Swat / Ssl

DAssassin · #1 13th December 2004, 07:32 AM

I'll be referring to a section in the samba.org FAQ - http://us1.samba.org/samba/docs/man/...html#id2593137 (Securing SWAT through SSL)

I've setup SWAT to be enabled with SSL per the samba.org FAQ. Samba is setup, I have manually setup my own config. I configured OpenSSL, SWAT and stunnel to work correctly with FC3, in order to follow instructions in their FAQ. I have done the following (a few modifications on second command to fit my swat path):

Code:

root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \
	/usr/share/doc/packages/stunnel/stunnel.cnf \
	-out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

root# stunnel /etc/stunnel/stunnel.conf -p /etc/stunnel/stunnel.pem -d 901 \
	 -l /usr/sbin/swat swat

Problem: When I try to access https://fcserver:901/ I get a Cannot find server error. fcserver is my hostname, I can access my webserver through http://fcserver/ just fine.

Now it says that I don't need to add information to my xinet.d configuration file, so I did not. SWAT is enabled, and I have also flipped on the services dc_client and dc_server to no avail, because they are related to SSL according to the description.

I am stumped.

Jman · #2 13th December 2004, 10:23 PM

You did edit /etc/xinetd.d/swat and change disable to no, correct?

You also changed the only_from option to something other than 127.0.0.1?

DAssassin · #3 14th December 2004, 12:57 AM

disable = no

only_from, I have tested with both options *, and 192.168.0.3 (the computer I'm accessing from)

Still a Cannot Find Server

DAssassin · #4 14th December 2004, 02:41 AM

I should probably add that http://fcserver:901/ works fine, just not https://fcserver:901/

I've modified the following though:

Code:

only_from = 127.0.0.1 192.168.0

jeru · #5 15th December 2004, 12:22 AM

Your configuration is wrong

should be only_from 127.0.0.1 192.168.0.0

that is of course if you truely do have it setup

nmap localhost

to see if 901 is open and going

DAssassin · #6 15th December 2004, 03:35 AM

901 is open, and I have changed the configuration with no difference.

Code:

service swat
{
        disable = no
        port            = 901
        socket_type     = stream
        wait            = no
        only_from       = 127.0.0.1 192.168.0.0
        user            = root
        server          = /usr/sbin/swat
        log_on_failure  += USERID
}

And again, http:// works for swat, just not https://, however ssl does work with standard Apache access.