Call SWAT or Webmin to administer your Samba 2.2.2

Take a look at two GUI programs you can use to configure and administer Samba.

Samba comes with the Samba Web Administration Tool (SWAT), a Web-based configuration utility that makes dealing with the cumbersome smb.conf file less painful and less error-prone. You can use SWAT alone, or you can use the Webmin Web-based administration tool to make the job of configuring Samba even easier. In this Daily Drill Down, I’ll discuss installing and using SWAT and the Samba Webmin module to simplify Samba’s configuration.

Samba from the command line
In my last Daily Drill Down, “Share files and control your domains in a heterogeneous network with Samba 2.2.2,” I discussed how to set up Samba 2.2.2 in both a workgroup configuration and as the primary domain controller for authentication. Through several examples, I explained how to modify the Samba configuration files with a text editor, manually add users, create shares, and do just about everything else from the command line.


Before you start
Please make sure that you’re logged in as root or using a superuser account. In addition, all of the examples in this Daily Drill Down assume the use of a Red Hat Linux 7.1 system. If you’re using another distribution, you may need to make minor modifications on your system. Finally, these examples assume that your Samba installation resides in the default location, /usr/local/samba. If this isn’t the case, you’ll need to make the appropriate modifications.

Before you SWAT
SWAT is installed by default with Samba 2.2.2. SWAT files are installed to the /usr/local/samba/swat directory, and the executable is placed in /usr/local/samba/sbin. However, before SWAT can be used, a few things need to be done.

First, the /etc/services file must be modified to include the following line to tell the system which TCP port SWAT will use:
swat 901/tcp # Samba Web Administration Tool

The second step depends on whether or not you’re using inetd or xinetd. To determine this, you can issue a ps -ef | grep inetd command at the command line. If you see xinetd listed, you’re likely using xinetd; otherwise, assume it’s inetd. For inetd systems, add this line to your /etc/inetd.conf file.

If you’re using xinetd, create a file called swat in the /etc/xinetd.d directory with the following contents:
service swat
       port = 901
       socket_type = stream
       wait = no
       user = root
       server = /usr/local/samba/sbin/swat
       log_on_failure += USERID
       disable = no

Next, issue a kill -1 {pid of inetd} command if you’re running inetd or a /etc/init.d/xinetd restart command if you’re running xinetd.

Finally, if you’re using an OS that makes use of Pluggable Authentication Modules (PAM), such as Red Hat Linux 7.1, you need to create a file called samba in the /etc/pam.d directory on your server and add the following two lines:
auth required /lib/security/ nullok shadow
account required /lib/security/

For more information on Pluggable Authentication Modules, take a look at these TechProGuild articles: ”Using Pluggable Authentication Modules with Linux” ”Controlling passwords with PAM”

Next, point your Web browser at your Samba server on port 901. In my setup, I point to http://pear:901. (Pear is the name of my Samba server.)

Figure A
Log in to your Samba server.

If everything is configured properly, you’ll be greeted with a login dialog box similar to that in Figure A. Log in as your root user with the proper password.

Figure B
SWAT allows you to configure any options in Samba. It generates the smb.conf file for you.

Once you’ve logged in to the SWAT tool, you’ll see the initial page, as shown in Figure B.

Be aware that this configuration utility strips all comments from a manually created smb.conf file. If you’ve spent significant time manually creating this file, it’s wise to back it up before using SWAT.

Details, anyone?
Along the top of the page is the main navigation bar for SWAT. Here, you’ll find the following clickable buttons:
  • ·        Home is where you are right now. On the home page, you’ll find links to various sections of the Samba documentation. An HTML version of the Samba documentation was installed by default when you installed Samba.
  • ·        The Globals button allows you to set Samba's global parameters, such as workgroup name, server name, and security options.
  • ·        Clicking Shares brings up a page that enables configuration of the various shares on the server.
  • ·        The Printers button allows configuration of printers that are to be shared out via Samba to Windows clients.
  • ·        The Status button shows you the current status of the Samba processes.
  • ·        The View button shows you a text version of the full smb.conf file that has been generated.
  • ·        Finally, the Password button allows you to modify details of Samba users’ passwords.

What the GUIs do to your files
To see what SWAT has done with your smb.conf file so far, click the View button. (If you want to see a complete Samba configuration, including unlisted default options, you can click View | Full View.) You should see something like the following:
# Samba config file created using SWAT
# from slowe-nb (
# Date: 2001/11/14 20:12:19

# Global parameters
       workgroup = SWG
       netbios name = PEAR
       netbios aliases = pear
       server string = Samba process on Pear
       encrypt passwords = Yes
       domain logons = Yes
       os level = 34
       preferred master = True
       domain master = True

       comment = Domain logon
       path = /usr/local/samba/netlogon
       browseable = No

       read only = No

       comment = Samba distribution files
       path = /usr/local/samba-2.2.2
       read only = No

       comment = Samba installation
       path = /usr/local/samba
       read only = No

Now, let's add a share to the Samba configuration and see what effect it has on the smb.conf file. For this example, we’ll share out my Apache htdocs directory.

Figure C
The page for the htdocs share makes adding a share quick and painless.

To start the process, we’ll click the Shares button on the Samba navigation bar. In the Create Share field, we’ll type htdocs and then click Create Share to open the page for htdocs (see Figure C).

