r4551 - in trunk/BOOK: . basicnet/netprogs introduction/welcome server/major

randy at linuxfromscratch.org randy at linuxfromscratch.org
Sun Jun 5 15:26:12 PDT 2005


Author: randy
Date: 2005-06-05 16:26:10 -0600 (Sun, 05 Jun 2005)
New Revision: 4551

Added:
   trunk/BOOK/basicnet/netprogs/samba3-client.xml
Modified:
   trunk/BOOK/basicnet/netprogs/netprogs.xml
   trunk/BOOK/general.ent
   trunk/BOOK/introduction/welcome/changelog.xml
   trunk/BOOK/server/major/samba3.xml
Log:
Added a Samba-client instruction page; updated the Samba server instructions with Alexander's comments; added an Stunnel-less SWAT setup in the Samba server instructions; removed Stunnel as a dependency of Samba server

Modified: trunk/BOOK/basicnet/netprogs/netprogs.xml
===================================================================
--- trunk/BOOK/basicnet/netprogs/netprogs.xml	2005-06-05 21:06:40 UTC (rev 4550)
+++ trunk/BOOK/basicnet/netprogs/netprogs.xml	2005-06-05 22:26:10 UTC (rev 4551)
@@ -15,17 +15,18 @@
   <application>Tcpwrappers</application> and <application>portmap</application>
   are support programs for daemons that you may have running on your machine.</para>
 
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cvs.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="inetutils.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ncftp.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ncpfs.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="net-tools.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ntp.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssh-client.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="portmap.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="rsync-client.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cvs.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="samba3-client.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="subversion.xml"/>
+  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tcpwrappers.xml"/>
   <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="wget.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="tcpwrappers.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="portmap.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="inetutils.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ncpfs.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="ntp.xml"/>
-  <xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="net-tools.xml"/>
 
 </chapter>

Added: trunk/BOOK/basicnet/netprogs/samba3-client.xml
===================================================================
--- trunk/BOOK/basicnet/netprogs/samba3-client.xml	2005-06-05 21:06:40 UTC (rev 4550)
+++ trunk/BOOK/basicnet/netprogs/samba3-client.xml	2005-06-05 22:26:10 UTC (rev 4551)
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
+   "http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd" [
+  <!ENTITY % general-entities SYSTEM "../../general.ent">
+  %general-entities;
+]>
+
+<sect1 id="samba3-client">
+  <?dbhtml filename="samba3-client.html"?>
+
+  <sect1info>
+    <othername>$LastChangedBy$</othername>
+    <date>$Date$</date>
+  </sect1info>
+
+  <title>Samba-&samba3-version; Client</title>
+
+  <para>The <application>Samba</application> client utilities are used to
+  transfer files to and from, mount volumes located on or use printers
+  attached to Windows and other SMB clients. If you want to install these
+  utilities, the instructions can be found in Chapter 21 –
+  <xref linkend="samba3"/>. After performing the basic installation,
+  configure the utilities using the configuration section titled
+  <quote>Scenario 1: Minimal Standalone Client-Only Installation</quote>.</para>
+
+  <para>Note that if you only want to use these client utilities, you do
+  <emphasis>not</emphasis> need to run the server daemons and so do not need
+  the startup script and links. In accordance with good practice, only run the
+  server daemons if you actually need them. You'll find an explanation of the
+  services provided by the server daemons in the <xref linkend="samba3"/>
+  instructions.</para>
+
+</sect1>


Property changes on: trunk/BOOK/basicnet/netprogs/samba3-client.xml
___________________________________________________________________
Name: svn:keywords
   + LastChangedBy Date

Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent	2005-06-05 21:06:40 UTC (rev 4550)
+++ trunk/BOOK/general.ent	2005-06-05 22:26:10 UTC (rev 4551)
@@ -210,18 +210,19 @@
 <!ENTITY w3m-version                  "0.5.1">
 
