Shulou(Shulou.com)06/01 Report--

This article mainly explains "what is a Samba WEB management tool". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what is the Samba WEB management tool"?

The experimental environment of this paper is RHEL5.2+samba-swat-3.0.28. The IP of Server is 192.168.120.241.

1. Swat introduction

SWAT:The Samba WEB Administration Tool

SWAT is a graphical management tool for Samba. We can use the swat tool to set up samba through the browser. In swat, each samba parameter has a corresponding help file or interpretation file, which is very suitable for beginners.

The SWAT tool is nested in the xinetd super daemon to enable swat by enabling the xinetd process. So install the xinetd toolkit first, and then install the swat toolkit.

two。 Install xinetd

See if the xinetd toolkit is installed on the system, as shown in figure 1.

Figure 1: check to see if xinetd is installed on the system

If it is not installed, mount the system disk to install it.

[root@RHEL5 /] # mount / dev/cdrom / mnt/cdrom

[root@RHEL5 /] # rpm-ivh / mnt/cdrom/Servers/xinetd-2.3.14- 10.el5.i386.rpm

3. Install swat

See if the swat toolkit is installed on the system, as shown in figure 2.

[root@RHEL5 /] # rpm-qa | grep swat

Figure 2: check to see if the system has swat installed

If it is not installed, mount the system disk to install it.

[root@RHEL5 /] # rpm-ivh / mnt/cdrom/Servers/samba-swat-3.0.28-0.el5.8.i386.rpm

4. Edit swat profile

Because swat is a child of the xinetd super daemon, the swat tool configuration file is in the xinetd directory. We will set up the swat configuration file and start this child process so that swat is enabled when the xinetd process is enabled. The swat configuration file is in the / etc/xinetd.d directory.

As shown in figure 3, view the swat file in the xinetd.d directory.

Figure 3: swat configuration file in the xinetd.d directory

Figure 4: edit the swat configuration file.

① changes "only_from=127.0.0.1" to "only_from=0.0.0.0" so that the server can listen for all incoming IP.

② changes "disable=yes" to "disable=no" so that the swatt child process can be started along with the xinetd super daemon. You can use the chkconfig command to see if swat is enabled.

③ swat defaults to port 901 of tcp. "port=901", can be modified.

④ uses web to configure samba. By default, the root account is used to enter. "user=root" can be modified to other system users.

The executor for ⑤ swat defaults to the / usr/sbin directory.

Figure 4: edited swat configuration file

As shown in figure 5, check to see if tcp 901 has been added to the system's services.

Figure 5: view tcp901 in / etc/services

If there is no tcp901 in the / etc/services file, edit the file and add "swat 901/tcp".

5. Start swat

Because swat is a child of xinetd, swat starts with xinetd as long as xinetd is enabled.

Figure 6: restart xinetd

Figure 7: using chkconfig to view swat status

6. Firewall Settin

Turn off the firewall or open the swat-related port.

[turn off the firewall]

[root@RHEL5 /] # service iptables stop

[open swat901 port, write directly to INPUT chain, restart iptables will be lost]

[root@RHEL5 /] # iptables-I INPUT-p tcp-- dport 901-j ACCEPT

[open the swat901 port and open it by editing the "RH-Firewall-1-INPUT" custom chain, and the configuration will not be lost]

[root@RHEL5 /] # vi / etc/sysconfig/iptables

Join:-A RH-Firewall-1-INPUT-p tcp-- dport 901-j ACCEPT

[close SELinux]

[root@RHEL5 /] # vi / etc/sysconfig/selinux

Set "SELINUX=disabled"

7. Log in to SWAT using web

If the port for accessing swat has not changed, the way to log in through web is: [url] http://192.168.120.241:901[/url].

Figure 8: log in to swat and add the default port 901

Then enter the user name and password, if the user who enters swat has not changed, then the default is the root account.

Figure 9: enter the account that has access to swat. The default is root.

When you enter the login page of swat normally, you can see that there are 8 options.

Figure 10: swat page format

8. Configure samba through swat

On the swat page, we can see that there are eight options, each of which can be configured with different functions of samba.

Description of HOME:Samba related procedures and documents.

GLOBALS: sets the global parameters of Samba.

SHARES: sets the shared parameters for Samba.

