Changeset 75f9474f
- Timestamp:
- 11/13/2011 02:22:21 AM (12 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- fcc6d60
- Parents:
- ee792ef
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
general.ent
ree792ef r75f9474f 4 4 --> 5 5 6 <!ENTITY day "1 1"> <!-- Always 2 digits -->6 <!ENTITY day "12"> <!-- Always 2 digits --> 7 7 <!ENTITY month "11"> <!-- Always 2 digits --> 8 8 <!ENTITY year "2011"> … … 10 10 <!ENTITY copyholder "The BLFS Development Team"> 11 11 <!ENTITY version "&year;-&month;-&day;"> 12 <!ENTITY releasedate "November 1 1th, &year;">12 <!ENTITY releasedate "November 12th, &year;"> 13 13 <!-- <!ENTITY releasedate "November &day;st, &year;"> --> 14 14 <!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP --> … … 57 57 <!-- End LFS versions --> 58 58 59 <!ENTITY blfs-bootscripts-version "2011111 1">59 <!ENTITY blfs-bootscripts-version "20111112"> 60 60 <!ENTITY blfs-bootscripts-download "&downloads-root;/blfs-bootscripts-&blfs-bootscripts-version;.tar.bz2"> 61 61 -
introduction/welcome/changelog.xml
ree792ef r75f9474f 41 41 42 42 --> 43 44 <listitem> 45 <para>November 12th, 2011</para> 46 <itemizedlist> 47 <listitem> 48 <para>[bdubbs] - Update swat instructions in samba.</para> 49 </listitem> 50 </itemizedlist> 51 </listitem> 43 52 44 53 <listitem> -
networking/netprogs/samba3.xml
ree792ef r75f9474f 133 133 make</userinput></screen> 134 134 135 <!-- - -enable-socket-wrapper for tests -->136 137 135 <para>To test the results, issue: <command>make test</command>. If you have 138 136 <application>Linux-PAM</application> installed and built the PAM library … … 419 417 </sect4> 420 418 419 <sect4 id="samba3-init"> 420 <title>Boot Script</title> 421 422 <para>For your convenience, boot scripts have been provided for 423 <application>Samba</application>. There are two included in the 424 <xref linkend="bootscripts"/> package. The first, 425 <filename>samba</filename>, will start the <command>smbd</command> 426 and <command>nmbd</command> daemons needed to provide SMB/CIFS 427 services. The second script, <filename>winbind</filename>, starts 428 the <command>winbindd</command> daemon, used for providing Windows 429 domain services to Linux clients.</para> 430 431 <indexterm zone="samba3 samba3-init"> 432 <primary sortas="f-samba">samba</primary> 433 </indexterm> 434 435 <indexterm zone="samba3 samba3-init"> 436 <primary sortas="f-winbind">winbind</primary> 437 </indexterm> 438 439 <para>The default <application>Samba</application> installation uses the 440 <systemitem class='username'>nobody</systemitem> user for guest access 441 to the server. This can be overridden by setting the 442 <option>guest account =</option> parameter in the 443 <filename>/etc/samba/smb.conf</filename> file. If you utilize the 444 <option>guest account =</option> parameter, ensure this user exists in 445 the <filename>/etc/passwd</filename> file. To use the default user, 446 issue the following commands as the 447 <systemitem class='username'>root</systemitem> user:</para> 448 449 <screen><userinput>groupadd -g 99 nogroup && 450 useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \ 451 -s /bin/false -u 99 nobody</userinput></screen> 452 453 <para>Install the <filename>samba</filename> script with the following 454 command issued as the <systemitem class="username">root</systemitem> 455 user:</para> 456 457 <screen role="root"><userinput>make install-samba</userinput></screen> 458 459 <para>If you also need the <filename>winbind</filename> 460 script:</para> 461 462 <screen role="root"><userinput>make install-winbind</userinput></screen> 463 464 </sect4> 465 421 466 </sect3> 422 467 … … 424 469 <title>Configuring SWAT</title> 425 470 426 <para>The built in SWAT (<application>Samba</application> Web 427 Administration Tool) utility can be used for basic configuration of 428 the <application>Samba</application> installation, but because it may 429 be inconvenient, undesirable or perhaps even impossible to gain 430 access to the console, BLFS recommends setting up access to SWAT using 431 <application>Stunnel</application>. Without 432 <application>Stunnel</application>, the 433 <systemitem class="username">root</systemitem> password is transmitted 434 in clear text over the wire, and is considered an unacceptable security 435 risk. After considering the security implications of using SWAT without 436 <application>Stunnel</application>, and you still wish to implement SWAT 437 without it, instructions are provided at this end of this section.