Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Enable the SWAT Samba config tool in 10.2 UNIX
I was interested in running Samba's SWAT tool to configure Samba on my Jaguar system. This allows you to view and change the configuration of your Samba sharing in any web browser. You can run SWAT from xinetd or inetd; I chose to use xinetd. Here's how I did it...

Steps to take
  1. As the root user, create a file in /etc/xinetd.d named swat:
    sudo vi /etc/xinetd.d/swat
  2. Paste these contents:
    service swat
    {
    port = 901
    socket_type = stream
    wait = no
    only_from = localhost
    groups = yes
    user = root
    server = /usr/sbin/swat
    log_on_failure += USERID
    disable = No
    }
  3. Edit (as root) /etc/services to include:
    swat       901/tcp
  4. Restart the xinetd daemon with this command:
    sudo kill -HUP `cat /var/run/xinetd.pid`
    Sometimes xinetd doesn't restart here; if a ps -ax doesn't show xinetd, then use this command to restart xinetd
    sudo xinetd -pidfile /var/run/xinetd.pid
Now you should be able to login to SWAT from a browser, using the url http:/localhost:901. To get full administrative access, you will need to login as "root" (without the quotes) the first time.
    •    
  • Currently 2.33 / 5
  You rated: 1 / 5 (3 votes cast)
 
[31,674 views]  

Enable the SWAT Samba config tool in 10.2 | 26 comments | Create New Account
Click here to return to the 'Enable the SWAT Samba config tool in 10.2' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
nope
Authored by: wesleykonrad on Sep 06, '02 10:46:30AM

I got the same error I did when I tried to do it through inetd

400 Server Error
chdir failed - the server is not configured correctly

any ideas?



[ Reply to This | # ]
re: nope
Authored by: BraindeadMac on Sep 06, '02 12:33:56PM

I just tried this on a fresh installation of OS X 10.2 to double check it----it works perfectly well. So you've altered one, or more, of the files involved here.

First of all, make sure you disabled the daemon call from inetd by deleting it's entry in /etc/inetd.conf. Then restart inetd.

Second, make sure you are using a good /etc/smb.conf. The process will start up perfectly using the /etc/smb.conf.template file (although you won't have much in the way of service!).



[ Reply to This | # ]
Very odd...
Authored by: robg on Sep 06, '02 09:19:43PM

I have a stock 10.2 install, I cut and pasted the above text, and the service worked just as expected -- port 901 gets me the good 'ole SWAT admin pages in my browser.

Have you done anything atypical to your setup? What kind of machine? What OS? For what it's worth, this is a G4/733, 1.2gb RAM, running 10.2 6C115 (retail) in US mode; nearly every sharing preference enabled...

-rob.



[ Reply to This | # ]
Very odd...
Authored by: wesleykonrad on Sep 06, '02 10:01:33PM

tell me about it.

I have a G4 733 with 384 ram. I am running 6C115. Would there be a different version sent to us Canucks?

I also copy and pasted it. I edited it in pico using su. Would I have to change a permission somewhere perhaps?



[ Reply to This | # ]
Try this xinetd config instead.
Authored by: Ook on Sep 06, '02 01:19:02PM
service swat
{
        disable         = no
        socket_type     = stream
        port            = 901
        wait            = no
        user            = root
        server          = /usr/sbin/swat
        server_args     = -s /etc/smb.conf
        groups          = yes
}
WARNING: I limit access in the global /etc/xinetd.conf file, so there are no throttling or access control statments here. The main difference is that I feed swat the smb.conf file it should read.


[ Reply to This | # ]
still nothing
Authored by: wesleykonrad on Sep 06, '02 03:02:27PM

I had commented out the info in inetd.conf already and I tried the new lines in xinetd.d/swat but still the same error. I replaced the smb.conf file with the template and still nothing (I have been rebooting inbetween each try just to make sure inetd and xinetd were restarted) This is a new install of Jag I just did it this weekend.

any other suggestions?

I also tried to install the preferencepane Samba Sharing as a last ditch effort. That doesn't work either.

wesley



[ Reply to This | # ]
Ok, Stranger Still
Authored by: wesleykonrad on Sep 06, '02 10:12:59PM

I saw on versiontracker a upgrade of the Samba Sharing Package. I followed the instructions to go from 2.5.0b1 to b2 and now it works like a charm. So, I can now create shares at will. Still, it is pretty weird. I tried swat again and still it didn't work.



[ Reply to This | # ]
Ok, Stranger Still
Authored by: BraindeadMac on Sep 07, '02 09:47:16AM

I agree, this is really quite strange. I've now done this on 6 different machines: 2 Quicksilvers, 2 PB G4s, an iMac 800 flat screen, and a PB G3. All went flawlessly.

