blob: b67f53777ddc3cf34a4cae70cd49b53f7a87b4d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
<refentry id="swat">
<refmeta>
<refentrytitle>swat</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>swat</refname>
<refpurpose>Samba Web Administration Tool</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>swat</command>
<arg choice="opt">-s <smb config file></arg>
<arg choice="opt">-a</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>This tool is part of the <ulink url="samba.7.html">
Samba</ulink> suite.</para>
<para><command>swat</command> allows a Samba administrator to
configure the complex <ulink url="smb.conf.5.html"><filename>
smb.conf(5)</filename></ulink> file via a Web browser. In addition,
a <command>swat</command> configuration page has help links
to all the configurable options in the <filename>smb.conf</filename> file allowing an
administrator to easily look up the effects of any change. </para>
<para><command>swat</command> is run from <command>inetd</command> </para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-s smb configuration file</term>
<listitem><para>The default configuration file path is
determined at compile time. The file specified contains
the configuration details required by the <command>smbd
</command> server. This is the file that <command>swat</command> will modify.
The information in this file includes server-specific
information such as what printcap file to use, as well as
descriptions of all the services that the server is to provide.
See <filename>smb.conf</filename> for more information.
</para></listitem>
</varlistentry>
<varlistentry>
<term>-a</term>
<listitem><para>This option disables authentication and puts
<command>swat</command> in demo mode. In that mode anyone will be able to modify
the <filename>smb.conf</filename> file. </para>
<para><emphasis>Do NOT enable this option on a production
server. </emphasis></para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>INSTALLATION</title>
<para>After you compile SWAT you need to run <command>make install
</command> to install the <command>swat</command> binary
and the various help files and images. A default install would put
these in: </para>
<itemizedlist>
<listitem><para>/usr/local/samba/bin/swat</para></listitem>
<listitem><para>/usr/local/samba/swat/images/*</para></listitem>
<listitem><para>/usr/local/samba/swat/help/*</para></listitem>
</itemizedlist>
<refsect2>
<title>Inetd Installation</title>
<para>You need to edit your <filename>/etc/inetd.conf
</filename> and <filename>/etc/services</filename>
to enable SWAT to be launched via <command>inetd</command>.</para>
<para>In <filename>/etc/services</filename> you need to
add a line like this: </para>
<para><command>swat 901/tcp</command></para>
<para>Note for NIS/YP users - you may need to rebuild the
NIS service maps rather than alter your local <filename>
/etc/services</filename> file. </para>
<para>the choice of port number isn't really important
except that it should be less than 1024 and not currently
used (using a number above 1024 presents an obscure security
hole depending on the implementation details of your
<command>inetd</command> daemon). </para>
<para>In <filename>/etc/inetd.conf</filename> you should
add a line like this: </para>
<para><command>swat stream tcp nowait.400 root
/usr/local/samba/bin/swat swat</command></para>
<para>One you have edited <filename>/etc/services</filename>
and <filename>/etc/inetd.conf</filename> you need to send a
HUP signal to inetd. To do this use <command>kill -1 PID
</command> where PID is the process ID of the inetd daemon. </para>
</refsect2>
<refsect2>
<title>Xinetd Installation</title>
<para>Newer Linux systems ship with a more secure implementation
of the inetd meta-daemon. The <command>xinetd</command> daemon
can read configuration inf9ormation from a single file (i.e.
<filename>/etc/xinetd.conf</filename>) or from a collection
of service control files in the <filename>xinetd.d/</filename> directory.
These directions assume the latter configuration.
</para>
<para>
The following file should be created as <filename>/etc/xientd.d/swat</filename>.
It is then be neccessary cause the meta-daemon to reload its configuration files.
Refer to the xinetd man page for details on how to accomplish this.
</para>
<para><programlisting>
## /etc/xinetd.d/swat
service swat
{
port = 901
socket_type = stream
wait = no
only_from = localhost
user = root
server = /usr/local/samba/bin/swat
log_on_failure += USERID
disable = No
}
</programlisting></para>
</refsect2>
<refsect2>
<title>Launching</title>
<para>To launch SWAT just run your favorite web browser and
point it at "http://localhost:901/".</para>
<para>Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be sent
in the clear over the wire. </para>
</refsect2>
</refsect1>
<refsect1>
<title>TROUBLESHOOTING</title>
<para>
One of the common causes of difficulty when installing Samba and SWAT
is the existsnece of some type of firewall or port filtering software
on the Samba server. Make sure that the appropriate ports
outlined in this man page are available on the server and are not currently
being blocked by some type of security software such as iptables or
"port sentry". For more troubleshooting information, refer to the additional
documentation included in the Samba distribution.
</para>
</refsect1>
<refsect1>
<title>FILES</title>
<variablelist>
<varlistentry>
<term><filename>/etc/inetd.conf</filename></term>
<listitem><para>This file must contain suitable startup
information for the meta-daemon.</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/xinetd.d/swat</filename></term>
<listitem><para>This file must contain suitable startup
information for the <command>xinetd</command> meta-daemon.</para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/etc/services</filename></term>
<listitem><para>This file must contain a mapping of service name
(e.g., swat) to service port (e.g., 901) and protocol type
(e.g., tcp). </para></listitem>
</varlistentry>
<varlistentry>
<term><filename>/usr/local/samba/lib/smb.conf</filename></term>
<listitem><para>This is the default location of the <filename>smb.conf(5)
</filename> server configuration file that swat edits. Other
common places that systems install this file are <filename>
/usr/samba/lib/smb.conf</filename> and <filename>/etc/smb.conf
</filename>. This file describes all the services the server
is to make available to clients. </para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>WARNINGS</title>
<para><command>swat</command> will rewrite your <filename>smb.conf
</filename> file. It will rearrange the entries and delete all
comments, <parameter>include=</parameter> and <parameter>copy="
</parameter> options. If you have a carefully crafted <filename>
smb.conf</filename> then back it up or don't use swat! </para>
</refsect1>
<refsect1>
<title>VERSION</title>
<para>This man page is correct for version 2.2 of
the Samba suite.</para>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><command>inetd(5)</command>,
<ulink url="smbd.8.html"><command>smbd(8)</command></ulink>,
<ulink url="smb.conf.5.html">smb.conf(5)</ulink>, <command>xinetd(8)</command>
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para>The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.</para>
<para>The original Samba man pages were written by Karl Auer.
The man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
<ulink url="ftp://ftp.icce.rug.nl/pub/unix/">
ftp://ftp.icce.rug.nl/pub/unix/</ulink>) and updated for the Samba 2.0
release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter</para>
</refsect1>
</refentry>
|