</para> 438 471 <para>The SWAT (<application>Samba</application> Web Administration Tool) 472 utility can be used for configuration of the 473 <application>Samba</application> installation.</para> 474 439 475 <indexterm zone="samba3 samba3-swat-config"> 440 476 <primary sortas="g-SWAT">SWAT</primary> … … 442 478 443 479 <sect4> 444 <title>Setting up SWAT using Stunnel</title> 445 446 <para>First install, or ensure you have already installed, the 447 <xref linkend="stunnel"/> package.</para> 448 449 <para>Next you must add entries to <filename>/etc/services</filename> 450 and modify the <command>inetd</command>/<command>xinetd</command> 451 configuration.</para> 480 <title>Setting up SWAT using inetd</title> 481 482 <indexterm zone="samba3 samba3-swat-config"> 483 <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary> 484 </indexterm> 452 485 453 486 <indexterm zone="samba3 samba3-swat-config"> 454 487 <primary sortas="e-etc-services">/etc/services</primary> 455 488 </indexterm> 456 457 <indexterm zone="samba3 samba3-swat-config">458 <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>459 </indexterm>460 461 <indexterm zone="samba3 samba3-swat-config">462 <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>463 </indexterm>464 465 <para>Add swat and swat_tunnel entries to466 <filename>/etc/services</filename> with the following commands issued467 as the <systemitem class="username">root</systemitem> user:</para>468 469 <screen role="root"><userinput>echo "swat 904/tcp" >> /etc/services &&470 echo "swat_tunnel 905/tcp" >> /etc/services</userinput></screen>471 472 <para>If <command>inetd</command> is used, the following command will473 add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as474 user <systemitem class="username">root</systemitem>):</para>475 476 <screen role="root"><userinput>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \477 >> /etc/inetd.conf</userinput></screen>478 479 <para>Issue a <command>killall -HUP inetd</command> to reread the480 changed <filename>inetd.conf</filename> file.</para>481 482 <para>If you use <command>xinetd</command>, the following command will483 create the <application>Samba</application> file as484 <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify485 or remove the <quote>only_from</quote> line to include the desired486 host[s]):</para>487 488 <screen role="root"><userinput>cat >> /etc/xinetd.d/swat_tunnel << "EOF"489 <literal># Begin /etc/xinetd.d/swat_tunnel490 491 service swat_tunnel492 {493 port = 905494 socket_type = stream495 wait = no496 only_from = 127.0.0.1497 user = root498 server = /usr/sbin/swat499 log_on_failure += USERID500 }501 502 # End /etc/xinetd.d/swat_tunnel</literal>503 EOF</userinput></screen>504 505 <indexterm zone="samba3 samba3-swat-config">506 <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary>507 </indexterm>508 509 <para>Issue a <command>killall -HUP xinetd</command> to read the new510 <filename>/etc/xinetd.d/swat_tunnel</filename> file.</para>511 512 <para>Next, you must add an entry for the swat service to the513 <filename>/etc/stunnel/stunnel.conf</filename> file (as user514 <systemitem class="username">root</systemitem>):</para>515 516 <indexterm zone="samba3 samba3-swat-config">517 <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>518 </indexterm>519 520 <screen role="root"><userinput>cat >> /etc/stunnel/stunnel.conf << "EOF"521 <literal>[swat]522 accept = 904523 connect = 905524 TIMEOUTclose = 1</literal>525 526 EOF</userinput></screen>527 528 <para>Restart the <command>stunnel</command> daemon using the following529 command as the <systemitem class="username">root</systemitem> user:</para>530 531 <screen role="root"><userinput>/etc/rc.d/init.d/stunnel restart</userinput></screen>532 533 <para>SWAT can be launched by pointing your web browser to534 <uri>https://<replaceable><CA_DN_field></replaceable>:904</uri>.535 Substitute the hostname listed in the DN field of the CA certificate536 used with <application>Stunnel</application> for537 <replaceable><CA_DN_field></replaceable>.