[Samba] PROPOSAL: Remove SWAT in Samba 4.1

Sebastian Arcus shop at open-t.co.uk
Wed Feb 20 05:53:58 MST 2013

On 20/02/13 10:57, Andrew Bartlett wrote:
> On Wed, 2013-02-20 at 08:29 +0000, Sebastian Arcus wrote:
>> On 20/02/13 03:24, Gregory Sloop wrote:
>>> DS> On 02/17/2013 6:02 PM, Andrew Bartlett wrote:
>>>>> As most of you would have noticed, we have now had 3 CVE-nominated
>>>>> security issues for SWAT in the past couple of years.
>>> -SNIP-
>>>>> Therefore, it was suggested on a private list that we just drop SWAT.  I
>>>>> want to start a public discussion on that point, prompted by
>>>>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 which reminds us
>>>>> why we didn't apply the specific CSRF hardening we applied in 4.0.2 to
>>>>> SWAT in the first place.
>>>>> Thanks,
>>>>> Andrew Bartlett
>>> DS> I have yet to make the jump to Samba4, so I have not seen the version of
>>> DS> SWAT designed for it.
>>> DS> For me, the primary benefit of SWAT in Samba3 was the ability to use the
>>> DS> help link for any parameter to see what that parameter did, what the
>>> DS> default was, and what its proper syntax was.  For reference, I ran "man
>>> DS> smb.conf".  Viewing full screen, I pressed the "Page Down" key 34 times
>>> DS> and was still in the 1st third of the alphabetical listing of
>>> DS> parameters.  It's no small wonder that I never used "man smb.conf" to
>>> DS> configure Samba.  SWAT was my friend.
>>> DS> So, if Samba4 has anywhere near the number of parameters as Samba3, I
>>> DS> would be greatly disappointed to see SWAT go away entirely.  An html
>>> DS> version of the samba-doc package that contained all parameters with
>>> DS> links to their definitions/descriptions would be a welcome and suitable
>>> DS> replacement.
>>> DS> Thanks,
>>> DS> Dale
>>> I'm working through smb.conf options now, and I see that the official
>>> Samba docs for the smb.conf file are v3 only.
>>> I've taken the liberty of cranking the smb.conf man file to html and
>>> I've added a link in the wiki to it.
>>> [I can't post full html to the Wiki and editing the smb.conf html
>>> conversion to "wiki-eese" will be way too time consuming and
>>> cumbersome. So, I've simply put it on my own web-server and linked to
>>> it. My apologies if this violates some commonly accepted protocol, but
>>> I needed it as much as anyone. I'm glad to send the file to whomever
>>> needs it and once it's up at samba.org, change the link to point
>>> there.]
>>> However, for anyone looking for a web version of the smb.conf for
>>> 4.0.3 - see this wiki page.
>>> http://wiki.samba.org/index.php/Documentation_Links/samba4-smb.conf
>> Just curious what is the source of the smb.conf manual above. The reason
>> I'm asking is that I just found out for example that "map to guest" is
>> not working yet in Samba 4 (see my other thread on this list). So I'm
>> just wondering what other features which used to work in Samba 3 are not
>> implemented in Samba 4 yet (or might never get implemented). Thus if the
>> Samba 4 smb.conf manual page lists them - wouldn't that cause more
>> confusion as people will expect them to work? Is there some way of
>> finding out which features are working already - and maybe adding some
>> notes next to the others to warn users that they are not available yet?
>> Also, the page above keeps on mentioning smbd - I was under the
>> impression that the Samba 4 binary is just "samba" - although maybe I am
>> getting mixed up about this.
> In this new operating mode (being an AD DC) some parameters do not have
> their expected effect.
> This does not impact on the other operating modes.
> The differences are due to divergence over years of development, and a
> failure to fully converge again, and so at this time there is no
> comprehensive list.
> Please file bugs as you find these, and we hope to get things hooked up
> or exceptions noted in the man page.
> Andrew Bartlett

Thanks Andrew. Will do. Just for my own understanding - is it still 
possible to run Samba 4 as (just) a workgroup? If yes - does one just 
specify security=user in smb.conf and still uses the "samba" binary - or 
the "smbd" binary has to be started/used for workgroup operation? Or the 
smbd binary is actually still the Samba 3.x series and is not 
technically part of Samba 4 although it compiles out of the same download?

Sorry if I'm asking what might be really basic stuff to others.


More information about the samba mailing list