[root@server~]# yum install samba*

 [root@server~]# vim /etc/samba/smb.conf

 [root@server~]# chcon -t samba_share_t  /your shared directory

 [root@server~]# testparm # check ur config file

 [root@server~]# service smb start

 [root@server~]# service nmb start

 [root@server~]# service winbind start

[root@server~]# Chkconfig smb on

[root@server~]# Chkconfig nmb on

[root@server~]# chkconfig winbind on

[root@server~]# pgrep smb                       #test whether the smb process is running

 >>>>>>>>>>>>>>>>Configure swat for samba>>>>>>>>>>>>>>>>>>>>>>>>>

[root@server~]# vim /etc/xinetd.d/swat

service swat

{

        disable            = no

        port                 = 901

        socket_type     = stream

        wait                 = no

        protocol           = tcp

        only_from       = localhost or any other ip from which u want to access swat

        user                 = root

        server              = /usr/sbin/swat

        log_on_failure  += USERID

}

[root@server~]# service xinetd restart

[root@server~]# chkconfig xinetd on

[root@server~]# chkconfig swat on

enter “http://127.0.0.1:901” in your browser to get the login screen of swat on samba server

 >>>>>>>>>>>>>>>>>>>>>>Encrypting SWAT>>>>>>>>>>>>>>>>>>>>>>>>>

[root@server~]# yum install stunnel*

[root@server~]# useradd stunnel

[root@server~]# cd /etc/pki/tls/certs

[root@server~]# make stunnel.pem

[root@server~]# chmod 640 stunnel.pem

[root@server~]# chgrp stunnel stunnel.pem

Create An /etc/stunnel/stunnel.conf Configuration File

[root@server~]# vim /etc/stunnel/stunnel.conf

# Configure stunnel to run as user “stunnel” placing temporary

# files in the /home/stunnel/ directory

chroot  = /home/stunnel/

pid     = /stunnel.pid

setuid  = stunnel

setgid  = stunnel

 # Log all stunnel messages to /var/log/messages

debug   = 7

output  = /var/log/messages

 # Define where the SSL certificates can be found.

client  = no

cert    = /etc/stunnel/stunnel.pem

key     = /etc/stunnel/stunnel.pem

# Accept SSL connections on port 901 and tunnel it to  port 902 for swat.

[swat]

accept   = 901

connect  = 902

Create A New /etc/xinetd.d File For Secure SWAT

[root@server~]# cd /etc/xinetd.d

[root@server~]# cp swat swat-stunnel

[root@server~]# vim swat-stunnel

service swat-stunnel

{

       port                       = 902

       socket_type           = stream

       wait                      = no

       only_from            = 127.0.0.1

       user                       = root

       server                    = /usr/sbin/swat

       log_on_failure  += USERID

       disable                  = no

       bind                      = 127.0.0.1

}

 Disable SWAT in the /etc/xinetd.d/swat File

[root@server~]# vim /etc/xinetd.d/swat

service swat

{

        disable = yes

        port                  = 901

        socket_type     = stream

        wait                   = no

        protocol            = tcp

        only_from         = localhost or any other ip from which u want to access swat

        user                  = root

        server               = /usr/sbin/swat

        log_on_failure  += USERID

}

Edit The /etc/services file To create a Secure SWAT entry

[root@server~]# vim /etc/services

swat-stunnel    902/tcp     # Samba Web Administration Tool (Stunnel)

[root@server~]# chkconfig swat off

[root@server~]# chkconfig swat-stunnel on

Start stunnel

[root@server~]# stunnel

To stop stunnel

[root@server~]# pkill stunnel

 Making stunnel Start at Boot Time

[root@server~]# which stunnel >> /etc/rc.local

Test Secure SWAT

root@server~]# netstat -an

Test The Secure SWAT Login

#enter this url in your browser

https://server-ip-address:901/

Posted in: Linux.
Last Modified: January 12, 2017

Leave a reply