 <!-- Chapter 18 -->
+<!ENTITY cvs-version                  "1.11.20">
+<!ENTITY inetutils-version            "1.4.2">
 <!ENTITY ncftp-version                "3.1.7">
+<!ENTITY ncpfs-version                "2.2.4">
+<!ENTITY net-tools-version            "1.60">
+<!ENTITY ntp-version                  "4.2.0">
 <!ENTITY openssh-version              "4.1p1">
+<!ENTITY portmap-version              "5beta">
 <!ENTITY rsync-version                "2.6.5">
-<!ENTITY cvs-version                  "1.11.20">
+<!ENTITY samba3-version               "3.0.14a">
 <!ENTITY subversion-version           "1.1.4">
+<!ENTITY tcpwrappers-version          "7.6">
 <!ENTITY wget-version                 "1.9.1">
-<!ENTITY tcpwrappers-version          "7.6">
-<!ENTITY portmap-version              "5beta">
-<!ENTITY inetutils-version            "1.4.2">
-<!ENTITY ncpfs-version                "2.2.4">
-<!ENTITY ntp-version                  "4.2.0">
-<!ENTITY net-tools-version            "1.60">
 
 <!-- Chapter 19 -->
 <!ENTITY traceroute-version           "1.4a12">
@@ -245,7 +246,7 @@
 <!ENTITY nfs-utils-version            "1.0.7">
 <!-- openssh (chapter 18) -->
 <!ENTITY proftpd-version              "1.2.10">
-<!ENTITY samba3-version               "3.0.14a">
+<!-- samba3 (chapter 18) -->
 <!ENTITY vsftpd-version               "2.0.1">
 <!ENTITY xinetd-version               "2.3.13">
 

Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml	2005-06-05 21:06:40 UTC (rev 4550)
+++ trunk/BOOK/introduction/welcome/changelog.xml	2005-06-05 22:26:10 UTC (rev 4551)
@@ -25,6 +25,15 @@
   <itemizedlist>
 
     <listitem>
+      <para>June 5th, 2005 [randy]: Created Samba client instruction page,
+      suggested by Alexander Patrakov; added additional configuration text to
+      the Samba server instructions, submitted by Alexander Patrakov; added
+      SWAT (without Stunnel) configuration instructions to the Samba server
+      instructions, suggested by Jim Gifford; removed Stunnel as a dependency
+      of the Samba package.</para>
+    </listitem>
+
+    <listitem>
       <para>June 5th, 2005 [bdubbs]: Integrated system uid and gid values
       into individual packages.</para>
     </listitem>

Modified: trunk/BOOK/server/major/samba3.xml
===================================================================
--- trunk/BOOK/server/major/samba3.xml	2005-06-05 21:06:40 UTC (rev 4550)
+++ trunk/BOOK/server/major/samba3.xml	2005-06-05 22:26:10 UTC (rev 4551)
@@ -71,8 +71,8 @@
     <xref linkend="mysql"/> or <xref linkend="postgresql"/>,
     <xref linkend="python"/>,
     <xref linkend="xinetd"/>,
-    <ulink url="http://valgrind.kde.org/">Valgrind</ulink> and
-    <xref linkend="stunnel"/> (used to encrypt access to SWAT)</para>
+    <xref linkend="xfs"/> and
+    <ulink url="http://valgrind.kde.org/">Valgrind</ulink></para>
 
   </sect2>
 
@@ -186,64 +186,180 @@
     </sect3>
 
     <sect3>
-      <title>Configuration Information</title>
+      <title>Printing to SMB Clients</title>
 
-      <para>The installation commands installed a default configuration file
-      which you can use as an example to set the values for your system and
-      network. At a minimum, ensure you set the following value to an
-      appropriate setting for your network in the
-      <filename>/etc/samba/smb.conf</filename> configuration file:</para>
+      <para>If you use <application>CUPS</application> for print services,
+      and you wish to print to a printer attached to an SMB client, you
+      need to create an SMB backend device. To create the device, issue the
+      following command as the <systemitem class="username">root</systemitem>
+      user:</para>
 
-<screen><literal>workgroup = <replaceable>WORKGROUP</replaceable></literal></screen>
+<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen>
 
-      <para>Also, for non-English locales, ensure the following values are
-      set properly in the [global] section:</para>
-
-<screen><literal>dos charset = <replaceable>cp850</replaceable>
-unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen>
-
     </sect3>
 
     <sect3>
-      <title>Configuration Overview and Available Documentation</title>
+      <title>Configuration Information</title>
 