</para>538 539 </sect4>540 541 <sect4>542 <title>Setting up SWAT without Stunnel</title>543 489 544 490 <warning> … … 550 496 </warning> 551 497 552 <para> Add a swat entry to <filename>/etc/services</filename> with the553 following command issued as the554 <systemitem class='username'>root</systemitem> user:</para>555 556 <screen role='root'><userinput>echo "swat 904/tcp" >> /etc/services</userinput></screen> 557 558 <para>If <command>inetd</command> is used, the following command 559 issued as the <systemitem class='username'>root</systemitem> user will560 add a swat entry to the <filename>/etc/inetd.conf</filename> file:</para>561 562 <screen role='root'><userinput>echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \ 563 498 <para>First you must add an entry to <filename>/etc/services</filename> 499 and modify the <command>inetd</command> configuration. Add this entry 500 with the following command issued as the <systemitem 501 class="username">root</systemitem> user:</para> 502 503 <screen role="root"><userinput>echo "swat 905/tcp" >> /etc/services</userinput></screen> 504 505 <para>Now add this entry to the <filename>/etc/inetd.conf</filename> 506 file, again as the <systemitem class="username">root</systemitem> 507 user:</para> 508 509 <screen role="root"><userinput>echo "swat stream tcp nowait.5 root /usr/sbin/swat swat >> /etc/inetd.conf</userinput></screen> 564 510 565 511 <para>Issue a <command>killall -HUP inetd</command> to reread the 566 512 changed <filename>inetd.conf</filename> file.</para> 567 513 568 <para>If <command>xinetd</command> is used, the following command 569 issued as the <systemitem class='username'>root</systemitem> user 570 will create an <filename>/etc/xinetd.d/swat</filename> file:</para> 571 572 <screen role='root'><userinput>cat >> /etc/xinetd.d/swat << "EOF" 514 <para>SWAT can be launched by pointing your web browser to 515 http://localhost:905.</para> 516 517 </sect4> 518 519 <sect4> 520 <title>Setting up SWAT using xinetd</title> 521 522 <indexterm zone="samba3 samba3-swat-config"> 523 <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary> 524 </indexterm> 525 526 <para>If not already done, add an entry to <filename>/etc/services</filename> file 527 as the <systemitem class="username">root</systemitem> user:</para> 528 529 <screen role="root"><userinput>echo "swat 905/tcp" >> /etc/services</userinput></screen> 530 531 <para>Create the <application>Samba</application> <xref 532 linkend='xinetd'/> file as <filename>/etc/xinetd.d/swat</filename>.</para> 533 534 <warning> 535 <para>You may modify or remove the <quote>only_from</quote> line 536 below to include other host(s). BLFS does not recommend doing this 537 because of the security risk involved. However, in a home network 538 environment, disclosure of the <systemitem 539 class='username'>root</systemitem> password may be an acceptable 540 risk.</para> 541 </warning> 542 543 <screen role="root"><userinput>cat >> /etc/xinetd.d/swat << "EOF" 573 544 <literal># Begin /etc/xinetd.d/swat 574 545 575 546 service swat 576 547 { 577 port = 90 4548 port = 905 578 549 socket_type = stream 579 550 wait = no 551 instances = 5 580 552 only_from = 127.0.0.1 581 553 user = root 582 554 server = /usr/sbin/swat 583 log_on_failure 555 log_on_failure += USERID 584 556 } 585 557 … … 587 559 EOF</userinput></screen> 588 560 589 <para>Issue a <command>killall -HUP xinetd</command> to read the 590 new <filename>/etc/xinetd.d/swat</filename> file.</para> 591 592 <para>SWAT can be launched by pointing your web browser to 593 http://localhost:904.</para> 561 <para>Issue a <command>killall -HUP xinetd</command> to read the new 562 <filename>/etc/xinetd.d/swat</filename> file.</para> 563 564 <note> 565 <para>If you linked <application>Linux-PAM</application> into the 566 <application>Samba</application> build, you'll need to create an 567 <filename>/etc/pam.d/samba</filename> file.</para> 568 </note> 569 570 <para>SWAT can now be launched by pointing your web browser to 571 http://localhost:905.</para> 572 573 </sect4> 574 575 <sect4> 576 <title>Setting up SWAT using stunnel</title> 577 578 <para>A better way to set up SWAT for network access is through 579 <xref linkend='stunnel'/>. For convenience, a boot scripts has 580 been provided for SWAT via stunnel. First, create the stunnel 581 configuration file:</para> 582 583 <indexterm zone="samba3 samba3-swat-config"> 584 <primary sortas="e-etc-stunnel-swat.conf">/etc/stunnel/swat.conf</primary> 585 </indexterm> 586 587 <screen role="root"><userinput>cat >> /etc/stunnel/swat.conf << "EOF" 588 <literal>; File: /etc/stunnel/swat.conf 589 590 pid = /run/stunnel-swat.pid 591 setuid = root 592 setgid = root 593 cert = /etc/stunnel/stunnel.pem 594 595 [swat] 596 accept = swat 597 exec = /usr/sbin/swat 598 </literal> 599 EOF</userinput></screen> 600 601 <para>Next, install the swat bootscript:</para> 602 603 <screen role="root"><userinput>make install-swat</userinput></screen> 604 605 <para>After starting the SWAT boot script the tool can be accessed by 606 pointing your web browser to https://localhost:905. Note: 607 <emphasis>https</emphasis>. If access to the tool needs to be 608 further restricted, then <xref linkend='iptables'/> can be 609 used.