Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SWAT + xinetd mini HOWTO
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335

PostPosted: Fri May 23, 2003 12:23 pm    Post subject: SWAT + xinetd mini HOWTO Reply with quote

I noticed a lot of people having trouble getting SWAT to work properly. I ran into similar problem not too long ago and after doing a little google research fixed the problem Here is what I did, the following instructions assume that samba is working, root user has been added to smbusers and has administrative privileges. (smbpasswd -a root)

By default I only had inetd, and not xinetd. So make sure you have it installed.
Code:
 emerge -p xinetd


Edit /etc/xinetd.conf
Code:

defaults
{
        only_from      = localhost
        instances      = 60
        log_type       = SYSLOG authpriv info
        log_on_success = HOST PID
        log_on_failure = HOST
        cps            = 25 30
}

{
        type                    = RPC
        socket_type             = dgram
        protocol                = udp
        server                  = /usr/sbin/rpc.rstatd
        wait                    = yes
        user                    = root
}

includedir /etc/xinetd.d


Now we need to edit /etc/xinetd.d/swat
Code:

service swat
{
        port                    = 901
        socket_type             = stream
        wait                    = no
        only_from               = 192.168.1.0/24
        user                    = root
        server                  = /usr/sbin/swat
        log_on_failure          += USERID
}


Now lets restart daemons for changes to take effect
Code:

/etc/init.d/xinetd restart
/etc/init.d/samba restart


NOTE:: The above code assumes that your network is 192.168.1.0-255, and by doing 192.168.1.0/24 you are enabling access to your swat service to anyone in that subnet, which might or might not be what you want.

To test your installation go to http://<YOUR SAMBA SERVER IP>:901 and you should be prompted with a login and password. To add users check smbpasswd --help. Remember that users must exist on the systems passwd file to be added to smbpasswd file. Also you DO NOT need apache running for SWAT to work.
Back to top
View user's profile Send private message
mrpete
Apprentice
Apprentice


Joined: 01 Sep 2003
Posts: 184

PostPosted: Mon Sep 01, 2003 9:42 pm    Post subject: Reply with quote

Thanks very much for the instructions. The show stopper for me was forgetting to add the root user i.e. doing a smbpasswd -a root. Before this I kept getting a 401 Bad Authorization error when try to access swat via the web. I initially thought it was a PAM problem after seeing the following faq

http://www.faqchest.com/linux/SERVER-LINUX/linux-01/linux-0108/linux-010802/linux01082212_18881.html

but adding a samba root user as a above did the trick.
Back to top
View user's profile Send private message
p3nguin
Apprentice
Apprentice


Joined: 01 Jul 2003
Posts: 188
Location: ~/

PostPosted: Mon Sep 01, 2003 11:24 pm    Post subject: Reply with quote

Thankyou so much! I was having trouble connecting, kept getting connection refused....this did the trick though!
Back to top
View user's profile Send private message
p3nguin
Apprentice
Apprentice


Joined: 01 Jul 2003
Posts: 188
Location: ~/

PostPosted: Tue Sep 02, 2003 12:01 am    Post subject: Reply with quote

Well when i go onto my roomates computer and type in \\my.private.ip, it takes me to two folders, 1) data 2) scipio

1) is the name of the mount (my second hd) that I want win users to have access to.

2) is the username of my roomate i set up.

If i try and click on scipio, it takes me into the folder, if i click on data, it prompts for a username and password. I have tried scipio/password and root/password and both will not let me in, says that i might not have permission to access it. What dont i have setup right? thanks

also, just noticed that when i try and
Code:
smbclient -L nuronet.org
It states
Code:
session setup failed: NT_STATUS_LOGON_FAILURE
I already setup a password for user scipio and for root

here is what my conf looks like:
Code:
# Samba config file created using SWAT
# from 192.168.0.69 (192.168.0.69)
# Date: 2003/09/01 18:58:31