Is this a clean install or an upgrade of 10.2? That's not mattered in my experience for swat, although I did find I had to go back and do a completely clean install on the PB G4s due to frequent appliation crashes. Where does this error show up, and what browser are you using? Does the system.log show anything?



[ Reply to This | # ]
OK, Stranger Still
Authored by: wesleykonrad on Sep 07, '02 08:30:23PM

I installed 10.2 over top of 10.1.5 but it had been a fresh install of 10.1.5 (I know, why not just start at 10.2? Long story about internal politics) So it was essentially clean. I have tried SWAT with netscape 7, Chimera .40 and IE 5. no luck on any of them. The error just shows up in the browser page.

the system.log shows

Sep 7 19:28:03 Bronwyn xinetd[412]: START: swat pid=18116 from=127.0.0.1





[ Reply to This | # ]
OK, Stranger Still
Authored by: BraindeadMac on Sep 12, '02 10:19:58AM

Launch Disk Utility and repair preferences.



[ Reply to This | # ]
I tried the above and SWAT still doesn't run
Authored by: theckenlively on Sep 12, '02 10:07:46PM

I've read all the comments and tried running the repair you just mentioned but to know avail. This is a clean install of 10.2 running on a G4. I am posting the system.log entries which show xinetd restarting and swat trying to start. I tried both your original code and the other suggested option for /etc/xinetd.d/swat, but neither works.

Sep 12 18:48:43 zeus xinetd[391]: Unexpected signal 19 (Continued)
Sep 12 18:48:43 zeus xinetd[391]: Starting reconfiguration
Sep 12 18:48:47 zeus xinetd[391]: readjusting service swat
Sep 12 18:48:47 zeus xinetd[391]: Reconfigured: new=0 old=1 dropped=0 (services)
Sep 12 18:49:06 zeus xinetd[391]: START: swat pid=574 from= my IP address
Sep 12 18:49:06 zeus xinetd[574]: FAIL: swat address from= my IP address
---- snip -- tries to connect to more times with same result ----

About 5 minutes later the log shows the following:

Sep 12 18:56:50 zeus inetd[387]: swat/tcp: bind: Address already in use

Any ideas what is happening here? Many thanks.



[ Reply to This | # ]
I tried the above and SWAT still doesn't run
Authored by: BraindeadMac on Sep 24, '02 07:38:30AM

The reason for the START and FAIL messages is probably the security--you must either change the "only_from" line in the xinetd file to something other than localhost to address it from your IP. Or use 127.0.0.1:901 from your local machine....



[ Reply to This | # ]
hi all
Authored by: almayn on Oct 16, '02 06:42:43AM

you may read the man page for swat and find out, that swat is not completly installed on jag out of the box. (/usr/local/samba/swat/images/*;/usr/local/samba/swat/help/* missing!)



[ Reply to This | # ]
hi all
Authored by: BraindeadMac on Oct 18, '02 08:40:43AM

those files are in /usr/share/swat/.....



[ Reply to This | # ]
all about the xinetd stuff
Authored by: almayn on Oct 17, '02 05:18:04AM

check out http://www.macsecurity.org/ & http://xinetd.org/...all about xinetd

enjoy



[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.2
Authored by: gxw on Nov 25, '03 07:42:36PM

This hint works in Panther!
2 changes though...

1. Apple has supplied a default /etc/xinetd/swat file. Edit this & change the disabled = yes to disabled = no
2. In /etc/services an entry for port 901 already exists. Comment this line out then add swat 901/tcp in its place.

Cheers!



[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.2
Authored by: esbon on Dec 03, '03 07:29:02PM

I made the changes to the /usr/sbin/swat file and I tried my browser going to localhost:901. A pop up window comes up and I entered root and the password I had already enabled from Netinfo. The message says that either user name or password is wrong. any ideas why I can't log on to SWAT?

Thanks



[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.2
Authored by: supermoquette on Mar 17, '04 03:28:16AM

I got exactly the same user/password? any idea? is there a default L/P for swat in 10.3?



[ Reply to This | # ]
Unable to log into SWAT or CUPS in 10.3
Authored by: Kheled on Jul 26, '04 01:58:17PM

Interstingly enough, I have the same problem, both with SWAT and CUPS! Prhaps they are both accessing the same password file? Anyone know which password file is being used here?

K

---
When the going gets weird, the weird turn pro.

- H.S.T.



[ Reply to This | # ]
What password file is used byb SWAT
Authored by: Kheled on Jul 26, '04 06:18:46PM

Anyone know what password file is being accessed for authentication when logging in? My SWAT install does not seem to recognize my root account info.

While were on it, does CUPS use this same file? I have the same problem logging into CUPS.

I am runiing 10.3.4. Upgraded from 10.2. After the upgrde, my CUPS login broke.