</para> 594 610 595 611 </sect4> … … 600 616 <title/> 601 617 602 <note>603 <para>If you linked <application>Linux-PAM</application> into the604 <application>Samba</application> build, you'll need to create an605 <filename>/etc/pam.d/samba</filename> file.</para>606 </note>607 618 608 619 <indexterm zone="samba3 samba3-swat-config"> … … 612 623 </sect3> 613 624 614 <sect3 id="samba3-init">615 <title>Boot Script</title>616 617 <para>For your convenience, boot scripts have been provided for618 <application>Samba</application>. There are two included in the619 <xref linkend="bootscripts"/> package. The first,620 <filename>samba</filename>, will start the <command>smbd</command>621 and <command>nmbd</command> daemons needed to provide SMB/CIFS622 services. The second script, <filename>winbind</filename>, starts623 the <command>winbindd</command> daemon, used for providing Windows624 domain services to Linux clients.</para>625 626 <indexterm zone="samba3 samba3-init">627 <primary sortas="f-samba">samba</primary>628 </indexterm>629 630 <indexterm zone="samba3 samba3-init">631 <primary sortas="f-winbind">winbind</primary>632 </indexterm>633 634 <para>The default <application>Samba</application> installation uses the635 <systemitem class='username'>nobody</systemitem> user for guest access636 to the server. This can be overridden by setting the637 <option>guest account =</option> parameter in the638 <filename>/etc/samba/smb.conf</filename> file. If you utilize the639 <option>guest account =</option> parameter, ensure this user exists in640 the <filename>/etc/passwd</filename> file. To use the default user,641 issue the following commands as the642 <systemitem class='username'>root</systemitem> user:</para>643 644 <screen><userinput>groupadd -g 99 nogroup &&645 useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \646 -s /bin/false -u 99 nobody</userinput></screen>647 648 <para>Install the <filename>samba</filename> script with the following649 command issued as the <systemitem class="username">root</systemitem>650 user:</para>651 652 <screen role="root"><userinput>make install-samba</userinput></screen>653 654 <para>If you also need the <filename>winbind</filename>655 script:</para>656 657 <screen role="root"><userinput>make install-winbind</userinput></screen>658 659 </sect3>660 625 661 626 </sect2> … … 671 636 <seglistitem> 672 637 <seg>cifs.upcall, eventlogadm, findsmb, ldbadd, ldbdel, ldbedit, 673 ldbmodify, ldbrename, ldbsearch, mount.cifs,net, nmbd,638 ldbmodify, ldbrename, ldbsearch, net, nmbd, 674 639 nmblookup, ntlm_auth, pdbedit, profiles, rpcclient, sharesec, smbcacls, 675 640 smbclient, smbcontrol, smbcquotas, smbd, smbget, smbpasswd, smbspool, 676 smbstatus, smbtar, smbtree, swat, testparm, umount.cifs,wbinfo,641 smbstatus, smbtar, smbtree, swat, testparm, wbinfo, 677 642 winbindd, and (if not using system TDB) tdbbackup, tdbdump, and 678 643 tdbtool</seg> … … 790 755 </varlistentry> 791 756 792 <varlistentry id="mount.cifs">793 <term><command>mount.cifs</command></term>794 <listitem>795 <para>mounts a Linux CIFS filesystem. It is usually invoked796 indirectly by the <command>mount</command> command when using the797 <option>-t cifs</option> option.</para>798 <indexterm zone="samba3 mount.cifs">799 <primary sortas="b-mount.cifs">mount.cifs</primary>800 </indexterm>801 </listitem>802 </varlistentry>803 804 757 <varlistentry id="net"> 805 758 <term><command>net</command></term> … … 1064 1017 </varlistentry> 1065 1018 1066 <varlistentry id="umount.cifs">1067 <term><command>umount.cifs</command></term>1068 <listitem>1069 <para>is used by normal, non-<systemitem1070 class="username">root</systemitem> users, to1071 <command>unmount</command> their own Common Internet File System1072 (CIFS) mounts.</para>1073 <indexterm zone="samba3 umount.cifs">1074 <primary sortas="b-umount.cifs">umount.cifs</primary>1075 </indexterm>1076 </listitem>1077 </varlistentry>1078 1079 1019 <varlistentry id="wbinfo"> 1080 1020 <term><command>wbinfo</command></term>
Note:
See TracChangeset
for help on using the changeset viewer.