# Global parameters
[global]
   coding system =
   client code page = 850
   code page directory = /var/lib/samba/codepages
   workgroup = WORKGROUP
   netbios name = PROXYFS
   netbios aliases =
   netbios scope =
   server string = Gentoo Samba Server %v
   interfaces =
   bind interfaces only = No
   security = USER
   encrypt passwords = Yes
   update encrypted = No
   allow trusted domains = Yes
   hosts equiv =
   min passwd length = 5
   map to guest = Never
   null passwords = No
   obey pam restrictions = No
   password server =
   smb passwd file = /etc/samba/private/smbpasswd
   root directory =
   pam password change = No
   passwd program = /usr/bin/passwd
   passwd chat = *new*password* %n\n *new*password* %n\n *changed*
   passwd chat debug = No
   username map =
   password level = 0
   username level = 0
   unix password sync = No
   restrict anonymous = No
   lanman auth = Yes
   use rhosts = No
   ssl = No
   ssl hosts =
   ssl hosts resign =
   ssl CA certDir =
   ssl CA certFile =
   ssl server cert =
   ssl server key =
   ssl client cert =
   ssl client key =
   ssl egd socket =
   ssl entropy file =
   ssl entropy bytes = 256
   ssl require clientcert = No
   ssl require servercert = No
   ssl ciphers =
   ssl version = ssl2or3
   ssl compatibility = No
   admin log = No
   log level = 0
   syslog = 1
   syslog only = No
   log file = /var/log/samba/log.%m
   max log size = 50
   timestamp logs = Yes
   debug hires timestamp = No
   debug pid = No
   debug uid = No
   protocol = NT1
   large readwrite = Yes
   max protocol = NT1
   min protocol = CORE
   read bmpx = No
   read raw = Yes
   write raw = Yes
   acl compatibility =
   nt smb support = Yes
   nt pipe support = Yes
   nt status support = Yes
   announce version = 4.9
   announce as = NT
   max mux = 50
   max xmit = 16644
   name resolve order = lmhosts host wins bcast
   max ttl = 259200
   max wins ttl = 518400
   min wins ttl = 21600
   time server = No
   unix extensions = No
   change notify timeout = 60
   deadtime = 0
   getwd cache = Yes
   keepalive = 300
   lpq cache time = 10
   max smbd processes = 0
   max disk size = 0
   max open files = 10000
   name cache timeout = 660
   read size = 16384
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   stat cache size = 50
   use mmap = Yes
   total print jobs = 0
   load printers = Yes
   printcap name = lpstat
   disable spoolss = No
   enumports command =
   addprinter command =
   deleteprinter command =
   show add printer wizard = Yes
   os2 driver map =
   strip dot = No
   mangling method = hash
   character set =
   mangled stack = 50
   stat cache = Yes
   domain admin group =
   domain guest group =
   machine password timeout = 604800
   add user script =
   delete user script =
   logon script =
   logon path = \\%N\%U\profile
   logon drive =
   logon home = \\%N\%U
   domain logons = No
   os level = 33
   lm announce = Auto
   lm interval = 60
   preferred master = Auto
   local master = No
   domain master = Auto
   browse list = Yes
   enhanced browsing = Yes
   dns proxy = No
   wins proxy = No
   wins server =
   wins support = No
   wins hook =
   kernel oplocks = Yes
   lock spin count = 3
   lock spin time = 10
   oplock break wait time = 0
   add share command =
   change share command =
   delete share command =
   config file =
   preload =
   lock dir = /var/cache/samba
   pid directory = /var/run/samba
   utmp directory =
   wtmp directory =
   utmp = No
   default service =
   message command =
   dfree command =
   valid chars =
   remote announce =
   remote browse sync =
   socket address = 0.0.0.0
   homedir map =
   time offset = 0
   NIS homedir = No
   source environment =
   panic action =
   hide local users = No
   host msdfs = No
   winbind uid =
   winbind gid =
   template homedir = /home/%D/%U
   template shell = /bin/false
   winbind separator = \
   winbind cache time = 15
   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = No
   comment =
   path =
   alternate permissions = No
   username =
   guest account = nobody
   invalid users =
   valid users =
   admin users =
   read list =
   write list =
   printer admin =
   force user =
   force group =
   read only = Yes
   create mask = 0744
   force create mode = 00
   security mask = 0777
   force security mode = 00
   directory mask = 0755
   force directory mode = 00
   directory security mask = 0777
   force directory security mode = 00
   force unknown acl user = 00
   inherit permissions = No
   inherit acls = No
   guest only = No
   guest ok = No
   only user = No
   hosts allow =
   hosts deny =
   status = Yes
   nt acl support = Yes
   profile acls = No
   block size = 1024
   max connections = 0
   min print space = 0
   strict allocate = No
   strict sync = No
   sync always = No
   use sendfile = No
   write cache size = 0
   max print jobs = 1000
   printable = No
   postscript = No
   printing = cups
   print command = lpr -r -P%p %s
   lpq command = lpq -P%p
   lprm command = lprm -P%p %j
   lppause command =
   lpresume command =
   queuepause command =
   queueresume command =
   printer name =
   use client driver = No
   default devmode = No
   printer driver =
   printer driver file = /etc/samba/printers.def
   printer driver location =
   default case = lower
   case sensitive = No
   preserve case = No
   short preserve case = No
   mangle case = No
   mangling char = ~
   hide dot files = Yes
   hide unreadable = No
   delete veto files = No
   veto files =
   hide files =
   veto oplock files =
   map system = No
   map hidden = No
   map archive = Yes
   mangled names = Yes
   mangled map =
   browseable = Yes
   blocking locks = Yes
   csc policy = manual
   fake oplocks = No
   locking = Yes
   oplocks = Yes
   level2 oplocks = Yes
   oplock contention limit = 2
   posix locking = Yes
   strict locking = No
   share modes = Yes
   copy =
   include =
   exec =
   preexec close = No
   postexec =
   root preexec =
   root preexec close = No
   root postexec =
   available = Yes
   volume =
   fstype = NTFS
   set directory = No
   wide links = Yes
   follow symlinks = Yes
   dont descend =
   magic script =
   magic output =
   delete readonly = No
   dos filemode = No
   dos filetimes = No
   dos filetime resolution = No
   fake directory create times = No
   vfs object =
   vfs options =
   msdfs root = No