K

---
When the going gets weird, the weird turn pro.

- H.S.T.



[ Reply to This | # ]
What password file is used byb SWAT
Authored by: srbarker on Nov 22, '04 04:58:52PM

Have you been able to get an answer to this? I have exactly the same issue on my Imac with 10.3...

All of the books and articles I have looked at say SWAT should work with the root account - but it doesnt on my machine



[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.4
Authored by: gxw on May 02, '05 10:00:36PM

Got SWAT to work in 10.4.
1. Go to /System/Library/LaunchDaemons
2. Edit swat.plist
3. In the line directly under /usr/sbin/swat change the -d 10 to -a
4. Save the file.
5. Edit /etc/hostconfig
6. Change SMBSERVER=-NO- to SMBSERVER=-YES-
7. Save
8. Edit /etc/services
9. Find the line where port 901 is defined
10. delete the line where it says 901/udp
11. Change the 901/tcp line to read:
swat 901/tcp
12. Save the file
13. run /sbin/service swat start
14. reboot
15. goto http://localhost:901

NOTES:
-a tells swat to not ask for a password - BE Careful when turning this on! I will not be responsible for your use of this. Using this means that anyone using your Mac will be able to edit your smb.conf file! Note you won't be able to access swat from another machine.

I think the swat program does not know how to read netinfo for the password which is why the root account & password were always rejected. I need to RTFM on this. Having a hard time finding the FM though.

I don't know where apple got the -d 10 parm from. This switch is not in the swat manual.

Forgot to test to see if I can actually change any values when I use swat. But I can now access the smb.conf documentation easier.

Like I said above, I need to do more research on this.



[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.4
Authored by: StormeRider on Sep 29, '05 11:21:31AM
-d 10 is to turn on debug level 10. An alternate way to start is to use launchctl:
$ sudo launchctl load -w /System/Library/LaunchDaemons/swat.plist
$ sudo launchctl list | grep -i swat
org.samba.swat
Still trying to track down the right way to authenticate... /var/log/samba/log.swat has this error:
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pass_check.c:pass_check(621)
  pass_check: Checking (PAM) password for user root (l=8)
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_start(463)
  smb_pam_start: PAM: Init user: root
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_start(480)
  smb_pam_start: PAM: setting rhost to: 0.0.0.0
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_start(489)
  smb_pam_start: PAM: setting tty
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_start(497)
  smb_pam_start: PAM: Init passed for user: root
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_auth(514)
  smb_pam_auth: PAM: Authenticate User: root
[2005/09/29 18:10:29, 2] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_auth(518)
  smb_pam_auth: PAM: Athentication Error for user root
[2005/09/29 18:10:29, 2] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_error_handler(77)
  smb_pam_error_handler: PAM: Authentication Failure : Authentication failure
[2005/09/29 18:10:29, 0] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_passcheck(814)
  smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root !
[2005/09/29 18:10:29, 4] /SourceCache/samba/samba-92.9/samba/source/auth/pampass.c:smb_pam_end(444)
  smb_pam_end: PAM: PAM_END OK.


[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.4
Authored by: ikirudennis on Jan 24, '06 02:09:39PM

I just stumbled upon this fix recently, and although it seems to get me quite a bit closer to actually configuring samba, it falls just short. Has anyone figured out anything further regarding configuring samba, swat or smbd user accounts?



[ Reply to This | # ]
Enable the SWAT Samba config tool in 10.4
Authored by: growler on Dec 26, '06 12:24:40AM
I figured out a way to get SWAT to authenticate properly. As noted above, the logs indicate it is a pam authentication problem. I do NOT know anything about how pam works, so if this solution doesn't work for you... well, I can't help you.

Basically, I completely followed gxw's hint above, however I decided to leave the smb server switch set to "-d 10" per the default. (I did not use the "-a" option, which nullifies the need to authenticate at all....) Much googling suggested that pam was looking for a samba authentication file, so using the terminal I cd'd to "/etc/pam.d" and sure enough, there was no file named "samba"... so I simply entered this command:

sudo cp ./passwd ./samba

I rebooted, and when the machine came up, I was able to use Safari to navigate to http://localhost:901/ and successfully logon to the SWAT configuration tool.

Hope this helps some folks!

PS: I am running OS X 10.4.8 on a PPC Mac Mini, with the latest patches and updates applied. The version of SWAT installed is 3.0.10. Also, I didn't have to mess around with NetInfo Manager: the root account had already been activated on my machine.

[ Reply to This | # ]

Enable the SWAT Samba config tool in 10.4
Authored by: Scooper on Jun 01, '07 10:35:49PM

This worked, I have no idea why I needed to do it but now I can get into swat. Thanks very much.



[ Reply to This | # ]