The Samba Web Administration Tool (SWAT) is a much more specialized tool than are Linuxconf and Webmin. As the expanded name implies, SWAT is designed to administer just one server: Samba (which is discussed in Chapter 7, File and Printer Sharing via Samba). As such, it's not faced with so many challenges in terms of installation and configuration for multiple distributions, and it provides more complete options for Samba configuration than do Webmin or, especially, Linuxconf. SWAT is most valuable on a dedicated Samba server system, especially one that's administered by somebody who's uncomfortable with editing text files. Even for experienced Samba administrators, though, SWAT can be valuable because Samba supports many options, and SWAT's interface lets you set them without remembering their exact spelling or syntax. You can also click Help links next to options to view the smb.conf man page entries on those options. On the downside, SWAT strips comments from the smb.conf configuration file, and doesn't support the include parameter that's used to load secondary configuration files. For these reasons, experienced Samba administrators often avoid SWAT, particularly on systems with very complex Samba configurations.
Configuring SWAT to Run
The SWAT server program is known as swat , and it can be run in any of the ways described in Chapter 4, but the most common configuration is to run it from a super server. A typical /etc/inetd.conf entry to run SWAT looks like this:
swat stream tcp nowait.400 root /usr/sbin/tcpd /usr/sbin/swat
Distributions that use xinetd usually include a file called /etc/xinetd.d/swat in their Samba or SWAT packages, so you can check that file to be sure it doesn't include a disable = yes line. If such a line exists, remove it or change yes to no to enable SWAT. In both the inetd and xinetd cases, of course, you must restart the super server before SWAT will become available.
By default, SWAT uses port 901. Both inetd and xinetd rely upon this relationship being set in /etc/services :
This line comes standard in most /etc/services files, but it's worth checking that it exists before you try running SWAT.
Once you've added SWAT to a system, you can try using it much as you use other administrative servers, except of course you need to specify port 901. For instance, you would type http://samba.threeroomco.com:901 in a Web browser's URL entry field to access SWAT on the samba.threeroomco.com computer. As with other Web-based servers, you can use a Web browser on any platform.
As with the other administrative servers discussed in this chapter, when you first try to access SWAT, the system asks you for a username and password. For full administrative privileges, you'll normally enter root and the root password, respectively. (You must enter the Linux password for the account, which may differ from the Samba password for the account.) If you enter an ordinary username and matching password, Samba grants access, but only to view the configuration and make changes that the user whose name you've entered can make. Normally, these are password changes. Thus, SWAT can be used as a way to allow Samba users to change their passwords. Whether you use root or an ordinary username, SWAT displays the Home page shown in Figure 16.8. You can click the icons or associated text to change to other pages ” Globals , Shares, Printers, Status, View, and Password. The first three adjust the smb.conf file's global options, file share definitions, and printer share definitions, respectively. The Status page provides information such as who's using Samba shares. The View page displays the raw smb.conf file, and the Password page lets you change any Samba password. The Globals, Shares, and Printers options aren't available when you enter a non- root username, and the Status and Password pages present a restricted set of options to ordinary users. In addition to these options, the Home page provides links to man pages and other Samba documentation.
Figure 16.8. The main Samba configuration page allows you to select configuration areas or view Web-based Samba documentation.
You'll do most of your actual Samba configuration using the Globals, Shares, and Printers pages. The Globals page, shown in Figure 16.9, lets you adjust settings in the [globals] section of smb.conf ”things like the computer's NetBIOS name, domain browser settings, and so on. As described in Chapter 7, you'll probably want to set the NetBIOS name, workgroup name, and password encryption options.
Figure 16.9. Global settings affect all Samba file and printer shares, or adjust general Samba operation.
Both the Shares and Printers pages default to showing no information. To create or edit a share, you must take appropriate actions:
The [ homes ] share has a special meaning, as described in Chapter 7, but you can create, delete, or edit it just as you would any other. Likewise, printers marked with asterisks ( * ) in the printer list box are default printers created by the [printers] share. You should edit the [printers] share directly rather than the asterisk-marked shares, unless you want to create a customized share for that specific printer, overriding the default [printers] share.
The Globals, Shares, and Printers pages all include buttons labeled Advanced View. (This button appears in the Shares and Printers pages only after you've selected or created a share.) The default view shows only the most commonly used Samba options. Clicking Advanced View causes SWAT to show all relevant Samba options, and changes the Advanced View button to read Basic View; clicking it returns to the original restricted range of options. Most Samba shares can be adequately configured using the basic view, but you may need to enable the advanced view for some. Setting basic view does not lose changes you make in advanced view, so you can use the basic view for changes even when you've made advanced changes to a share.
When you've finished entering new or changed information in the Globals page, or for an individual share in the Shares or Printers page, click Commit Changes. This writes out the changes to smb.conf . To have Samba acknowledge these changes, you must normally restart it. You can do so from the Status page; click Restart smbd and Restart nmbd . (Some changes might require restarting just one of those two servers, but it won't hurt to restart both.) When you're finished with SWAT entirely, it's best to exit from your Web browser to completely close the connection. As with Linuxconf, leaving a Web browser running after connecting to a SWAT server leaves the SWAT server accessible from that browser until the browser is shut down, which can be a security risk.