[homes]
   comment = Home Directories
   read only = No
   browseable = No

[printers]
   comment = All Printers
   path = /var/spool/samba
   create mask = 0700
   guest ok = Yes
   printable = Yes
   print command = lpr -P %p -o raw %s -r   # using client side printer drivers.
   browseable = No

[print$]
   path = /var/lib/samba/printers
   write list = @adm root

[data]
   comment = proxys data
   path = /mnt
   valid users = scipio
   hosts allow = 192.168.0.*
[/code]
Back to top
View user's profile Send private message
pilla
Administrator
Administrator


Joined: 07 Aug 2002
Posts: 7694
Location: Pelotas, BR

PostPosted: Tue Sep 02, 2003 11:55 am    Post subject: Reply with quote

Moved to Docs, Tips & Tricks

thanks, slartibartfasz
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin
Back to top
View user's profile Send private message
MrPyro
Tux's lil' helper
Tux's lil' helper


Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England

PostPosted: Tue Sep 02, 2003 2:30 pm    Post subject: Reply with quote

p3nguin: does user scipio have both a user and samba password, or just one, and if so, which?
_________________
Back off man, I'm a computer scientist
Back to top
View user's profile Send private message
p3nguin
Apprentice
Apprentice


Joined: 01 Jul 2003
Posts: 188
Location: ~/

PostPosted: Tue Sep 02, 2003 5:10 pm    Post subject: Reply with quote

MrPyro: scipio has a user account and a samba account password... i set one with smbpasswd. Im must have something not setup right

what should the fstab look like for the second hd? I have just been mounting it manually if that would make any difference?
Back to top
View user's profile Send private message
MrPyro
Tux's lil' helper
Tux's lil' helper


Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England

PostPosted: Wed Sep 03, 2003 11:47 am    Post subject: Reply with quote

The only thing I can think of off the top of my head is that user scipio doesn't have access to the data on the partition on the filesystem itself: if for example the /mnt directory is not executable by scipio, or something similar.

