Er is ook een nederlandse versie van dit document. nederlands

Swat is a part of the Samba suite.
It's a small webserver which is intended to let you ;

all from your webbrowser.

But hey, I'm a slacker! Why would I need a GUI tool just to manage SAMBA


But.... And as a newbie that is worth something... right?

From the manpage
SWAT(8)                                                   SWAT(8)

       swat - Samba Web Administration Tool

       swat [ -s  ]  [ -a ]

       This tool is part of the  Sambasuite.

       swat allows a Samba administrator to configure the complex
       smb.conf(5)file via a Web browser.  In  addition,  a  swat
       configuration  page has help links to all the configurable
       options in the smb.conf file allowing an administrator  to
       easily look up the effects of any change.

Swat is started by the inetd daemon.
That way Swat is only started when there is a need for it.

To be fair, this really is a RTFM topic. Everything which is about to follow comes straight out off the manpage. Just watch:

(It is possible that most off the work has been done while installing your distro (this is the case with slack (what do mean by "unfriendly distro"))) :D

To configure your system for Swat 2 files need to be altered:

From the services manpage
SERVICES(5)         Linux Programmer's Manual         SERVICES(5)

       services - Internet network services list

       services is a plain ASCII file providing a mapping between
       friendly textual names for internet  services,  and  their
       underlying assigned port numbers and protocol types. Every
       networking program should look into this file to  get  the
       port number (and protocol) for its service.  The C library
       routines   getservent(3),   getservbyname(3),   getservby-
       port(3), setservent(3), and endservent(3) support querying
       this file from programs.

In /etc/services a line must be added for swat.
From the swat manpage
       In /etc/services you need to add a line like this:

       swat 901/tcp

In my case (slackware, which allready had that line) it looks like this:
accessbuilder   888/udp
swat            901/tcp                 # samba web configuration tool
ftps-data       989/tcp                 # ftp protocol, data, over TLS/SSL

The lines about accesbuilder and ftps-dat have nothing to do with swat offcourse. I left them in to give the swat line a proper placing. But it really doesn't make any difference where you place that line in /etc/services.

From the inetd manpage
     Upon execution, inetd reads its configuration information from a configu-
     ration file which, by default, is /etc/inetd.conf.  There must be an
     entry for each field of the configuration file, with entries for each
     field separated by a tab or a space.  Comments are denoted by a ``#'' at
     the beginning of a line.  There must be an entry for each field.  The
     fields of the configuration file are as follows:

           service name
           socket type
           user[.group] or user[:group]
           server program
           server program arguments

The swat manpage litterly gives us the line which needs to be added to /etc/inetd.conf:
       In /etc/inetd.conf you should add a line like this:

       swat stream tcp nowait.400 root  /usr/local/samba/bin/swat

But there is a little catch.
The last mention off swat is on his own line, while this really should be an option to the swat command. De line should really be:
       swat stream tcp nowait.400 root  /usr/local/samba/bin/swat swat

Check if the command "/usr/local/samba/bin/swat: is correct for you setup. It's quite possible that the swat executable is in a different location on your system.
You can make this check with the command (as root) `which swat`.
root@bilbo:/home/bilbo# which swat

If I would leave /etc/inet.conf as it is, swat will not work on my system (as a matter off fact I allready had the correct line in /etc/inetd.conf).
#Samba Web Administration Tool:
#swat           stream  tcp     nowait.400 root /usr/sbin/swat  swat

I'll only have to remove the "#" character to get the inetd configuration right.

And the swat manpage contineus with:
       One  you have edited /etc/services and /etc/inetd.conf you
       need to send a HUP signal to inetd. To do this use kill -1
       PID where PID is the process ID of the inetd daemon.
Including. typo :D (But then again, my english isn't perfect either)

Restarting services is allso covered in "Een stukje process management" (just in dutch at the moment, sorry).

After restarting inetd, swat will start if the is a request on port 901.

The swat manpage contineus with:
       To  launch  SWAT  just  run  your favorite web browser and
       point it at "http://localhost:901/".

       Note that you can attach to SWAT  from  any  IP  connected
       machine  but  connecting from a remote machine leaves your
       connection open to password sniffing as passwords will  be
       sent in the clear over the wire.

In other words; you browse to you rown machine on port 901. You will be welcomed by Swat's login screen.
You did read the above mentioned "Note" didn't you

Tttttthats all folks, did you see, it's all in the manpages :D

[deleted]Xinetd users (ie RedHat) will have to configure xinetd in stead off inetd. If I get around to it I'll make an appendix for it (got that item somewhere in an IBM book).[/deleted]

[loose thought]What is open source beautifull :D[/loose thought]

Xinetd users (ie in use by Redhat) will have to configure xinetd. See for this purpose Apendix A (that is below :D)

I've noticed that Swat will follow the security rules in smb.conf with regards to "hosts allow" and "hosts deny". If you restrict Samba to your local net (ie hosts allow = which is a wise thing to do, swat to will only work on your local net.

Apendix A: xinetd

Just got a mail from scdgro (;)) with his xinetd file.

The xinetd way off doing things is a little bit different. Inetd will have all off Swat't options on one line. With xinetd Swat gets its own section. Often a section is sourced from separate files (or is that just RedHat?). Anyway.... this is what I got from scdgro
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
#          to configure your Samba server. To use SWAT, \
#          connect to port 901 with your favorite web browser.
service swat
   port   = 901
   socket_type   = stream
   wait    = no
   only_from =
   user   = root
   server   = /usr/local/samba/bin/swat
   log_on_failure   += USERID
   disable = no

The options resemble those of inetd a lot, I think they are quite self explainatory.
Add this to your /etc/xinetd.conf or put it as a file in (at least with RedHat) the directorie /etc/xinetd.d from where the file will be sourced. The exact location may be different in different distro's, but the location must be mentioned in /etc/xinetd.conf

The daemon xinetd requires a restart just as inetd does.

Signing off, love and kisses....
(Laurie Anderson)