| View previous topic :: View next topic |
| Author |
Message |
Stalione
Guru
Joined: 21 Apr 2002
Posts: 335
|
 Posted: Fri May 23, 2003 12:23 pm Post subject: SWAT + xinetd mini HOWTO |
 |
|
I noticed a lot of people having trouble getting SWAT to work properly. I ran into similar problem not too long ago and after doing a little google research fixed the problem Here is what I did, the following instructions assume that samba is working, root user has been added to smbusers and has administrative privileges. (smbpasswd -a root)
By default I only had inetd, and not xinetd. So make sure you have it installed.
Edit /etc/xinetd.conf
| Code: |
defaults
{
only_from = localhost
instances = 60
log_type = SYSLOG authpriv info
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
{
type = RPC
socket_type = dgram
protocol = udp
server = /usr/sbin/rpc.rstatd
wait = yes
user = root
}
includedir /etc/xinetd.d
|
Now we need to edit /etc/xinetd.d/swat
| Code: |
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 192.168.1.0/24
user = root
server = /usr/sbin/swat
log_on_failure += USERID
}
|
Now lets restart daemons for changes to take effect
| Code: |
/etc/init.d/xinetd restart
/etc/init.d/samba restart
|
NOTE:: The above code assumes that your network is 192.168.1.0-255, and by doing 192.168.1.0/24 you are enabling access to your swat service to anyone in that subnet, which might or might not be what you want.
To test your installation go to http://<YOUR SAMBA SERVER IP>:901 and you should be prompted with a login and password. To add users check smbpasswd --help. Remember that users must exist on the systems passwd file to be added to smbpasswd file. Also you DO NOT need apache running for SWAT to work. |
|
| Back to top |
|
 |
mrpete
Apprentice
Joined: 01 Sep 2003
Posts: 184
|
|
| Back to top |
|
|
p3nguin
Apprentice
Joined: 01 Jul 2003
Posts: 188
Location: ~/
|
| Posted: Mon Sep 01, 2003 11:24 pm Post subject: |
|
|
| Thankyou so much! I was having trouble connecting, kept getting connection refused....this did the trick though! |
|
| Back to top |
|
|
p3nguin
Apprentice
Joined: 01 Jul 2003
Posts: 188
Location: ~/
|
| Posted: Tue Sep 02, 2003 12:01 am Post subject: |
|
|
Well when i go onto my roomates computer and type in \\my.private.ip, it takes me to two folders, 1) data 2) scipio
1) is the name of the mount (my second hd) that I want win users to have access to.
2) is the username of my roomate i set up.
If i try and click on scipio, it takes me into the folder, if i click on data, it prompts for a username and password. I have tried scipio/password and root/password and both will not let me in, says that i might not have permission to access it. What dont i have setup right? thanks
also, just noticed that when i try and | Code: | | smbclient -L nuronet.org |
It states | Code: | | session setup failed: NT_STATUS_LOGON_FAILURE |
I already setup a password for user scipio and for root
here is what my conf looks like: | Code: | # Samba config file created using SWAT
# from 192.168.0.69 (192.168.0.69)
# Date: 2003/09/01 18:58:31
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /var/lib/samba/codepages
workgroup = WORKGROUP
netbios name = PROXYFS
netbios aliases =
netbios scope =
server string = Gentoo Samba Server %v
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/private/smbpasswd
root directory =
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
ssl = No
ssl hosts =
ssl hosts resign =
ssl CA certDir =
ssl CA certFile =
ssl server cert =
ssl server key =
ssl client cert =
ssl client key =
ssl egd socket =
ssl entropy file =
ssl entropy bytes = 256
ssl require clientcert = No
ssl require servercert = No
ssl ciphers =
ssl version = ssl2or3
ssl compatibility = No
admin log = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/log.%m
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
acl compatibility =
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts host wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
name cache timeout = 660
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = lpstat
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 33
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = No
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/cache/samba
pid directory = /var/run/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = cups
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = No
short preserve case = No
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
guest ok = Yes
printable = Yes
print command = lpr -P %p -o raw %s -r # using client side printer drivers.
browseable = No
[print$]
path = /var/lib/samba/printers
write list = @adm root
[data]
comment = proxys data
path = /mnt
valid users = scipio
hosts allow = 192.168.0.* |
[/code] |
|
| Back to top |
|
|
pilla
Administrator
Joined: 07 Aug 2002
Posts: 7695
Location: Pelotas, BR
|
| Posted: Tue Sep 02, 2003 11:55 am Post subject: |
|
|
Moved to Docs, Tips & Tricks
thanks, slartibartfasz
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
MrPyro
Tux's lil' helper
Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
|
| Posted: Tue Sep 02, 2003 2:30 pm Post subject: |
|
|
p3nguin: does user scipio have both a user and samba password, or just one, and if so, which?