Manually mounting shouldn't be a problem, although are you mounting the drive directly on the /mnt directory? If you are, this is pretty bad policy, as there tend to be existing subdirectories in /mnt, like floppy and cdrom. Normally you should create a sub-directory in /mnt, say /mnt/data, and mount it there.
_________________
Back off man, I'm a computer scientist
Back to top
View user's profile Send private message
Stalione
Guru
Guru


Joined: 21 Apr 2002
Posts: 335

PostPosted: Wed Sep 03, 2003 3:09 pm    Post subject: Reply with quote

To give access to any samba share the user must be added not only to samba password file but also the system password file.
As root
Code:

useradd -g samba -d /path/to/share -s /bin/false -c "Samba user" some_user

smbpasswd -a some_user


I recommend keeping the login and password same on both commands.

Please read useradd, smbpasswd man pages for more info. The sample smb.conf file that comes with samba is a great resource. Also once you have swat working you might find it easier to get things running using that. I can't recall what version of swat/samba it was but for some reason it kept screwing up on me by enabling the box as wins server and setting up a default (external) wins server (you can't be both).

Good luck!
Back to top
View user's profile Send private message
krunk
Guru
Guru


Joined: 27 Jul 2003
Posts: 316

PostPosted: Thu Oct 02, 2003 5:30 am    Post subject: Reply with quote

I have followed the directions to the T. But when I enter http://192.168.1.5:901 (my internal ip), I get the following error:

could not connect to remote server.
192.168.1.5:901/


What could I be missing
Back to top
View user's profile Send private message
PurpleSkunk
n00b
n00b


Joined: 04 Jan 2004
Posts: 65
Location: Le Mans, France

PostPosted: Tue Jan 06, 2004 11:53 pm    Post subject: Reply with quote

thank u for this howto !!! was very helpful for me

:D
Back to top
View user's profile Send private message
Farnsworth
Guru
Guru


Joined: 04 Feb 2003
Posts: 355
Location: Aix en Pce, France

PostPosted: Fri Feb 13, 2004 8:02 am    Post subject: Reply with quote

Thanks, you saved my life ;)
I Don't understand why we must add the root user in samba to connect to swat, I was thinking The system root was enough...
Back to top
View user's profile Send private message
enobis
n00b
n00b


Joined: 01 Oct 2003
Posts: 66
Location: Columbia, MD

PostPosted: Mon Feb 23, 2004 2:17 am    Post subject: Reply with quote

Farnsworth wrote:
Thanks, you saved my life ;)
I Don't understand why we must add the root user in samba to connect to swat, I was thinking The system root was enough...


Actually, you don't need to... The default setup for swat uses not only samba and xinetd but also relies on pam. If you edit your /etc/pam.d/samba file as follows you do not need to add root to smbpasswd:

Code:
#%PAM-1.0
# pam_smbpass.so authenticates against the smbpasswd file
#auth       required     pam_smbpass.so nodelay
#auth       required     pam_pwdb.so nullok shadow
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
password   required     pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf


This is my configuration for pam-0.77, if you have an older version of pam or compiled pam with the pwdb USE flag you can/should use the pam_pwdb.so line instead.
Back to top
View user's profile Send private message
soulfire
n00b
n00b


Joined: 09 Apr 2004
Posts: 70
Location: Italy

PostPosted: Fri Jun 25, 2004 10:39 pm    Post subject: Reply with quote

thanks !! it has been very useful !
_________________
I can divide by zero
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum