Running SWAT

The Samba Web Administration Tool (SWAT) is a much more specialized tool than are Linuxconf and Webmin. As the expanded name implies, SWAT is designed to administer just one server: Samba (which is discussed in Chapter 7, File and Printer Sharing via Samba). As such, it's not faced with so many challenges in terms of installation and configuration for multiple distributions, and it provides more complete options for Samba configuration than do Webmin or, especially, Linuxconf. SWAT is most valuable on a dedicated Samba server system, especially one that's administered by somebody who's uncomfortable with editing text files. Even for experienced Samba administrators, though, SWAT can be valuable because Samba supports many options, and SWAT's interface lets you set them without remembering their exact spelling or syntax. You can also click Help links next to options to view the smb.conf man page entries on those options. On the downside, SWAT strips comments from the smb.conf configuration file, and doesn't support the include parameter that's used to load secondary configuration files. For these reasons, experienced Samba administrators often avoid SWAT, particularly on systems with very complex Samba configurations.

Configuring SWAT to Run

The SWAT server program is known as swat , and it can be run in any of the ways described in Chapter 4, but the most common configuration is to run it from a super server. A typical /etc/inetd.conf entry to run SWAT looks like this:

 swat  stream  tcp  nowait.400  root  /usr/sbin/tcpd  /usr/sbin/swat 

Distributions that use xinetd usually include a file called /etc/xinetd.d/swat in their Samba or SWAT packages, so you can check that file to be sure it doesn't include a disable = yes line. If such a line exists, remove it or change yes to no to enable SWAT. In both the inetd and xinetd cases, of course, you must restart the super server before SWAT will become available.

NOTE

Some distributions include SWAT in their main Samba packages (typically samba , samba-common , samba-server , or the like), but others place SWAT in a package of its own (typically called swat or samba-swat ). Mandrake, Slackware, SuSE, and TurboLinux integrate SWAT into their main Samba packages, while Caldera, Debian, and Red Hat use a separate SWAT package.

By default, SWAT uses port 901. Both inetd and xinetd rely upon this relationship being set in /etc/services :

 swat            901/tcp 

This line comes standard in most /etc/services files, but it's worth checking that it exists before you try running SWAT.

Using SWAT

Once you've added SWAT to a system, you can try using it much as you use other administrative servers, except of course you need to specify port 901. For instance, you would type http://samba.threeroomco.com:901 in a Web browser's URL entry field to access SWAT on the samba.threeroomco.com computer. As with other Web-based servers, you can use a Web browser on any platform.

NOTE

Samba includes the ability to respond to NetBIOS name requests , so that SMB/CIFS clients can use their native name resolution mechanisms. SWAT doesn't include such a module, but if the client computer uses NetBIOS names in resolving Web browser URLs, the SWAT server may be accessible via the NetBIOS name, as well as its DNS hostname, assuming Samba is running. Windows clients are often configured to do this, but Linux clients aren't.

As with the other administrative servers discussed in this chapter, when you first try to access SWAT, the system asks you for a username and password. For full administrative privileges, you'll normally enter root and the root password, respectively. (You must enter the Linux password for the account, which may differ from the Samba password for the account.) If you enter an ordinary username and matching password, Samba grants access, but only to view the configuration and make changes that the user whose name you've entered can make. Normally, these are password changes. Thus, SWAT can be used as a way to allow Samba users to change their passwords. Whether you use root or an ordinary username, SWAT displays the Home page shown in Figure 16.8. You can click the icons or associated text to change to other pages ” Globals , Shares, Printers, Status, View, and Password. The first three adjust the smb.conf file's global options, file share definitions, and printer share definitions, respectively. The Status page provides information such as who's using Samba shares. The View page displays the raw smb.conf file, and the Password page lets you change any Samba password. The Globals, Shares, and Printers options aren't available when you enter a non- root username, and the Status and Password pages present a restricted set of options to ordinary users. In addition to these options, the Home page provides links to man pages and other Samba documentation.

You'll do most of your actual Samba configuration using the Globals, Shares, and Printers pages. The Globals page, shown in Figure 16.9, lets you adjust settings in the [globals] section of smb.conf ”things like the computer's NetBIOS name, domain browser settings, and so on. As described in Chapter 7, you'll probably want to set the NetBIOS name, workgroup name, and password encryption options.

Both the Shares and Printers pages default to showing no information. To create or edit a share, you must take appropriate actions:

• To edit an existing share, select the share name from the selector box next to Choose Share or Choose Printer, then click the Choose Share or Choose Printer button. The information for the existing share will appear in your Web browser, and you can edit these settings.

• To delete an existing share, choose its name as just described but click Delete Share or Delete Printer.

• To create a new share, enter the name you want for the share in the text-entry field and click Create Share or Create Printer. Do not enclose the share name in square brackets ( [] ), as you would when editing smb.conf directly; SWAT adds the square brackets itself. After creating the share, you can edit any options you like, just as you would for an existing share.

The [ homes ] share has a special meaning, as described in Chapter 7, but you can create, delete, or edit it just as you would any other. Likewise, printers marked with asterisks ( * ) in the printer list box are default printers created by the [printers] share. You should edit the [printers] share directly rather than the asterisk-marked shares, unless you want to create a customized share for that specific printer, overriding the default [printers] share.

The Globals, Shares, and Printers pages all include buttons labeled Advanced View. (This button appears in the Shares and Printers pages only after you've selected or created a share.) The default view shows only the most commonly used Samba options. Clicking Advanced View causes SWAT to show all relevant Samba options, and changes the Advanced View button to read Basic View; clicking it returns to the original restricted range of options. Most Samba shares can be adequately configured using the basic view, but you may need to enable the advanced view for some. Setting basic view does not lose changes you make in advanced view, so you can use the basic view for changes even when you've made advanced changes to a share.

When you've finished entering new or changed information in the Globals page, or for an individual share in the Shares or Printers page, click Commit Changes. This writes out the changes to smb.conf . To have Samba acknowledge these changes, you must normally restart it. You can do so from the Status page; click Restart smbd and Restart nmbd . (Some changes might require restarting just one of those two servers, but it won't hurt to restart both.) When you're finished with SWAT entirely, it's best to exit from your Web browser to completely close the connection. As with Linuxconf, leaving a Web browser running after connecting to a SWAT server leaves the SWAT server accessible from that browser until the browser is shut down, which can be a security risk.