       <para>Due to the complexity and the many various uses for
-      <application>Samba</application>, complete configuration is well beyond
-      the scope of the BLFS book. Advanced configurations including setting up
-      Primary and Backup Domain Controllers are advanced topics and cannot be
-      adequately covered in BLFS (it should be noted, however, that a
-      <application>Samba</application> BDC cannot be used as a fallback for a
-      <application>Windows</application> PDC, and conversely, a
-      <application>Windows</application> BDC cannot be used as a
-      fallback for a <application>Samba</application> PDC). Many
-      complete books have been written on these topics alone.</para>
+      <application>Samba</application>, complete configuration for all the
+      package's cababilities is well beyond the scope of the BLFS book. This
+      section provides instructions to configure the
+      <filename>/etc/samba/smb.conf</filename> file for two common scenarios.
+      The complete contents of <filename>/etc/samba/smb.conf</filename> will
+      depend on the purpose of <application>Samba</application> 
+      installation.</para>
 
-      <para>There is quite a bit of documentation available which covers many
-      of these advanced configurations. Point your web browser to the links
-      below to view some of the documentation included with the
-      <application>Samba</application> package:</para>
+      <note>
+        <para>You may find it easier to copy the configuration parameters shown
+        below into an empty <filename>/etc/samba/smb.conf</filename> file
+        instead of copying and editing the default file as mentioned in the
+        <quote>Command Explanations</quote> section. How you create/edit the
+        <filename>/etc/samba/smb.conf</filename> file will be left up to
+        you. Do ensure the file is only writeable by the
+        <systemitem class="username">root</systemitem> user (mode 644).</para>
+      </note>
 
-      <itemizedlist spacing='compact'>
-        <listitem>
-          <para>Using Samba, 2nd Edition; a popular book published by O'Reilly
-          <ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
-        </listitem>
-        <listitem>
-          <para>The Official Samba HOWTO and Reference Guide <ulink
-          url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
-          </para>
-        </listitem>
-        <listitem>
-          <para>Samba-3 by Example
-          <ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/>
-          </para>
-        </listitem>
-        <listitem>
-          <para>The Samba-3 man Pages
-          <ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
-        </listitem>
-      </itemizedlist>
+      <sect4>
+        <title>Scenario 1: Minimal Standalone Client-Only Installation</title>
 
