Tuesday, January 29, 2013

The Samba Web Administration Tool (SWAT)

Hello everybody,
Today, I would like to talk about a very interesting tools for Samba. It's called The Samba Web Administration Tool (SWAT). Redhat families no longer use GUI tools for configuring Samba. Instead, they use a web-based administration tools for this purpose. It's really easy to use and it's fully funcational with sufficient help pages.

In order to install Samba server, Samba client, and SWAT, you need to install the following
packages:
yum install samba samba-client samba-common samba-doc samba-domainjoin-gui samba-swat

To activate SWAT, you need to start/restart xinetd service. Also, you can use chkconfig command to enable SWAT after rebooting machine:
chkconfig swat on
service xinetd start  
service xinetd restart 
  ---> if it already started

Then, you can access the SWAT by using the following url in local machine:

http://localhost:901

For sure, you can access SWAT from a remote location, but you need to open port 901 in firewall by following command: 
iptables -I INPUT -p tcp --dport 901 -j ACCEPT

Also, you must change the
only_from = 127.0.0.1
line in the /etc/xinetd.d/swat file to
only_from = ip-address-of-remote-machine
which is 192.168.2.6 in my case. Please adjust your ip address accordingly.

                                                                         Figure 1

Then restart xinetd:      service xinetd restart
In browser, when you connect to swat, it will ask you for username and password. Enter the root user account and its password, then you will see the SWAT homepage:

                                                                            Figure 2

In Homepage, you can find a very good Samba documentation.
In Global, by clicking GLOBALS icon on top Menu, you can change the global setting in the smb.conf configuration file. For example,
workgroup = MYGROUP   --> It’s set to the default workgroup for Microsoft Windows 7. If you are using workgroup in your network, you can adjust it accordingly.
or
netbios name = LOCALHOST   -->It can be the same hostname used for the system. This becomes what other clients see in network browse lists such as those shown from a Microsoft net view command or a regular Linux smbclient command.

You can always switch between Basic and Advance view of configurations. Advance view gives you sufficient details:

                                                                         Figure 3

I am not going to explain every single line in this tools since it's a lot and beyond of this discussion. I assumed that you know the Samba configuration and this topic is just to introduce SWAT. Nevertheless, I will show you how to share a folder in Samba with this tools.Also, there is always a link (Help) beside each option that gives you a lot of information.

Note: when you change something in options, you must click on Commit Changes button to save your changes. 

Note: You must open firewall for samba server. To do this, enter the following command:

iptables -I INPUT -p tcp --dport 139 -j ACCEPT
iptables -I INPUT -p tcp --dport 445 -j ACCEPT
iptables -I INPUT -p udp --dport 137 -j ACCEPT
iptables -I INPUT -p udp --dport 138 -j ACCEPT


Now, I am going to show you how to create a share folder in Samba server to be accessible by all Linux and Windows clients by using SWAT.

Make a directory that you want to share and put some dummy files in Samba server.
 
mkdir /home/khosro/Samba-Test
touch /home/khosro/Samba-Test/test.txt


In GLOBALS, change netbios name to whatever you want. In this case, KHOSROHOST. This becomes what other clients see in network browse lists.
In SHARES, enter the path to the directory that you made above. In this case: /home/khosro/Samba-Test and then click on Create Share button.

                                                                               Figure 4

Next, select the created share path in drop down menu and press Choose Share button. It will open the Basic Options view for share folder.

                                                                               Figure 5

Next, I just put my comment in Comment, my username(khosro) as valid users, change Read Only to No and Available to Yes. Then click Commit Changes.

Now, click STATUS icon on top menu and start smbd service:

                                                                         Figure 6

Next, create a samba user either by clicking PASSWORD icon or through terminal in samba server:
smbpasswd -a khosro

 
Figure 7

Click on VIEW icon to see your configurations:

                                                                         Figure 8

Now, open My Computer in Windows client and enter the samba server's ip address:
in this case: \\192.168.2.2

It prompts you for username and password. Enter your samba username and password that you created in previous step:

                                                                          Figure 9

After entering username and password, it shows you all shares:

                                                                         Figure 10

Now, if you click on share folder, you will see the following error:

                                                                         Figure 11

Because of SELinux setting, you see this error. Don't panic. You can solve this error by following command in samba server:

chcon -t samba_share_t /home/khosro
chcon -R -t samba_share_t /home/khosro/Samba-Test


In addition, to make sure the changes survive a relabel of SELinux, you’ll want to set up the file_contexts.local file in the /etc/selinux/targeted/contexts/files directory with a command such as the following:

semanage fcontext -a -t samba_share_t /home/khosro/Samba-Test 
semanage fcontext -a -t samba_share_t /home/khosro


Now, you are able to go to only /home/khosro/Samba-Test directory as a share folder and you don't have access to other folders under /home/khosro

Figure 12

By clicking the Server Status icon, you would see the current server status:

                                                                       Figure 13
And that's all. Hope you enjoyed.
Khosro Taraghi