PRINTERS: sets the printing parameters for Samba.

WIZARD:Samba configuration wizard.

STATUS: view and set the service status of Samba.

VIEW: view the text configuration file of Samba, smb.conf.

PASSWORD: set the Samba user. You can change the password, create and delete the user.

① HOME: introduces the related programs and files of Samba and how to use them

Daemons: process, service smb start starts smbd and nmbd.

Smbd-the SMB daemon

Nmbd-the NetBIOS nameserver

Winbindd-the winbind daemon

Configuration Files: configuration file, default is / etc/samba directory

Smb.conf-the main Samba configuration file

Lmhosts-NetBIOS hosts file

Smbpasswd-SMB password file

Administrative Utilities:Samba management tools

Smbcontrol-send control messages to Samba daemons

Smbpasswd-managing SMB passwords

SWAT-web configuration tool

Net-tool for administration of Samba and remote CIFS servers

Pdbedit-Samba user account management tool

Tdbbackup-Tool for backing up TDB databases

Client Tools:Samba client tools

Rpcclient-command line MS-RPC client

Smbtar-SMB backup tool

Smbclient-command line SMB client

Smbmnt-helper utility for mounting SMB filesystems on Linux hosts

Smbmount-user space tool for mounting SMB filesystems under Linux

Smbumount-user space tool for umounting SMB filesystems under Linux

Ntlm_auth-allow external programs to use NTLM authentication

Smbcquotas-get or set quotas on NTFS 5 shares

Smbspool-Send a print job to an SMB printer

Smbtree-Text-based SMB network browsing

Diagnostic Utilities:Samba testing tool

Smbstatus-monitoring Samba

Testparm-validating your config file

Nmblookup-NetBIOS name query tool

Wbinfo-Tool for getting winbind information

Misc. Utilities: other tools

Profiles-migrating profiles from one domain to another

Log2pcap-generate pcap files from samba log files

② GLOBALS: sets the global parameter of Samba, that is, the [global] of the smb.conf file.

In GLOBALS, there are two options: Basic (basic) and Advanced (advanced, complete).

Figure 11: Basic and advanced suboptions of the GLOBALS option

You can set the basic parameters of Samba in the Basic option.

There are many parameters that can be set in each parameter item.

Base Options: basic option

Secutity Options: security option

Logging Options: logging option

Protocol Options: protocol option

Browse Options: browse option

WIINS Options:wins option

EventLog Options: Syslog option

Winbind Options:winbind option

The advanced parameters of Samba can be set in the Advanced option.

Advanced has some parameter items to set on the basis of Basic, and each parameter item has many parameters to choose from.

Tunning Options: system operation option

Printing Options: printing option

Filename Handing: file name processing

Domain Options:domain option. The parameter in this parameter item will not take effect until security=domain.

Locking Options: lock option

Ldap Options:LDAP option

Miscellaneous Options: miscellaneous

VFS module options:VFS module options

After setting these parameters, remember "Commit Changes" to save the configuration. "Reset Values" is to restore to the default value.

Figure 12: remember to save after setting the parameters

There is no need to elaborate on the parameters in each parameter item, which is helpful.

③ SHARES: setting shared parameters for Samba

In SHARES, there are also two options: Basic and Advanced.

As shown in the following figure, you can select a share, delete a share, and create a share.

Figure 13: function buttons for the SHARE option

④ PRINTERS: set print sharing parameters for Samba

It has the same settings as SHARES.

Figure 14: function buttons for the PRINTER option

⑤ WIZARD:Samba setup Wizard

As shown in the following figure, you can see three types of Samba: stand-alone services, domain members, and domain controllers

Figure 15: function buttons for the WIZARD option

⑥ STATUS: view and set Samba service statu

In this option, you can start and stop the samba service and view active connections, shares, open files, and so on.

As shown in the following figure, there are Active Connections, Active Shares, Open Files and other options.

Figure 16: panel of STATUS options

⑦ VIEW: view the configuration file of Samba, which is the same as "cat / etc/samba/smb.conf"

As shown in the figure below, it is a simple configuration of my samba

Figure 17: view the configuration of samba in the VIEW option

⑧ PASSWORD: password settin

In this option, you can create a new user, set or change the password.

As shown in the following figure, "Change Password: change password", "Add New User: new user", "Delete User: delete user", "Disable User: lock user", "Enable User: unlock locked user".