+        <para>Choose this variant if you only want to transfer files using 
+        <command>smbclient</command>, mount Windows shares and print to Windows
+        printers, and don't want to share your files and printers to Windows 
+        machines.</para>
+
+        <para>A <filename>/etc/samba/smb.conf</filename> file with the following
+        three parameters is sufficient:</para>
+
+<screen role='root'><literal>[global]
+    workgroup = <replaceable>MYGROUP</replaceable>
+    dos charset = <replaceable>cp850</replaceable>
+    unix charset = <replaceable>ISO-8859-1</replaceable></literal></screen>
+
+        <para>The values in this example specify that the computer belongs to a
+        Windows workgroup named
+        <quote><replaceable>MYGROUP</replaceable></quote>, uses the
+        <quote><replaceable>cp850</replaceable></quote> character set on the
+        wire when talking to MS-DOS and MS Windows 9x, and that the filenames
+        are stored in the <quote><replaceable>ISO-8859-1</replaceable></quote>
+        encoding on the disk. Adjust these values appropriately for your
+        installation. The <quote>unix charset</quote> value must be the same as
+        the output of <command>locale charmap</command> when executed with the
+        <envar>LANG</envar> variable set to your preferred locale, otherwise the
+        <command>ls</command> command may not display correct filenames of
+        downloaded files.</para>
+
+        <para>There is no need to run any <application>Samba</application>
+        servers in this scenario, thus you don't need to install the provided
+        bootscripts.</para>
+
+      </sect4>
+
+      <sect4>
+        <title>Scenario 2: Standalone File/Print Server</title>
+
+        <para>Choose this variant if you want to share your files and printers
+        to Windows machines in your workgroup in addition to the capabilities
+        described in Scenario 1.</para>
+
+        <para>In this case, the <filename>/etc/samba/smb.conf.default</filename>
+        file may be a good template to start from. Also add 
+        <quote>dos charset</quote> and <quote>unix charset</quote> parameters
+        to the <quote>[global]</quote> section as described in Scenario 1 in
+        order to prevent filename corruption.</para>
+
+        <para>The following configuration file creates a separate share for each
+        user's home directory and also makes all printers available to Windows
+        machines:</para>
+
+<screen role='root'><literal>[global]
+    workgroup = <replaceable>MYGROUP</replaceable>
+    dos charset = <replaceable>cp850</replaceable>
+    unix charset = <replaceable>ISO-8859-1</replaceable>
+
+[homes]
+    comment = Home Directories
+    browseable = no
+    writable = yes
+
+[printers]
+    comment = All Printers
+    path = /var/spool/samba
+    browseable = no
+    guest ok = no
+    printable = yes</literal></screen>
+
+        <para>Other parameters you may wish to customize in the 
+        <quote>[global]</quote> section include:</para>
+
+<screen role='root'><literal>    server string =
+    security =
+    hosts allow =
+    load printers =
+    log file =
+    max log size =
+    socket options =
+    local master =</literal></screen>
+
+        <para>Reference the comments in the
+        <filename>/etc/samba/smb.conf.default</filename> file for information
+        regarding these parameters.</para>
+
+        <para>Since the <command>smbd</command> and <command>nmbd</command>
+        daemons are needed in this case, install the <filename>samba</filename>
+        bootscript. Be sure to run <command>smbpasswd</command> (with the
+        <option>-a</option> option to add users) to enable and
+        set passwords for all accounts that need
+        <application>Samba</application> access, or use the SWAT web interface
+        (see below) to do the same. Using the default
+        <application>Samba</application> passdb backend, any user you attempt
+        to add will also be required to exist in the
+        <filename>/etc/passwd</filename> file.</para>
+
+      </sect4>
+
+      <sect4>
+        <title>Advanced Requirements</title>
+
+        <para>More complex scenarios involving domain control or membership are
+        possible if the right flags are passed to the ./configure script when
+        the package is built. Such setups are advanced topics and cannot be
+        adequately covered in BLFS. Many complete books have been written on
+        these topics alone. It should be noted, however, that a
+        <application>Samba</application> BDC cannot be used as a fallback
+        for a Windows PDC, and conversely, a Windows BDC cannot be used as a
+        fallback for a <application>Samba</application> PDC. Also in some
+        domain mambership scenarios, the <command>winbindd</command> daemon and
+        the corresponding bootscript are needed.</para>
+
+        <para>There is quite a bit of documentation available which covers many
+        of these advanced configurations. Point your web browser to the links
+        below to view some of the documentation included with the
+        <application>Samba</application> package:</para>
+
+        <itemizedlist spacing='compact'>
+          <listitem>
+            <para>Using Samba, 2nd Edition; a popular book published by O'Reilly
+            <ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
+          </listitem>
+          <listitem>
+            <para>The Official Samba HOWTO and Reference Guide <ulink
+            url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
+            </para>
+          </listitem>
+          <listitem>
+            <para>Samba-3 by Example
+            <ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/>
+            </para>
+          </listitem>
+          <listitem>
+            <para>The Samba-3 man Pages
+            <ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
+          </listitem>
+        </itemizedlist>
+
+      </sect4>
+
     </sect3>
 
     <sect3 id="samba3-swat-config">
@@ -254,50 +370,62 @@
       the <application>Samba</application> installation, but because it may
       be inconvenient, undesireable or perhaps even impossible to gain
       access to the console, BLFS recommends setting up access to SWAT using
-      <application>Stunnel</application>.</para>
+      <application>Stunnel</application>. Without
+      <application>Stunnel</application>, the
+      <systemitem class="username">root</systemitem> password is transmitted
+      in clear text over the wire, and is considered an unacceptable security
+      risk. After considering the security implications of using SWAT without
+      <application>Stunnel</application>, and you still wish to implement SWAT
+      without it, instructions are provided at this end of this section.</para>
 
       <indexterm zone="samba3 samba3-swat-config">
         <primary sortas="g-SWAT">SWAT</primary>
       </indexterm>
 
-      <para>First you must add entries to <filename>/etc/services</filename>
-      and modify the <command>inetd</command>/<command>xinetd</command>
-      configuration.</para>
+      <sect4>
+        <title>Setting up SWAT using Stunnel</title>
 
-      <indexterm zone="samba3 samba3-swat-config">
-        <primary sortas="e-etc-services">/etc/services</primary>
-      </indexterm>
+        <para>First install, or ensure you have already installed, the
+        <xref linkend="stunnel"/> package.</para>
 
