View Full Version : Swat / Ssl

13th December 2004, 08:32 AM
I'll be referring to a section in the samba.org FAQ - http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/SWAT.html#id2593137 (Securing SWAT through SSL)

I've setup SWAT to be enabled with SSL per the samba.org FAQ. Samba is setup, I have manually setup my own config. I configured OpenSSL, SWAT and stunnel to work correctly with FC3, in order to follow instructions in their FAQ. I have done the following (a few modifications on second command to fit my swat path):

root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config \
/usr/share/doc/packages/stunnel/stunnel.cnf \
-out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

root# stunnel /etc/stunnel/stunnel.conf -p /etc/stunnel/stunnel.pem -d 901 \
-l /usr/sbin/swat swat

Problem: When I try to access https://fcserver:901/ I get a Cannot find server error. fcserver is my hostname, I can access my webserver through http://fcserver/ just fine.

Now it says that I don't need to add information to my xinet.d configuration file, so I did not. SWAT is enabled, and I have also flipped on the services dc_client and dc_server to no avail, because they are related to SSL according to the description.

I am stumped. :confused:

13th December 2004, 11:23 PM
You did edit /etc/xinetd.d/swat and change disable to no, correct?

You also changed the only_from option to something other than

14th December 2004, 01:57 AM
disable = no

only_from, I have tested with both options *, and (the computer I'm accessing from)

Still a Cannot Find Server

14th December 2004, 03:41 AM
I should probably add that http://fcserver:901/ works fine, just not https://fcserver:901/

I've modified the following though:

only_from = 192.168.0

15th December 2004, 01:22 AM
Your configuration is wrong

should be only_from

that is of course if you truely do have it setup

nmap localhost

to see if 901 is open and going

15th December 2004, 04:35 AM
901 is open, and I have changed the configuration with no difference.

service swat
disable = no
port = 901
socket_type = stream
wait = no
only_from =
user = root
server = /usr/sbin/swat
log_on_failure += USERID

And again, http:// works for swat, just not https://, however ssl does work with standard Apache access.