Samba SWAT issues...

kaze kaze at voicenet.com
Sat Feb 14 01:29:01 UTC 2004 

Okay, I get the distinction re RPM btwn the package and the file - thanks.

--> [mailto:fedora-list-admin at redhat.com]On Behalf Of Markku Kolkka
--> Sent: Friday, February 13, 2004 5:37 PM
--> To: fedora-list at redhat.com
--> Subject: Re: Samba SWAT issues...
...
--> > Question: is inetd.d the same as xinetd.d?
-->
--> xinetd is used for the same purpose but it's net the same
--> program and they
--> use different configuration files.
-->
--> > In /etc/xinetd.conf I added: "swat stream tcp nowait.400 root
--> > /usr/local/samba/bin/swat swat" but vi highlights the three
--> > words swat in yellow..
-->
--> That's inetd syntax, and it's guaranteed to break xinetd. See
--> /var/log/messages
--> for the error messages.

Tanx

--> [mailto:fedora-list-admin at redhat.com]On Behalf Of Alexander Dalloz
--> Sent: Friday, February 13, 2004 5:42 PM
--> To: fedora-list at redhat.com
--> Subject: Re: Samba SWAT issues...
...
--> > /etc/services has the swat 901/tcp line - it is not commented out
-->
--> Why should it be commented?
Just being overly clear :-)

--> > There is no /etc/inetd.d directory.
-->
--> As Fedora uses xinetd.
Mmmm

--> > Question: is inetd.d the same as xinetd.d?
-->
--> No. Just look at the other xinet.d files.
Okay?

--> > I did a "kill -1 1178" where xinitd.d's PID was 1178, nothing at
--> > http://ImediaArchive:901 (no firewall btwn them)
--> >
--> > In /etc/xinetd.conf I added: "swat stream tcp nowait.400 root
--> > /usr/local/samba/bin/swat swat" but vi highlights the three
--> words swat in
--> > yellow..
-->
--> xinetd uses other syntax. Please read the documentation.
Will do.
...
--> > frustrating on Fedora - what to do?
-->
--> See "rpm -qli samba-swat"

Tanx

--> [mailto:fedora-list-admin at redhat.com]On Behalf Of Jay Fenlason
--> Sent: Friday, February 13, 2004 5:45 PM
--> To: fedora-list at redhat.com
--> Subject: Re: Samba SWAT issues...
...
--> try "rpm -q -a | egrep samba.  Note that none of names it prints end
--> in ".rpm".  That's the main problem you're seeing there.  This
--> confuses me at least once a year or so.  The trick is that when
--> you're installing packages, you're referring to the files that
--> contain the bits, whose names happen to end in .rpm.  Once they're
--> installed, you're referring to the packages, whose names are just
--> "package_name"-"version"-"release", which doesn't.

Thanks!, this is clear now.

--> I don't know why your initial attempt gave the "samba-swat is already
--> installed" error, but I'm definitely not a rpm expert.
-->
...
--> > Question: is inetd.d the same as xinetd.d?
-->
--> That depends on what version of inetd/xinetd a system is using.
--> xinetd on fedora uses /etc/xinetd.conf and /etc/xinetd.d/* for
--> configuration.  The original Berkeley inetd used /etc/inetd.conf
--> (only).  I'm sure different distributions configure their inetd/xinetd
--> programs to look in different places for their config files.
--> Personally, I've never used one that had an /etc/inetd.d directory,
--> but that's just me.
-->
--> > I did a "kill -1 1178" where xinitd.d's PID was 1178, nothing at
--> > http://ImediaArchive:901 (no firewall btwn them)
-->
--> Why did you reload xinetd the hard way instead of using the convenient
--> "/sbin/service xinetd reload" command?  It's much easier than
--> remembering the proper signal to send to kill, etc.

This is what a few howto's and posts on lists detailed to do, including this
one http://us3.samba.org/samba/docs/man/swat.8.html on samba.org...

--> Did you remove the "only_from = 127.0.0.1" line from
--> /etc/xinetd.d/swat ?  That line means that swat is only avaliable on
--> the local machine.  It's a security feature, since there is no
--> encryption on the swat network connection, and any blackhat with a
--> sniffer could see your password if you used swat over a network.

No, didn't know about this or notice it while in that file; will revisit.

--> Don't enable swat on a network interface unless you absolutely trust
--> every user on that network.  Well, unless you're a security researcher
--> investigating how long it'll take your machine to get 0wned.  When I
--> use swat I always ssh into the machine I'm administrating and use lynx
--> or links to access it.
-->
--> Did you run netstat -n -a and look for a listener on port 901?  I
--> suspect you'll see one, but it's only listening on the loopback
--> interface.

Actually I ran lynx and tried to get http://localhost:901, and
http://<host_IP>:901 but neither of this worked.

--> > In /etc/xinetd.conf I added: "swat stream tcp nowait.400 root
--> > /usr/local/samba/bin/swat swat" but vi highlights the three
--> words swat in
--> > yellow..
-->
--> Don't do that!  You've already added a swat entry.  This will just
--> confuse xinetd.  And that's the wrong syntax for xinetd.  You should
--> read "man xinetd.conf" for the correct syntax.

'K
...
--> > frustrating on Fedora - what to do?
-->
--> Remove that second swat entry you added to /etc/xinetd.conf.  Run
--> "/sbin/service xinetd reload".  Run "links 127.0.0.1:901".
--> WorksForMe.

Awesome.

More information about the fedora-list mailing list