System Administration tools SWAT(1M)
NAME
swat - Samba Web Administration Tool
SYNOPSIS
swat [-s ] [-a] [-P]
DESCRIPTION
This tool is part of the samba(7) suite.
swat allows a Samba administrator to configure the complex
smb.conf(4) file via a Web browser. In addition, a swat
configuration page has help links to all the configurable
options in the smb.conf file allowing an administrator to
easily look up the effects of any change.
swat is run from inetd
OPTIONS
-s smb configuration file
The default configuration file path is determined at
compile time. The file specified contains the
configuration details required by the smbd(1M) server.
This is the file that swat will modify. The information
in this file includes server-specific information such
as what printcap file to use, as well as descriptions of
all the services that the server is to provide. See
smb.conf for more information.
-a
This option disables authentication and places swat in
demo mode. In that mode anyone will be able to modify
the smb.conf file.
WARNING: Do NOT enable this option on a production
server.
-P
This option restricts read-only users to the password
management page. swat can then be used to change user
passwords without users seeing the "View" and "Status"
menu buttons.
-d--debuglevel=level
level is an integer from 0 to 10. The default value if
this parameter is not specified is 0.
The higher this value, the more detail will be logged to
the log files about the activities of the server. At
level 0, only critical errors and serious warnings will
be logged. Level 1 is a reasonable level for day-to-day
running - it generates a small amount of information
about operations carried out.
Samba 3.0 Last change: 01/19/2009 1
System Administration tools SWAT(1M)
Levels above 1 will generate considerable amounts of log
data, and should only be used when investigating a
problem. Levels above 3 are designed for use only by
developers and generate HUGE amounts of log data, most
of which is extremely cryptic.
Note that specifying this parameter here will override
the log level parameter in the smb.conf file.
-V
Prints the program version number.
-s
The file specified contains the configuration details
required by the server. The information in this file
includes server-specific information such as what
printcap file to use, as well as descriptions of all the
services that the server is to provide. See smb.conf for
more information. The default configuration file name is
determined at compile time.
-l--log-basename=logdirectory
Base directory name for log/debug files. The extension
".progname" will be appended (e.g. log.smbclient,
log.smbd, etc...). The log file is never removed by the
client.
-h--help
Print a summary of command line options.
INSTALATION
Swat is included as binary package with most distributions.
The package manager in this case takes care of the
installation and configuration. This section is only for
those who have compiled swat from scratch.
After you compile SWAT you need to run make install to
install the swat binary and the various help files and
images. A default install would put these in:
]o /usr/local/samba/sbin/swat
]o /usr/sfw/swat/images/*
]o /usr/sfw/swat/help/*
Inetd Installation
You need to edit your /etc/inetd.conf and /etc/services to
enable SWAT to be launched via inetd.
Samba 3.0 Last change: 01/19/2009 2
System Administration tools SWAT(1M)
In /etc/services you need to add a line like this:
swat 901/tcp
Note for NIS/YP and LDAP users - you may need to rebuild the
NIS service maps rather than alter your local
/etc/services file.
the choice of port number isn't really important except that
it should be less than 1024 and not currently used (using a
number above 1024 presents an obscure security hole
depending on the implementation details of your inetd
daemon).
In /etc/inetd.conf you should add a line like this:
swat stream tcp nowait.400 root /usr/local/samba/sbin/swat
swat
Once you have edited /etc/services and /etc/inetd.conf you
need to send a HUP signal to inetd. To do this use kill -1
PID where PID is the process ID of the inetd daemon.
LAUNCHING
To launch SWAT just run your favorite web browser and point
it at "http:/localhost:901/".
Note that you can attach to SWAT from any IP connected
machine but connecting from a remote machine leaves your
connection open to password sniffing as passwords will be
sent in the clear over the wire.
FILES
/etc/inetd.conf
This file must contain suitable startup information for
the meta-daemon.
/etc/services
This file must contain a mapping of service name (e.g.,
swat) to service port (e.g., 901) and protocol type
(e.g., tcp).
/usr/local/samba/lib/smb.conf
This is the default location of the smb.conf(4) server
configuration file that swat edits. Other common places
that systems install this file are
/usr/samba/lib/smb.conf and /etc/smb.conf . This file
describes all the services the server is to make
available to clients.
WARNINGS
Samba 3.0 Last change: 01/19/2009 3
System Administration tools SWAT(1M)
swat will rewrite your smb.conf(4) file. It will rearrange
the entries and delete all comments, include= and copy=
options. If you have a carefully crafted
smb.conf then back it up or don't use swat!
VERSION
This man page is correct for version 3.0 of the Samba suite.
SEE ALSO
inetd(4), smbd(1M), smb.conf(4)
AUTHOR
The original Samba software and related utilities were
created by Andrew Tridgell. Samba is now developed by the
Samba Team as an Open Source project similar to the way the
Linux kernel is developed.
The original Samba man pages were written by Karl Auer. The
man page sources were converted to YODL format (another
excellent piece of Open Source software, available at
ftp:/ftp.icce.rug.nl/pub/unix/) and updated for the Samba
2.0 release by Jeremy Allison. The conversion to DocBook for
Samba 2.2 was done by Gerald Carter. The conversion to
DocBook XML 4.2 for Samba 3.0 was done by Alexander Bokovoy.
ATRIBUTES
See attributes(5) for descriptions of the following
attributes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWsmbar, SUNWsmbau
Interface Stability External
NOTES
Source for Samba is available on http:/opensolaris.org.
Samba(7) delivers the set of four SMF(5) services as can be
seen from the following example:
$ svcs samba wins winbind swat
STATE STIME FMRI
disabled Apr21 svc:/network/samba:default
disabled Apr21 svc:/network/winbind:default
disabled Apr21 svc:/network/wins:default
disabled Apr21 svc:/network/swat:default
where the services are:
Samba 3.0 Last change: 01/19/2009 4
System Administration tools SWAT(1M)
"samba"
runs the smbd daemon managing the CIFS sessions
"wins"
runs the nmbd daemon enabling the browsing (WINS)
"winbind"
runs the winbindd daemon making the domain idmap
"swat"
Samba Web Administration Tool is a service providing
access to browser-based Samba administration interface
and on-line documentation. The service runs on software
loopback network interface on port 901/tcp, i.e. opening
"http:/localhost:901/" in browser will access the SWAT
service on local machine.
Please note: SWAT uses HTP Basic Authentication scheme
where user name and passwords are sent over the network in
clear text. In the SWAT case the user name is root.
Transferring such sensitive data is advisable only on the
software loopback network interface or over secure networks.
Samba 3.0 Last change: 01/19/2009 5
|
