Howto Install SWAT

SWAT - Samba Web Administration Tool

What is SWAT?


SWAT (Samba Web Administration Tool) is a purpose built graphical user interface used for the configuration of SAMBA. SWAT allows you to easily configure the Samba smb.conf configuration file. SWAT allows you to start/stop all Samba services, create/delete/modify Samba shares, configure shared printing resources. It gives a status overview indicating how many users/shares are currently active. Below is a quick howto guide for the installation of SWAT on a CentOS server.



How to install


In the following example we are using CentOS 6.5 Operating System. First we will install Samba if it not already present.



[root@centos-65 ~]# yum install samba-common.x86_64 
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: mirrors.manchester.m247.com
 * extras: mirrors.manchester.m247.com
 * updates: mirror.ox.ac.uk
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package samba-common.x86_64 0:3.6.9-167.el6_5 will be installed
--> Processing Dependency: samba-winbind-clients = 3.6.9-167.el6_5 for package: samba-common-3.6.9-167.el6_5.x86_64
--> Processing Dependency: libwbclient.so.0()(64bit) for package: samba-common-3.6.9-167.el6_5.x86_64
--> Running transaction check
---> Package samba-winbind-clients.x86_64 0:3.6.9-167.el6_5 will be installed
--> Processing Dependency: samba-winbind = 3.6.9-167.el6_5 for package: samba-winbind-clients-3.6.9-167.el6_5.x86_64
--> Running transaction check
---> Package samba-winbind.x86_64 0:3.6.9-167.el6_5 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                    Arch        Version              Repository    Size
================================================================================
Installing:
 samba-common               x86_64      3.6.9-167.el6_5      updates       10 M
Installing for dependencies:
 samba-winbind              x86_64      3.6.9-167.el6_5      updates      2.1 M
 samba-winbind-clients      x86_64      3.6.9-167.el6_5      updates      2.0 M

Transaction Summary
================================================================================
Install       3 Package(s)

Total download size: 14 M
Installed size: 50 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): samba-common-3.6.9-167.el6_5.x86_64.rpm           |  10 MB     00:01     
(2/3): samba-winbind-3.6.9-167.el6_5.x86_64.rpm          | 2.1 MB     00:01     
(3/3): samba-winbind-clients-3.6.9-167.el6_5.x86_64.rpm  | 2.0 MB     00:01     
--------------------------------------------------------------------------------
Total                                           950 kB/s |  14 MB     00:15     
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA1 Signature, key ID c105b9de: NOKEY
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Importing GPG key 0xC105B9DE:
 Userid : CentOS-6 Key (CentOS 6 Official Signing Key) 
 Package: centos-release-6-5.el6.centos.11.1.x86_64 (@anaconda-CentOS-201311272149.x86_64/6.5)
 From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : samba-winbind-clients-3.6.9-167.el6_5.x86_64                 1/3 
  Installing : samba-common-3.6.9-167.el6_5.x86_64                          2/3 
  Installing : samba-winbind-3.6.9-167.el6_5.x86_64                         3/3 
  Verifying  : samba-common-3.6.9-167.el6_5.x86_64                          1/3 
  Verifying  : samba-winbind-clients-3.6.9-167.el6_5.x86_64                 2/3 
  Verifying  : samba-winbind-3.6.9-167.el6_5.x86_64                         3/3 

Installed:
  samba-common.x86_64 0:3.6.9-167.el6_5                                         

Dependency Installed:
  samba-winbind.x86_64 0:3.6.9-167.el6_5                                        
  samba-winbind-clients.x86_64 0:3.6.9-167.el6_5                                

Complete!


Next we need to install SWAT - Samba Web Administration Tool



[root@centos-65 ~]# yum install samba-swat.x86_64
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
 * base: mirrors.manchester.m247.com
 * extras: mirrors.manchester.m247.com
 * updates: mirror.ox.ac.uk
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package samba-swat.x86_64 0:3.6.9-167.el6_5 will be installed
--> Processing Dependency: samba = 3.6.9-167.el6_5 for package: samba-swat-3.6.9-167.el6_5.x86_64
--> Processing Dependency: xinetd for package: samba-swat-3.6.9-167.el6_5.x86_64
--> Running transaction check
---> Package samba.x86_64 0:3.6.9-167.el6_5 will be installed
---> Package xinetd.x86_64 2:2.3.14-39.el6_4 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch          Version                   Repository      Size
================================================================================
Installing:
 samba-swat        x86_64        3.6.9-167.el6_5           updates        7.3 M
Installing for dependencies:
 samba             x86_64        3.6.9-167.el6_5           updates        5.0 M
 xinetd            x86_64        2:2.3.14-39.el6_4         base           121 k

Transaction Summary
================================================================================
Install       3 Package(s)

Total download size: 12 M
Installed size: 35 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): samba-3.6.9-167.el6_5.x86_64.rpm                  | 5.0 MB     00:00     
(2/3): samba-swat-3.6.9-167.el6_5.x86_64.rpm             | 7.3 MB     00:01     
(3/3): xinetd-2.3.14-39.el6_4.x86_64.rpm                 | 121 kB     00:00     
--------------------------------------------------------------------------------
Total                                           4.2 MB/s |  12 MB     00:02     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : samba-3.6.9-167.el6_5.x86_64                                 1/3 
  Installing : 2:xinetd-2.3.14-39.el6_4.x86_64                              2/3 
  Installing : samba-swat-3.6.9-167.el6_5.x86_64                            3/3 
  Verifying  : samba-swat-3.6.9-167.el6_5.x86_64                            1/3 
  Verifying  : 2:xinetd-2.3.14-39.el6_4.x86_64                              2/3 
  Verifying  : samba-3.6.9-167.el6_5.x86_64                                 3/3 

Installed:
  samba-swat.x86_64 0:3.6.9-167.el6_5                                           

Dependency Installed:
  samba.x86_64 0:3.6.9-167.el6_5         xinetd.x86_64 2:2.3.14-39.el6_4        

Complete!