Under Base Options, we can add a comment, which will be displayed on Windows clients in the comments section in Network Neighborhood in Windows 95, 98, and NT; Network Places in Windows 2000; or Network Connections in Windows XP. We’ll add the path to the directory to share and leave the remaining options at their default settings. When finished, we’ll click Commit Changes to save the information.

If you click View on the SWAT main navigation bar, you’ll see the following additions to the smb.conf file:
       comment = Apache htdocs directory
       path = /usr/local/apache/htdocs
       read only = No

If you go to your Windows client, you’ll see a share named htdocs with the comment Apache htdocs directory. Double-click on the share, and you’ll see the contents of the directory.

If you get into trouble or need further assistance in SWAT, help is available at every turn. Just click on Help next to the field that you have a question about.

The Samba module for Webmin
Webmin is an all-inclusive systems management portal for UNIX, managing everything from Apache to MySQL to, yes, Samba. Because it’s an amazingly user-friendly GUI, it makes any Linux configuration much easier. It includes a link to the SWAT utility on the Samba server. Webmin also has more powerful potential as a way to manage your Samba users.

Installing the Webmin application on your Linux server should be a very simple process. To start, make sure that you’re running a recent version of Perl. I happen to be running Perl 5.6.1; the binary is located in the /usr/bin directory and is named perl. This is important information to know if the Webmin installation process can’t locate your Perl binary, in which case you’ll have to tell the Webmin installation where it is.

Next, you need to download the Webmin software. As of this writing, the current release is 0.90. You can choose to either download a binary version of the software as an rpm or download the source files and build them. Installing the rpm version is as simple as downloading the latest version (as of this writing, webmin-0.90.i386.rpm) and running this command as root:
Rpm –ivh webmin-0.90.i386.rpm

And answer the resulting questions.

If you choose to download source files, the filename to download is webmin-0.90.tar.gz. Place this file in the /usr/local directory on your server and follow these steps:
  1. ·        Switch to the /usr/local directory with the cd /usr/local command.
  2. ·        Expand the Webmin distribution by issuing a gunzip -dc webmin-0.90.tar.gz | tar xvf - (that's a dash) command.
  3. ·        Type cd /usr/local/webmin-0.90/ to begin the installation process.
  4. ·        Type ./ to run the configuration script, which will ask you a series of questions.

You’ll be asked to provide information on the installation of Webmin, such as where you would like to place the configuration files, log files, and so forth. You’ll also be asked for the location of the Perl executable, which will probably be /usr/bin/perl. In addition, the Webmin installer will ask you to pick your operating system type from a list. Next, you’ll be asked some questions regarding your Web setup. Webmin uses its own Web server software, so configuring Apache or Netscape isn’t required. The default port for Webmin is port 10000, but this is configurable during the running of the setup script. Next, you’ll be asked to provide a login and password for Webmin and for a hostname for your server. If you have SSL installed, you’ll be prompted for related information. And finally, Webmin will ask you whether or not you would like the application started when the system starts.

Figure D
The Webmin login screen

That's it—nothing more to do here except wait for the setup to do its job. Once it's finished, point your browser at your server's port 10000. (My server name is apple, so I point to http://apple:10000.) When the browser opens the Webmin login screen, you’ll see something like that in Figure D. Type in the username and password that you specified during the installation and click the Login button to continue.

Samba passwords
The /etc/samba/smbpasswd will not show up until you’ve run smbpasswd with the -a switch.

Figure E
Once you've logged in to Webmin, you'll see all the configuration tabs available.

Once you’ve logged in, you’ll see the Webmin main page (see Figure E). Click on the Servers tab at the top of the page.

Figure F
The Servers tab contains nearly every type of server configuration you'll ever need.

When you click on Samba Windows File Sharing on the Servers tab (see Figure F), Webmin may tell you that Samba is not located where Webmin expects it to be, as it did in my case. For example, if you followed the examples in the previous article in this series, this will be the case.

Figure G
Critical Samba configurations are handled in this screen.

To correct this, click on the Module Configuration link that appears after you click the Samba Windows File Sharing icon and make the modifications shown in Figure G.

Figure H
This utility is similar to SWAT in that it will manage the smb.conf file for you.

When you’re finished, click the Save button. You’ll see the Samba Share Manager screen, as shown in Figure H.

If you click on the Windows Networking tab to open the Windows Networking Options page, you’ll see that this utility reads the contents of the smb.conf file for you and allows you to make changes, as shown in Figure I.

Figure I
As with SWAT, this utility is quite straightforward. It provides drop-down lists wherever possible to minimize your chances of providing erroneous data.

Creating a new file share using Webmin is very easy. Make sure that you’re in the Samba module for Webmin and click on the Create A New File Share link at the bottom of the list of file shares. For this example, we’ll share the /usr/local directory as local and make it both available and browseable. Figure J shows everything that needs to be set up.

Figure J
Make sure you click local; otherwise, you'll share out that user's home directory.

That's all, folks
If you’ve ever tried to administer Samba with only a text editor and your smb.conf file, you’ll certainly understand how much time and energy you can save by taking advantage of these two GUI applications. You’ll also discover a much more powerful and flexible Samba configuration with the help of either SWAT or Webmin, or both. Other utilities are available, but I’ve found that many of them are out of date and have not kept up with Samba. If you need something quick and easy to set up, I recommend both of the above packages.

Editor's Picks