-      <indexterm zone="samba3 samba3-swat-config">
-        <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
-      </indexterm>
+        <para>Next you must add entries to <filename>/etc/services</filename>
+        and modify the <command>inetd</command>/<command>xinetd</command>
+        configuration.</para>
 
-      <indexterm zone="samba3 samba3-swat-config">
-        <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
-      </indexterm>
+        <indexterm zone="samba3 samba3-swat-config">
+          <primary sortas="e-etc-services">/etc/services</primary>
+        </indexterm>
 
-      <para>Add swat and swat_tunnel entries to
-      <filename>/etc/services</filename> with the following commands issued
-      as the <systemitem class="username">root</systemitem> user:</para>
+        <indexterm zone="samba3 samba3-swat-config">
+          <primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary>
+        </indexterm>
 
+        <indexterm zone="samba3 samba3-swat-config">
+          <primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary>
+        </indexterm>
+
+        <para>Add swat and swat_tunnel entries to
+        <filename>/etc/services</filename> with the following commands issued
+        as the <systemitem class="username">root</systemitem> user:</para>
+
 <screen role="root"><userinput>echo "swat            901/tcp" >> /etc/services &&
 echo "swat_tunnel     902/tcp" >> /etc/services</userinput></screen>
 
-      <para>If <command>inetd</command> is used, the following command will
-      add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as
-      user <systemitem class="username">root</systemitem>):</para>
+        <para>If <command>inetd</command> is used, the following command will
+        add the swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as
+        user <systemitem class="username">root</systemitem>):</para>
 
 <screen role="root"><userinput>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
     >> /etc/inetd.conf</userinput></screen>
 
-      <para>Issue a <command>killall -HUP inetd</command> to reread the
-      changed <filename>inetd.conf</filename> file.</para>
+        <para>Issue a <command>killall -HUP inetd</command> to reread the
+        changed <filename>inetd.conf</filename> file.</para>
 
-      <para>If you use <command>xinetd</command>, the following command will
-      create the <application>Samba</application> file as
-      <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify
-      or remove the <quote>only_from</quote> line to include the desired
-      host[s]):</para>
+        <para>If you use <command>xinetd</command>, the following command will
+        create the <application>Samba</application> file as
+        <filename>/etc/xinetd.d/swat_tunnel</filename> (you may need to modify
+        or remove the <quote>only_from</quote> line to include the desired
+        host[s]):</para>
 
 <screen role="root"><userinput>cat >> /etc/xinetd.d/swat_tunnel << "EOF"
 <literal># Begin /etc/xinetd.d/swat_tunnel
@@ -316,20 +444,20 @@
 # End /etc/xinetd.d/swat_tunnel</literal>
 EOF</userinput></screen>
 
-      <indexterm zone="samba3 samba3-swat-config">
-        <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary>
-      </indexterm>
+        <indexterm zone="samba3 samba3-swat-config">
+          <primary sortas="e-etc-xinetd.d-swat-tunnel">/etc/xinetd.d/swat_tunnel</primary>
+        </indexterm>
 
-      <para>Issue a <command>killall -HUP xinetd</command> to reread the
-      changed <filename>xinetd.conf</filename> file.</para>
+        <para>Issue a <command>killall -HUP xinetd</command> to read the new
+        <filename>/etc/xinetd.d/swat_tunnel</filename> file.</para>
 
-      <para>Next, you must add an entry for the swat service to the
-      <filename>/etc/stunnel/stunnel.conf</filename> file (as user
-      <systemitem class="username">root</systemitem>):</para>
+        <para>Next, you must add an entry for the swat service to the
+        <filename>/etc/stunnel/stunnel.conf</filename> file (as user
+        <systemitem class="username">root</systemitem>):</para>
 
-      <indexterm zone="samba3 samba3-swat-config">
-        <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
-      </indexterm>
+        <indexterm zone="samba3 samba3-swat-config">
+          <primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
+        </indexterm>
 
 <screen role="root"><userinput>cat >> /etc/stunnel/stunnel.conf << "EOF"
 <literal>[swat]
@@ -338,8 +466,8 @@
 
