Tip: Make a copy of smb.conf
As installed, the /etc/samba/smb.conf file contains extensive comments (page 759). Older versions of swat overwrite this file. Make a copy of smb.conf for safekeeping before you run this utility for the first time.
The swat (Samba Web Administration Tool) utility is a browser-based graphical editor for the smb.conf file. It is part of the samba-swat package. For each of the configurable parameters, it provides help links, default values, and a text box to change [Index Term: |Samba|xinetd daemon]the value. The swat utility is a well-designed tool in that it remains true to the lines in the smb.conf file you edit: You can use and learn from swat, so that making the transition to using a text editor to modify smb.conf will be straightforward.
The swat utility is run from xinetd (page 445). Before you can run swat, you need to edit /etc/xinetd.d/swat (as discussed next):
$ cat /etc/xinetd.d/swat # Default: off # description: SWAT is the Samba Web Admin Tool. Use swat \ # to configure your Samba server. To use SWAT, \ # connect to port 901 with your favorite web browser. service swat { port = 901 socket_type = stream wait = no only_from = 127.0.0.1 user = root server = /usr/sbin/swat log_on_failure += USERID disable = yes }
First you must turn swat on by changing the yes that follows disable = to no. If you want to access swat from other than the local system, add the names or IP addresses of the other systems you want to access swat from on the line that starts with only_from. Separate the system names or IP addresses with SPACEs. If you want to access swat only from the local system, giving the command chkconfig swat on is an easier way of making this change. Then start or restart xinetd so it rereads its configuration files:
# /sbin/service xinetd restart Stopping xinetd: [ OK ] Starting xinetd: [ OK ]
After making these changes and restarting xinetd, you should be able to run swat. From the local system, open a browser, enter either http://127.0.0.1:901 in the location bar, and enter the username root and the root password in response to swat’s request for a username and password. From a remote system, replace 127.0.0.1 with the IP address of the server (but see the adjacent security tip). If a firewall is running on the local system and you want to access swat from a remote system, open TCP port 901 (page 825).
Security: Do not allow remote access to swat
Do not allow access to swat from a remote system on an insecure network. When you do so and log in, your password is sent in cleartext over whatever connection you are using and can easily be sniffed.
The browser displays the local Samba/swat home page (Figure 23-5). This page includes links to local Samba documentation and the following buttons:
[View full size image]
HOME | Links to local Samba documentation. When you click the word Samba (not the logo, but the one just before the word Documentation in the HOME window), swat displays the Samba man page, which defines each Samba program. |
GLOBALS | Edits global variables (parameters) in smb.conf. |
SHARES | Edits share information in smb.conf. |
PRINTERS | Edits printer information in smb.conf. |
WIZARD | Rewrites the smb.conf file, removing all comment lines and lines that specify default values. |
STATUS | Shows the active connections, active shares, and open files. Stops and restarts smbd and nmbd. |
VIEW | Displays a subset or all of the configuration parameters as determined by default values and settings in smb.conf. |
PASSWORD | Manages passwords. |
It is quite easy to establish a basic Samba setup so that you can see a Linux directory from a Windows system (Windows 3.1 or later). More work is required to set up a secure connection or one with special features. The following example creates a basic setup based on the sample smb.conf file that is included with Fedora/RHEL.
swat Help and defaults
Each of the variables/parameters in swat has a link named Help next to it. If you click Help, a new browser window containing an explanation of the parameter appears. Each variable/parameter also has a Set Default button that you can click to reset the variable/parameter to its default value.
For this example, do not click any of the Set Default buttons. Make sure to click Commit Changes at the top of each page after you finish making changes on a page but before you click a menu button at the top of the window. Otherwise, swat will not keep your changes.
GLOBALS page
First click GLOBALS at the top of the Samba/swat home page. Leave everything at its current setting with three exceptions: workgroup, hosts allow, and hosts deny. Set workgroup to the workgroup used on the Windows systems. (If you followed the preceding JumpStart, the workgroup is already set.) Scroll to the bottom of the Security Options and set hosts allow to the names or IP addresses of machines that you want to be able to access the local system’s shares and printers (including localhost [127.0.0.1]). Separate the entries with SPACEs or commas. See page 761 for more information on various ways you can set hosts allow. Set hosts deny to ALL. Click Commit Changes (near the top of the page) when you are done with the GLOBALS page.
Tip: If you can no longer use swat
If you can no longer use swat, you probably changed the hosts allow setting incorrectly. In this case, you need to edit /etc/samba/smb.conf and fix the line with the words hosts allow in it:
# grep hosts smb.conf hosts allow = 127.0.0.1, 192.168.0.8 hosts deny = ALL
The preceding entries allow access from the local system and from 192.168.0.8 only.
SHARES page
Next click SHARES at the top of the page. Three buttons and two text boxes appear in addition to the two Change View To buttons (Figure 23-6). In the box adjacent to the Create Share button, enter the name you want to assign to the share you are setting up. This name can be anything you want; it is the name that Windows displays and a user selects when working with the share. Click Create Share. When you want to modify an existing share, bring up the name of the share in the combo box adjacent to Choose Share, and click Choose Share. Either of these actions expands the Share Parameters window so that it displays information about the selected share.
[View full size image]
Leave everything at its default setting except path, which specifies the absolute pathname on the local Linux system of the share, and optionally comment, which you can use to specify the Linux system and directory that this share points to. The values for hosts allow and hosts deny are taken from the global variables that you set previously. Click Commit Changes when you are done with the SHARES page. If you want to see how many parameters there really are, click Advanced near the top of the page.
Now, from a Windows machine, you should be able to access the share you just created (page 765).
Tip: You do not need to restart Samba when you change smb.conf
Samba rereads its configuration files each time a client connects. Unless you change the security parameter (page 762), you do not need to restart Samba when you change smb.conf.