Figure 18: function buttons for the PASSWORD option

9. Using secure SWAT through SSL

By default, when users log in to SWAT, the password transmitted is in clear text, which has great security risks. You can now encrypt and authenticate passwords through SSL.

Basic steps:

① installs the OpenSSL tool.

[root@RHEL5 /] # rpm-qa | grep openssl

Openssl-devel-0.9.8b-10.el5

Openssl-0.9.8b-10.el5

[root@RHEL5 /] # rpm-qa | grep stunnel

Stunnel-4.15-2

② creates certificates and keys.

[root@RHEL5 /] # openssl req-new-x509-days 365-nodes-out / etc/stunnel/stunnel.pem-keyout / etc/stunnel/stunnel.pem

You can fill in as below or enter directly all the way.

Country Name (2 letter code) [GB]: CN

State or Province Name (full name) [Berkshire]: guangdong

Locality Name (eg, city) [Newbury]: shenzhen

Organization Name (eg, company) [My Company Ltd]: olym

Organizational Unit Name (eg, section) []: tech

Common Name (eg, your name or your server's hostname) []: bob

Email Address []: bob@126.com

③ removes swat from xinetd.

The first way: close the Swatt child process.

[root@RHEL5 /] # vi / etc/xinetd.d/swat

Modify "disable=yes"

[root@RHEL5 /] # service xinetd restart

[root@RHEL5 /] # chkconfig-list | grep swat

Figure 19: swat is closed

OK,swat has been shut down.

The second way: stop the xinetd super process directly.

[root@RHEL5 /] # service xinetd stop

[root@RHEL5 /] # chkconfig-- level 35 xinetd off

④ starts the stunnel service.

[root@RHEL5 /] # stunnel3-p / etc/stunnel/stunnel.pem-d 901-1 / usr/sbin/swat swat

Error in executing stunnel3 Times: wrong permissions on / etc/stunnel/stunnel.pem, prompting permission issues.

Change the permissions of stunnel.pem to 600, but reporting this error does not affect the opening of swat. In order not to report this pesky mistake, let's change the permission of stunnel.pem to 600.

[root@RHEL5 /] # chmod 600 / etc/stunnel/stunnel.pem

⑤ writes stunnel3 to rc.local so that it starts with the system.

Vi / etc/rc.d/rc.local

Add: stunnel3-p / etc/stunnel/stunnel.pem-d 901-l / usr/sbin/swat swat

⑥ uses https to securely access swat.

Enter [url] https://192.168.120.241:901[/url] in web to enter safely, but when you open the page, you will be prompted that the certificate has not been verified. Ignore this, just enter.

Enter the path to log in to swat, note that it is https, and add port 901.

Figure 20: log in to swat using https

When logging in, you will be prompted that there is a problem with the security certificate of this website. Ignore it, just click "continue to browse this website (not recommended)".

Figure-21: prompt that the certificate has not been verified by CA

Pop up the password box and enter the user name root and password to enter swat. At this point, the password will be encrypted and transmitted.

Figure 22: enter the user name and password to log in to swat

OK, entered swat normally and safely. Then continue with your samba settings.

Figure 23: secure access to swat

10. Enable SWAT using the inetd super process

Inetd is a super daemon for the old version of Linux, and now the xinetd used by the new version of Linux is an updated version of inetd.

Here, if your Server is installed with inetd, then we will configure inetd to enable swat. The main purpose is to manage other child processes by configuring the inetd.conf file.

Basic steps:

① edits the inetd.conf file to enable swat.

[root@RHEL5.2 /] # vi / etc/inetd.conf

Join: swat stream tcp nowait.400 root / usr/sbin/swat swat

② edits the services file to join the tcp901.

[root@RHEL5.2 /] # vi / etc/services

Join: swat 901/tcp

③ re-enables inetd.

View the inetd process ID.

[root@RHEL5.2 /] # ps aux | grep inetd

End the inetd process and let inetd reread the inetd.conf file.

[root@RHEL5.2 /] # kill-HUP inetd process ID

④ accesses swat.

Enter [url] http://192.168.120.241:901[/url] in web to access swat.

At this point, I believe you have a deeper understanding of "what is a Samba WEB management tool". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.