Red Hat Linux 7 Unleashed

By William Ball

• Table of Contents
  • Copyright
  • About the Lead Authors
  • About the Contributing Authors
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • I. Red Hat Linux Installation and User Services
  • Chapter 1. Introduction to Red Hat Linux
  • Chapter 2. Installation of Your Red Hat System
  • Chapter 3. LILO and Other Boot Managers
  • Chapter 4. Configuring the X Window System, Version 11
  • Chapter 5. Window Managers
  • Chapter 6. Connecting to the Internet
  • Chapter 7. IRC, ICQ, and Chat Clients
  • Chapter 8. Using Multimedia and Graphics Clients
  • II. Configuring Services
  • Chapter 9. System Startup and Shutdown
  • Chapter 10. SMTP and Protocols
  • Chapter 11. FTP
  • Chapter 12. Apache Server
  • Chapter 13. Internet News
  • Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol
  • Chapter 15. NIS: Network Information Service
  • Chapter 16. NFS: Network Filesystem
  • Chapter 17. Samba
    • Installing Samba
    • Getting a Simple Samba Setup Running
    • Configuring Samba
    • Configuring a Samba File Server with linuxconf
    • Sharing Files and Print Services
    • Optimizing Samba Performance
    • Testing Your Configuration
    • Running the Samba Server
    • Accessing Shares
    • Common smb.conf Options
    • Samba Resources
    • Using Samba as a Logon Server
    • Samba Troubleshooting Tips
    • Samba Security
    • Using SWAT for Web-Based Samba Configuration
    • Using Samba as a Linux Migration Tool
    • Summary
  • III. System Administration and Management
  • Chapter 18. Linux Filesystems, Disks, and Other Devices
  • Chapter 19. Printing with Linux
  • Chapter 20. TCP/IP Network Management
  • Chapter 21. Linux System Administration
  • Chapter 22. Backup and Restore
  • Chapter 23. System Security
  • IV. Red Hat Development and Productivity
  • Chapter 24. Linux C/C++ Programming Tools
  • Chapter 25. Shell Scripting
  • Chapter 26. Automating Tasks
  • Chapter 27. Configuring and Building Kernels
  • Chapter 28. Emulators, Tools, and Window Clients
  • V. Appendixes
  • A. The Linux Documentation Project
  • B. Top Linux Commands and Utilities
  • C. The GNU General Public License
  • D. Red Hat Linux RPM Package Listings

Using SWAT for Web-Based Samba Configuration

SWAT is a Web-based tool to provide local or remote, password-guarded Samba administration from any browser that can access the server. SWAT is new with Samba 2 and is included in Red Hat 7, which ships with Samba 2.0.7.

SWAT is a convenience that can improve security by making errors less likely. It dramatically changes smb.conf, however, and it can cause a security breach if not used carefully.

Activating SWAT on Your Server

Red Hat 7 comes with SWAT disabled. To enable it, the disable = yes line in /etc/ xinetd.d/swat must be commented out. Also, depending on the state of your system's name resolution it might not work simply because xinetd cannot resolve localhost to a number. As discussed in Chapter 20, "TCP/IP Network Management," Red Hat 7 uses xinetd instead of the older inetd to start various services.

Start by accessing either localhost or your Samba server's IP address as an http URL from either Netscape or lynx. If you receive an error message saying Unexpected network read error; connection aborted. in lynx, or A network error occurred while netscape was receiving data. (Network Error: Connection reset by peer) Try connecting again, it's likely you're being stopped by security. As a temporary diagnostic, disable host checking by doing the following:

1. Verify that /etc/services contains the following line. The line should not be commented.

   swat           901/tcp
   

2. Comment out the following line in /etc/xinetd.d/swat:

          disable = yes
   

3. VERY TEMPORARILY comment out the following line in /etc/xinetd.d/swat:

          only_from = localhost
   

4. Find the PID of xinetd using ps ax | grep xinetd.
5. Send a SIGUSR1 signal to xinetd with the following command:

   
            # kill -s SIGUSR1 PID
   
         

This procedure should successfully enable SWAT on a typically installed Red Hat 7 server from absolutely any IP address. Obviously, commenting out the only_from = line is a serious security violation. It's just a temporary diagnostic test. If the URL now asks you for a username and password (lynx first throws an Access without authorization denied--retrying error, then asks for the username and password), that means the problem was host checking. Now it's time to fix it correctly.

The original line was as follows:

only_from = localhost

Unless your system can correctly resolve the name localhost, the preceding line causes the discussed error. To resolve this error, simply uncomment the only from= line and replace localhost with 127.0.0.1. If you want to also access SWAT from machines on your local subnet (in all but the smallest, most trusting organizations that's a bad idea), you can add your subnet. For instance, if your network is 192.168.100, the following line enables access from both localhost and from your subnet:

only_from = 127.0.0.1 192.168.100.0

Notice once again that localhost is specified by number, not name. Notice that the 0 in the second IP address serves as a wildcard indicating it's really a subnet, and allowing access from anyone on that subnet. Note further that the two IP addresses are separated by a space, not a comma.

The next step is to access Samba configuration through SWAT.

Configuring smb.conf from Your Browser Using SWAT

From your favorite browser (Netscape Navigator, Microsoft Internet Explorer, or lynx) navigate to port 901 of the server's IP address:

   # lynx http://192.168.100.1:901

Or, if you're on the console, it's safer to access it as localhost:

   # lynx http://localhost:901

The browser asks for a username and password. To enable read-write access, use root and root's password. Once authenticated, a page appears with links for HOME, GLOBALS, SHARES, PRINTERS, STATUS, VIEW, and PASSWORD. Choosing GLOBALS, SHARES, or PRINTERS brings up a page in which you can edit options. Each contains a button that can be toggled between Advanced View and Basic View, with Advanced View showing every possible configuration option. Note that with the SHARES and PRINTERS pages, you'll need to choose the share or printer from a drop-down list and then click the Choose button before you can edit the share or printer.

Assuming you're logged in to SWAT as root, a Commit Changes button will be visible. After making changes, clicking this button will write smb.conf. If you click the Reset Values button, the options will revert to values in the present smb.conf file.

      # /etc/rc.d/init.d/smb restart

   

The SWAT page contains voluminous, well-organized documentation, available even to those not logged in as root, and therefore unable to change the configuration.

Share This