user account. + + + +When logged in as a non-root account the user will have to provide the old password as well as +the new password (twice). When logged in as root only the new password is +required. + + + +One popular use for this tool is to change user passwords across a range of remote MS Windows +servers. -- cgit