1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
diff -uNr samba-2.999+3.0.alpha21.orig/docs/htmldocs/using_samba/ch06_05.html samba-2.999+3.0.alpha21/docs/htmldocs/using_samba/ch06_05.html
--- samba-2.999+3.0.alpha21.orig/docs/htmldocs/using_samba/ch06_05.html 2000-07-30 02:38:29.000000000 -0500
+++ samba-2.999+3.0.alpha21/docs/htmldocs/using_samba/ch06_05.html 2002-12-16 23:15:46.000000000 -0600
@@ -102,13 +102,13 @@
WARNING:</strong> You will need to use at least Samba 2.1 to ensure that PDC functionality for Windows NT clients is present. Prior to Samba 2.1, only limited user authentication for NT clients was present. At the time this book went to press, Samba 2.0.5 was the latest version, but Samba 2.1 was available through CVS download. Instructions on downloading alpha versions of Samba are given in <a href="appe_01.html"><b>Appendix E, <CITE CLASS="appendix">Downloading Samba with CVS</cite></b></a>.</p></blockquote><P CLASS="para">
As before, you need to ensure that Samba is a primary domain controller for the current workgroup and is using user-level security. However, you must also ensure that Samba is using encrypted passwords. In other words, alter the <CODE CLASS="literal">
[global]</code> options the previous example to include the <CODE CLASS="literal">
-encrypted</code> <CODE CLASS="literal">
+encrypt</code> <CODE CLASS="literal">
passwords</code> <CODE CLASS="literal">
=</code> <CODE CLASS="literal">
yes</code> option, as shown here: </p><PRE CLASS="programlisting">
[global]
workgroup = SIMPLE
- encrypted passwords = yes
+ encrypt passwords = yes
domain logons = yes
security = user </pre></div><DIV CLASS="sect3">
--- samba-2.2.2.cvs20020120.orig/swat/README
+++ samba-2.2.2.cvs20020120/swat/README
@@ -1,3 +1,11 @@
+[Debian-specific Note: you can safely skip the installation notes in
+this document. swat was configured for you when the package was
+installed. For security reasons, swat is not enabled. To enable it, you
+need to edit /etc/inetd.conf, uncomment the swat entry, and reload
+inetd. Please note that the file locations given in this file are not
+correct for the Debian version of swat. The correct file locations are
+given in swat's man page.]
+
This is a brief description of how to install and use the Samba Web
Administration Tool on your machine.
--- samba_3_0/docs/manpages/swat.8.orig 2003-06-06 16:16:24.000000000 -0400
+++ samba_3_0/docs/manpages/swat.8 2003-06-06 16:25:13.000000000 -0400
@@ -89,6 +89,13 @@
.SH "INSTALLATION"
.PP
+\fBDebian-specific Note\fR: all these steps have already been done for
+you. However, by default, swat is not enabled. This has been done for
+security reasons. To enable swat you need to edit /etc/inetd.conf,
+uncomment the swat entry (usually at the end of the file), and then
+restart inetd.
+
+.PP
Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
.PP
@@ -96,15 +103,15 @@
.TP 3
\(bu
-/usr/local/samba/bin/swat
+/usr/sbin/swat
.TP
\(bu
-/usr/local/samba/swat/images/*
+/usr/share/samba/swat/images/*
.TP
\(bu
-/usr/local/samba/swat/help/*
+/usr/share/samba/swat/help/*
.LP
@@ -114,7 +121,7 @@
You need to edit your \fI/etc/inetd\&.conf \fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR\&.
.PP
-In \fI/etc/services\fR you need to add a line like this:
+In \fI/etc/services\fR you need to add a line like this (not needed for Debian):
.PP
\fBswat 901/tcp\fR
@@ -126,10 +133,10 @@
the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your\fBinetd\fR daemon)\&.
.PP
-In \fI/etc/inetd\&.conf\fR you should add a line like this:
+In \fI/etc/inetd\&.conf\fR you should add a line like this (not needed for Debian since the maintainer scripts do it. You need to uncomment the line, though, because it is added commented out for security reasons):
.PP
-\fBswat stream tcp nowait.400 root /usr/local/samba/bin/swat swat\fR
+\fBswat stream tcp nowait.400 root /usr/sbin/swat swat\fR
.PP
One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill -1 PID \fR where PID is the process ID of the inetd daemon\&.
@@ -155,8 +162,8 @@
.TP
-\fI/usr/local/samba/lib/smb\&.conf\fR
-This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
+\fI/etc/samba/smb\&.conf\fR
+This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. This file describes all the services the server is to make available to clients\&.
.SH "WARNINGS"
|
