From 99bde6889d3d8b7a9e950c86c30e82662e1dacdd Mon Sep 17 00:00:00 2001
From: Gerald Carter Table of Contents
+ Table of Contents
There are many and varied opinions regarding the usefulness or otherwise of SWAT.
No matter how hard one tries to produce the perfect configuration tool it remains
an object of personal taste. SWAT is a tool that will allow web based configuration
@@ -6,7 +6,7 @@ of samba. It has a wizard that may help to get samba configured quickly, it has
sensitive help on each smb.conf parameter, it provides for monitoring of current state
of connection information, and it allows network wide MS Windows network password
management.
-
+
There are network administrators who believe that it is a good idea to write systems
documentation inside configuration files, for them SWAT will aways be a nasty tool. SWAT
does not store the configuration file in any intermediate form, rather, it stores only the
@@ -18,9 +18,9 @@ internal ordering.
So before using SWAT please be warned - SWAT will completely replace your smb.conf with
a fully optimised file that has been stripped of all comments you might have placed there
and only non-default settings will be written to the file.
-
SWAT should be installed to run via the network super daemon. Depending on which system
-your Unix/Linux system has you will have either an inetd or
+your UNIX/Linux system has you will have either an inetd or
xinetd based system.
The nature and location of the network super-daemon varies with the operating system
@@ -72,7 +72,7 @@ So long as you log onto SWAT as the user rootHOME, , , ,
, , , .
-
Lots of people have asked about how to setup SWAT with SSL to allow for secure remote
administration of Samba. Here is a method that works, courtesy of Markus Krieger
@@ -82,22 +82,22 @@ Modifications to the swat setup are as following:
generate certificate and private key
-
+
remove swat-entry from [x]inetd
start stunnel
-
+
afterwords simply contact to swat by using the URL https://myhost:901, accept the certificate
and the SSL connection is up.
-
The SWAT title page provides access to the latest Samba documentation. The manual page for
each samba component is accessible from this page as are the Samba-HOWTO-Collection (this
document) as well as the O'Reilly book "Using Samba".
@@ -105,15 +105,14 @@ document) as well as the O'Reilly book "Using Samba".
Administrators who wish to validate their samba configuration may obtain useful information
from the man pages for the diagnostic utilities. These are available from the SWAT home page
also. One diagnostic tool that is NOT mentioned on this page, but that is particularly
-useful is ethereal, available from
-http://www.ethereal.com.
+useful is ethereal.
SWAT can be configured to run in demo mode. This is NOT recommended
as it runs SWAT without authentication and with full administrative ability. ie: Allows
changes to smb.conf as well as general operation with root privileges. The option that
creates this ability is the -a flag to swat. Do not use this in any
production environment.
-
The Globals button will expose a page that allows configuration of the global parameters
in smb.conf. There are three levels of exposure of the parameters:
@@ -126,8 +125,8 @@ in smb.conf. There are three levels of exposure of the parameters:
will want to tamper with.
To switch to other than Basic editing ability click on either the
-Advanced or the Developer dial, then click the
- button.
+Advanced or the Developer button. You may also
+do this by clicking on the radio button, then click the button.
After making any changes to configuration parameters make sure that you click on the
SWAT has context sensitive help. To find out what each parameter is for simply click the
To affect a currently configured share, simply click on the pull down button between the
To affect a currently configured printer, simply click on the pull down button between the
The purpose if the SWAT Wizard is to help the Microsoft knowledgeable network administrator
to configure Samba with a minimum of effort.
@@ -171,7 +170,7 @@ Finally, there are a limited set of options that will determine what type of ser
will be configured for, whether it will be a WINS server, participate as a WINS client, or
operate with no WINS support. By clicking on one button you can elect to expose (or not) user
home directories.
-
The status page serves a limited purpose. Firstly, it allows control of the samba daemons.
The key daemons that create the samba server environment are: smbd, nmbd, winbindd.
@@ -182,11 +181,11 @@ conditions with minimal effort.
Lastly, the Status page may be used to terminate specific smbd client connections in order to
free files that may be locked.
-
This page allows the administrator to view the optimised smb.conf file and, if you are
particularly masochistic, will permit you also to see all possible global configuration
parameters and their settings.
-
The Password Change page is a popular tool. This tool allows the creation, deletion, deactivation
and reactivation of MS Windows networking users on the local machine. Alternatively, you can use
this tool to change a local password for a user account.
@@ -197,4 +196,4 @@ required.
One popular use for this tool is to change user passwords across a range of remote MS Windows
servers.
-
+
root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \
- /usr/share/doc/packages/stunnel/stunnel.cnf \
+ /usr/share/doc/packages/stunnel/stunnel.cnf \
-out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
-
+
root# stunnel -p /etc/stunnel/stunnel.pem -d 901 \
-l /usr/local/samba/bin/swat swat
-
Warning
Note