 EOF</userinput></screen>
 
-      <para>Restart the <command>stunnel</command> daemon using the following
-      command as the <systemitem class="username">root</systemitem> user:</para>
+        <para>Restart the <command>stunnel</command> daemon using the following
+        command as the <systemitem class="username">root</systemitem> user:</para>
 
 <screen role="root"><userinput>/etc/rc.d/init.d/stunnel restart</userinput></screen>
 
@@ -349,6 +477,68 @@
       used with <application>Stunnel</application> for
       <replaceable>[CA_DN_field]</replaceable>.</para>
 
+      </sect4>
+
+      <sect4>
+        <title>Setting up SWAT without Stunnel</title>
+
+        <warning>
+          <para>BLFS does not recommend using these procedures because of the
+          security risk involved. However, in a home network environment and
+          disclosure of the root password is an acceptable risk, the following
+          instructions are provided for your convenience.</para>
+        </warning>
+
+        <para>Add a swat entry to <filename>/etc/services</filename> with the
+        following command issued as the 
+        <systemitem class='username'>root</systemitem> user:</para>
+
+<screen role='root'><userinput>echo "swat            901/tcp" >> /etc/services</userinput></screen>
+
+        <para>If <command>inetd</command> is used, the following command
+        issed as the <systemitem class='username'>root</systemitem> user will
+        add a swat entry to the <filename>/etc/inetd.conf</filename> file:</para>
+
+<screen role='root'><userinput>echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \
+    >> /etc/inetd.conf</userinput></screen>
+
+        <para>Issue a <command>killall -HUP inetd</command> to reread the
+        changed <filename>inetd.conf</filename> file.</para>
+
+        <para>If <command>xinetd</command> is used, the following command
+        issued as the <systemitem class='username'>root</systemitem> user
+        will create an <filename>/etc/xinetd.d/swat</filename> file:</para> 
+
+<screen role='root'><userinput>cat >> /etc/xinetd.d/swat << "EOF"
+<literal># Begin /etc/xinetd.d/swat
+
+service swat
+{
+    port            = 901
+    socket_type     = stream
+    wait            = no
+    only_from       = 127.0.0.1
+    user            = root
+    server          = /usr/sbin/swat
+    log_on_failure  += USERID
+}
+
+# End /etc/xinetd.d/swat</literal>
+EOF</userinput></screen>
+
+        <para>Issue a <command>killall -HUP xinetd</command> to read the
+        new <filename>/etc/xinetd.d/swat</filename> file.</para>
+
+        <para>SWAT can be launched by pointing your web browser to
+        http://localhost:901.</para>
+
+      </sect4>
+
+    </sect3>
+
+    <sect3>
+      <title/>
+
       <note>
         <para>If you linked <application>Linux-PAM</application> into the
         <application>Samba</application> build, you'll need to create an
@@ -361,19 +551,6 @@
 
     </sect3>
 
-    <sect3>
-      <title>Printing to SMB Clients</title>
-
-      <para>If you use <application>CUPS</application> for print services,
-      and you wish to print to a printer attached to an SMB client, you
-      need to create an SMB backend device. To create the device, issue the
-      following command as the <systemitem class="username">root</systemitem>
-      user:</para>
-
-<screen role="root"><userinput>ln -v -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</userinput></screen>
-
-    </sect3>
-
     <sect3 id="samba3-init">
       <title>Boot Script</title>
 
@@ -394,6 +571,20 @@
         <primary sortas="f-winbind">winbind</primary>
       </indexterm>
 
+      <para>The default <application>Samba</application> installation uses the
+      <systemitem class='username'>nobody</systemitem> user for guest access
+      to the server. This can be overridden by setting the
+      <option>guest account =</option> parameter in the
+      <filename>/etc/samba/smb.conf</filename> file. If you utilize the
+      <option>guest account =</option> parameter, ensure this user exists in
+      the <filename>/etc/passwd</filename> file. To use the default user,
+      issue the following commands as the
+      <systemitem class='username'>root</systemitem> user:</para>
+
+<screen><userinput>groupadd -g 99 nogroup &&
+useradd -c "Unprivileged Nobody" -d /dev/null -g nogroup \
+    -s /bin/false -u 99 nobody</userinput></screen>
+
       <para>Install the <filename>samba</filename> script with the following
       command issued as the <systemitem class="username">root</systemitem>
       user:</para>




More information about the blfs-book mailing list