SWAT: please help

Andrew Bartlett abartlet at pcug.org.au
Tue Mar 6 06:21:29 GMT 2001


Russ Brucks wrote:
> 
> This is a quick shot in the dark, but in your email you displayed the cat of
> /etc/xinetd.d/swat
> 
> >#cat /etc/xinetd.d/swat
> ># default: off
> ># description:  SWAT is the Samba Web Admin Tool.  Use swat
> >\
> >#                          to configure your Samba server.
> >To use SWAT, \
> >#                          connect to port 901 with your
> >favorite web browser.
> >service swat
> >{
> >            port        = 901
> >            socket_type    = stream
> >            wait        = no
> >            only_from = 127.0.0.1
> >            user        = smbuser
> >            server    = /usr/sbin/swat
> >            log_on_failure    += USERID
> >            disable    = no
> >}
> 
> I bet the line stating >  only_from = 127.0.0.1  is the culprit.  I would
> think this is interpretted as SWAT will only accept connections from
> 127.0.0.1, vis a vis the local host.  I removed this line from my
> xinetd.d/swat file.  Try that and see if it helps.  I would also imagine the
> user = smbuser would require you to login to SWAT as only smbuser.  I'm not
> sure if you put a space or a comma to add more than one user.  I'm still
> using root as mine.  (I know, I know...  bad sysadmin!)
> 
> Cheers,
> 
> Russ

SWAT must run as ROOT, it cannot do its job as any other user (apart
from remote password changes, but thats another issue).  The SWAT
program needs to modify /etc/smbpasswd and /etc/smb.conf, as well as
validating your idenity in /etc/shadow (or with PAM).  All this needs
root privilages. 

Reading some of your earlier postings (quoted below) I see that the
user=smbuser is the issue.  If SWAT is using PAM (it is), it can't tell
the difference between 'that password is wrong' and 'i can't verify that
password', hence your problem.

Hope this clarifies things,
Andrew Bartlett

> ===== Original Message from gary at netin.com (GL Fournerat) at 3/05/01 4:12 pm
> >Hello all:
> >
> >Here's the problem [on a RH7 running kernel 2.2.17-14 with
> >Samba 2.0.7-21ssl and xinetd-2.1.8.9pre14]:
> >
> >http://localhost:901 does bring up the SWAT login dialog
> >box.. but upon entering root as the user, followed by my
> >root passwd in the next entry... it tells me "Authentication
> >
> >failed. Retry?"  I can tell you that I did enter the correct
> >
> >root passwd, because I am root on this network.
> >
> >Any ideas.. or should I just forget SWAT [as in it's buggy]
> >and run the daemons manually?  I've fought with this for
> >three days and I've had enough.
> >
> >Historical:  [all this is done as root]
> >
> >Created the group 'smb'
> >
> >Created the user 'smbuser' w/ a home dir of /home/public
> >[I also disabled login on this user account when I created
> >it]
> >
> >#chown smbuser:smb /home/public
> >#chmod 2777 /home/public
> >
> >#mkdir /home/samba
> >#chown smbuser:smb /home/samba
> >#chmod 2770 /home/samba
> >
> >#mkdir /home/samba/data
> >#chown smbuser:smb /home/samba/data
> >#chown 2770 /home/samba/data
> >
> >Via Linuxconf, open the group smb, and add the users I want
> >included in this group.
> >
> >#emacs /etc/hosts
> >#cat /etc/hosts
> >#
> >#  arendia.FOURNERAT//etc/hosts
> >#
> >127.0.0.1            localhost.localdomain        localhost
> >192.168.0.115    arendia.FOURNERAT    arendia
> >192.168.0.111    compaq.FOURNERAT    compaq
> >192.168.0.112    marilyn.FOURNERAT    marilyn
> >
> >[Note:  localhost and arendia are the same RH7 box.. compaq
> >is a NT 4 PDC... marilyn is a Win98 workstation.]
> >
> >#emacs /etc/samba/lmhosts
> >#cat /etc/samba/lmhosts
> >#
> ># arendia.FOURNERAT//etc/samba/lmhosts
> >#
> >127.0.0.1            localhost
> >192.168.0.115    arendia
> >192.168.0.111    compaq
> >192.168.0.112    marilyn
> >
> >
> >#grep swat /etc/services
> >swat                901/tcp                    # Samba Web
> >Administration Tool
> >
> >#emacs /etc/xinetd.d/swat
> >#cat /etc/xinetd.d/swat
> ># default: off
> ># description:  SWAT is the Samba Web Admin Tool.  Use swat
> >\
> >#                          to configure your Samba server.
> >To use SWAT, \
> >#                          connect to port 901 with your
> >favorite web browser.
> >service swat
> >{
> >            port        = 901
> >            socket_type    = stream
> >            wait        = no
> >            only_from = 127.0.0.1
> >            user        = smbuser
> >            server    = /usr/sbin/swat
> >            log_on_failure    += USERID
> >            disable    = no
> >}
> >#cat /etc/hosts.deny
> >
> >ALL:ALL
> >
> >#cat /etc/hosts.allow
> >
> >swat:  127.0.0.1  192.168.0.
> >
> >#killall -HUP xinetd
> >-------------
> >And somewhere along the line, the file /etc/samba/smbuser
> >was created (Linuxconf?)...
> >
> >#cat /etc/samba/smbuser
> >#Unix_name = SMB_name1 SMB_name2
> >root = administrator admin
> >nobody = smbuser guest pcguest smbguest
> >
> >
> >Any help would be greatly appreciated!
> >
> >Gary
> >
> >
> >
> >
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> Russ Brucks
> --------------------------------------------------------------
>    Kaiser-Francis Oil Company        Telephone: (918) 491 4382
>    6733 S Yale
>    Tulsa, OK  74136
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
Andrew Bartlett
abartlet at pcug.org.au




More information about the samba mailing list