_________________
Back off man, I'm a computer scientist |
|
| Back to top |
|
|
p3nguin
Apprentice
Joined: 01 Jul 2003
Posts: 188
Location: ~/
|
| Posted: Tue Sep 02, 2003 5:10 pm Post subject: |
|
|
MrPyro: scipio has a user account and a samba account password... i set one with smbpasswd. Im must have something not setup right
what should the fstab look like for the second hd? I have just been mounting it manually if that would make any difference? |
|
| Back to top |
|
|
MrPyro
Tux's lil' helper
Joined: 14 Aug 2003
Posts: 121
Location: Sheffield, England
|
| Posted: Wed Sep 03, 2003 11:47 am Post subject: |
|
|
The only thing I can think of off the top of my head is that user scipio doesn't have access to the data on the partition on the filesystem itself: if for example the /mnt directory is not executable by scipio, or something similar.
Manually mounting shouldn't be a problem, although are you mounting the drive directly on the /mnt directory? If you are, this is pretty bad policy, as there tend to be existing subdirectories in /mnt, like floppy and cdrom. Normally you should create a sub-directory in /mnt, say /mnt/data, and mount it there.
_________________
Back off man, I'm a computer scientist |
|
| Back to top |
|
|
Stalione
Guru
Joined: 21 Apr 2002
Posts: 335
|
| Posted: Wed Sep 03, 2003 3:09 pm Post subject: |
|
|
To give access to any samba share the user must be added not only to samba password file but also the system password file.
As root
| Code: |
useradd -g samba -d /path/to/share -s /bin/false -c "Samba user" some_user
smbpasswd -a some_user
|
I recommend keeping the login and password same on both commands.
Please read useradd, smbpasswd man pages for more info. The sample smb.conf file that comes with samba is a great resource. Also once you have swat working you might find it easier to get things running using that. I can't recall what version of swat/samba it was but for some reason it kept screwing up on me by enabling the box as wins server and setting up a default (external) wins server (you can't be both).
Good luck! |
|
| Back to top |
|
|
krunk
Guru
Joined: 27 Jul 2003
Posts: 316
|
| Posted: Thu Oct 02, 2003 5:30 am Post subject: |
|
|
I have followed the directions to the T. But when I enter http://192.168.1.5:901 (my internal ip), I get the following error:
could not connect to remote server.
192.168.1.5:901/
What could I be missing |
|
| Back to top |
|
|
PurpleSkunk
n00b
Joined: 04 Jan 2004
Posts: 65
Location: Le Mans, France
|
| Posted: Tue Jan 06, 2004 11:53 pm Post subject: |
|
|
thank u for this howto !!! was very helpful for me
 |
|
| Back to top |
|
|
Farnsworth
Guru
Joined: 04 Feb 2003
Posts: 355
Location: Aix en Pce, France
|
| Posted: Fri Feb 13, 2004 8:02 am Post subject: |
|
|
Thanks, you saved my life 
I Don't understand why we must add the root user in samba to connect to swat, I was thinking The system root was enough... |
|
| Back to top |
|
|
enobis
n00b
Joined: 01 Oct 2003
Posts: 66
Location: Columbia, MD
|
| Posted: Mon Feb 23, 2004 2:17 am Post subject: |
|
|
| Farnsworth wrote: | Thanks, you saved my life
I Don't understand why we must add the root user in samba to connect to swat, I was thinking The system root was enough... |
Actually, you don't need to... The default setup for swat uses not only samba and xinetd but also relies on pam. If you edit your /etc/pam.d/samba file as follows you do not need to add root to smbpasswd:
| Code: | #%PAM-1.0
# pam_smbpass.so authenticates against the smbpasswd file
#auth required pam_smbpass.so nodelay
#auth required pam_pwdb.so nullok shadow
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
password required pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf |
This is my configuration for pam-0.77, if you have an older version of pam or compiled pam with the pwdb USE flag you can/should use the pam_pwdb.so line instead. |
|
| Back to top |
|
|
soulfire
n00b
Joined: 09 Apr 2004
Posts: 70
Location: Italy
|
| Posted: Fri Jun 25, 2004 10:39 pm Post subject: |
|
|
thanks !! it has been very useful !
_________________
I can divide by zero |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