Configure xinetd for use with SWAT


To use SWAT we need to edit our entry within the xinetd configuration area. If xinetd is not installed, don't panic as it will have been installed as a dependency of the SWAT installation. (see above output confirming this). The location of the file we need to edit can be found in the following path /etc/xinetd.d

We need to make only two changes. First we need to se the disable option to "yes" by default SWAT is disabled. Next we need to add entries into the "only_from" section to allow access. In the example below I have the local address and the address of my network. You will need to match this to your own environment.



# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
#              to configure your Samba server. To use SWAT, \
#              connect to port 901 with your favourite web browser.
service swat
{
        port            = 901
        socket_type     = stream
        wait            = no
        only_from       = 127.0.0.1 192.168.0.0/24
        user            = root
        server          = /usr/sbin/swat
        log_on_failure  += USERID
        disable         = no
}

Once the changes are made, restart all services:


Restart All Services



[root@centos-65 xinetd.d]# service smb start
Starting SMB services:                                     [  OK  ]
[root@centos-65 xinetd.d]# service nmb start
Starting NMB services:                                     [  OK  ]
[root@centos-65 xinetd.d]# service xinetd start
Starting xinetd:                                           [  OK  ]

If any of the services are already running, simply change the "start" parameter to "restart". (service xinetd restart)


Firewall Settings


To use Samba and SWAT you will need to add the following lines into your firewall rules. The lines that need to be added to the "iptables" files (/etc/sysconfig/iptables) are as follows:



-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 901 -j ACCEPT

After adding the above lines into your "iptables" file, your rules should now look similar to the following example:



# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 901 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

If you are using a Graphical Environment, you can use the built-in firewall tools which can be located under the upper menu:

System >> Administration >> Firewall

Alternatively, you can run the "system-config" command "system-config-firewall" to activate the same Graphical Tool.

From the graphical interface you will first be asked to confirm the root password. Once you have successfully been authenticated you will need to locate the Samba Entries under "Trusted Services". Now simply add a tick into the box to the left of the service name. (see screen shot):


Samba Firewall Configuration GUI

Now add the entry for SWAT. SWAT uses port number "901" for connection. Now select the "Other Ports" tab and click on add. Scroll down until you see the entries for "swat" on port "901". Highlight this entry and click on "OK". Now click on "Apply".


SWAT Firewall Configuration GUI

Restart Services


At this point, I always like to restart all services:



[root@centos-65 ~]# service smb restart
Shutting down SMB services:                                [  OK  ]
Starting SMB services:                                     [  OK  ]
[root@centos-65 ~]# service nmb restart
Shutting down NMB services:                                [  OK  ]
Starting NMB services:                                     [  OK  ]
[root@centos-65 ~]# service xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]
[root@centos-65 ~]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
iptables: Loading additional modules: nf_conntrack_netbios_[  OK  ]

Use netstat to check that we are listening for connections on port 901


To confirm xinetd is listening for connections on port "901", we can use the command "netstat -na | grep 901". This command will search for any connections on this port:



[root@centos-65 ~]# netstat -na | grep 901
tcp        0      0 :::901                      :::*                        LISTEN 

Testing SWAT


Next we are ready to test our graphical configuration tool SWAT. To do this we open up a browser and enter the ip address of the server we installed Samba/SWAT on followed by the port 901. If you are not sure of the ip address, you can issue the "ip address show" command from the command line:



[root@centos-65 ~]# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:67:ef:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.27/24 brd 192.168.0.255 scope global eth0
    inet6 fe80::a00:27ff:fe67:ef47/64 scope link 
       valid_lft forever preferred_lft forever

From the above look for the entry "inet", in this example the ip address is "192.168.0.27"

Example: http://192.168.0.27:901

Once you have entered your IP address, you will be asked to login. Here you can use the user "root" and the associated password.


SWAT Configuration GUI

This screen is your "Home" screen. This screen contains icons that allow you to quickly access various configuration areas and resources. You will also find a wealth of documentation resources available. To access any of these, simply click the icon or links. Below is a quick overview of the various screens:


Home


This is the first screen displayed when you entered the IP address followed by the port number "901".


Globals


Here you define system wide settings that will be applied to all shares unless the individual share specifies a different value. At any time you can click on the help link to the left of the parameter you are defining. Full information will be displayed about that parameter. There are two different views available under the Global mode. The first of the modes is "Basic". Here you will find the most commonly used parameters. However, for the full list of parameters, you will need to switch to the "Advanced" mode.


Shares


The shares page allows you to create your shares. Again there are two options available. The Basic option contains the most common;y used parameters and settings. To create a share, simply type the path/location to the area you wish to share. Next you click on the create share button. You will then be taken to a screen where you can define all your settings and permissions for this share. If a share already exists, this can be easily selected and any of its settings can be modified. Any changes you make from this screen will be reflected within the "smb.conf" file (Samba's configuration file).


Printers


Here you can define shared printer resources to other users.


Wizard


The Wizard is used for configuring your Samba server. Here you can define the server type and edit other parameters.


Status


The status page is a very useful tool. The status page displays all active shares and open connections that are currently in use. Samba services can also be stopped and restarted from this screen.


View


This screen displays the current smb.conf file. Two views are available. Under Normal view, you can see the parameters that are defined. However under full view you can also see many of the default values that are automatically assigned.


Password


The Password screen allows you to create/define new users, delete users, disable and enable users of your Samba system. Passwords may also be changed at this screen.