PDA

View Full Version : Swat / Ssl


DAssassin
13th December 2004, 07:32 AM
I'll be referring to a section in the samba.org FAQ - http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html#id2593137 (Securing SWAT through SSL)

I've setup SWAT to be enabled with SSL per the samba.org FAQ. Samba is setup, I have manually setup my own config. I configured OpenSSL, SWAT and stunnel to work correctly with FC3, in order to follow instructions in their FAQ. I have done the following (a few modifications on second command to fit my swat path):

root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \
/usr/share/doc/packages/stunnel/stunnel.cnf \
-out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

root# stunnel /etc/stunnel/stunnel.conf -p /etc/stunnel/stunnel.pem -d 901 \
-l /usr/sbin/swat swat

Problem: When I try to access https://fcserver:901/ I get a Cannot find server error. fcserver is my hostname, I can access my webserver through http://fcserver/ just fine.

Now it says that I don't need to add information to my xinet.d configuration file, so I did not. SWAT is enabled, and I have also flipped on the services dc_client and dc_server to no avail, because they are related to SSL according to the description.

I am stumped. :confused:

Jman
13th December 2004, 10:23 PM
You did edit /etc/xinetd.d/swat and change disable to no, correct?

You also changed the only_from option to something other than 127.0.0.1?

DAssassin
14th December 2004, 12:57 AM
disable = no

only_from, I have tested with both options *, and 192.168.0.3 (the computer I'm accessing from)

Still a Cannot Find Server

DAssassin
14th December 2004, 02:41 AM
I should probably add that http://fcserver:901/ works fine, just not https://fcserver:901/

I've modified the following though:

only_from = 127.0.0.1 192.168.0

jeru
15th December 2004, 12:22 AM
Your configuration is wrong

should be only_from 127.0.0.1 192.168.0.0

that is of course if you truely do have it setup

nmap localhost

to see if 901 is open and going

DAssassin
15th December 2004, 03:35 AM
901 is open, and I have changed the configuration with no difference.

service swat
{
disable = no
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1 192.168.0.0
user = root
server = /usr/sbin/swat
log_on_failure += USERID
}

And again, http:// works for swat, just not https://, however ssl does work with standard Apache access.

Remagen Photos on Instagram - Paveh Travel Photos on Instagram - Colombes