# swat auth

## BlackWolf2k5

hi,

i got the following problem: i installed samba and xinetd. then i configured /etc/xinetd.d/swat so it looked like that:

```

# default: on

# description: SWAT is the Samba Web Admin Tool. Use swat \

#          to configure your Samba server. To use SWAT, \

#          connect to port 901 with your favorite web browser.

# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/swat.xinetd,v 1.4 2004/07/18 03:55:05 dragonheart Exp $

service swat

{

   port            = 901

   socket_type     = stream

   wait            = no

   only_from       = localhost

   user            = root

   server          = /usr/sbin/swat

   log_on_failure += USERID

   disable         = no

}

```

well, i typed "smbpasswd -a root" and set my passwort then. i accessed port 901, the login prompt appeared, i entered my data and the login prompt appeared again. long story short, i can't log into swat. i changed /etc/pam.d/samba which is said in another thread and i even deleted only_for = localhost from my /etc/xinetd.d/swat so there shouldn't be any login at all - there still is.

any solutions?

thx bw

----------

## overkll

xinetd by default only allows connections from localhost.  If you want to be able to connect to swat you need the "only_from=" in /etc/xinetd.d/swat with the ip address(s) of the machine(s) you will be connecting from.   Don't forget to restart xinetd with "/etc/init.d/swat restart".

EDIT:

Example:

```
service swat

{

        port            = 901

        socket_type     = stream

        wait            = no

        only_from       = localhost 10.0.0.2 10.0.0.3 10.0.0.10

        user            = root

        server          = /usr/sbin/swat

        log_on_failure += USERID

        disable         = no

}
```

----------

## BlackWolf2k5

nope, didn't work for me.

i changed it to 

only_from = localhost 192.168.1.215

but it still doesn't work.

but i noticed one thing:

did you mean /etc/init.d/xinitd restart when walking about the xinitd restart or did you really man swat restart? because i don't have a /etc/init.d/swat at all.

----------

## overkll

I meant "/etc/init.d/xinetd restart".  Sorry about that!  My bad.  You shouldn't need to restart swat.

----------

## BlackWolf2k5

well, still doesn't work -_-

----------

## overkll

What did you change in /etc/pam.d/samba?

----------

## BlackWolf2k5

https://forums.gentoo.org/viewtopic-t-341658-highlight-swat.html

i changed the file like it is mentioned in that thread. but it didn't work so i changed it back after trying ...

----------

## overkll

OK, what's the exact error message you get?

----------

## BlackWolf2k5

don't really get one ...

i type "localhost:901" into firefox and a login-prompt appears. i type in my name (root) and my root-password but the prompt just appears again. when i finally click cancel firefox says "404 bad Authorization: Wrong username or password" i just don't understand why. swat uses - as far as i know - the same password database as gentoo itself.

so i should be able to log in, shouldn't i?

----------

## overkll

A few things:

Did you ENABLE the root user with "smbpasswd -e root" ?

Is your system root user passwd the same as the samba root user passwd?

You may need to clear the browser cache before attempting again.

----------

## BlackWolf2k5

no i didn't enable the password.

i did now and cleared the cache - still it doesn't work.

and yes, root and samba password are the same.

----------

## overkll

AFAIK, users MUST be enabled after you add them with smbpasswd.

----------

## BlackWolf2k5

well, so i did. it still doesnt work.

----------

## overkll

Is samba up and running?

----------

## BlackWolf2k5

of course  :Very Happy: 

edit: just looked at the log. it says

auth/pampass.c:smb_pam_passcheck(810): smb_pam_auth failed - Rejecting user root !

...

----------

## overkll

Had to ask.  I'm stumped.

----------

## BlackWolf2k5

well me too. i did smbpasswd several times now - how is it possible he still rejects user root? should i try another username maybe?

----------

## tosk

I was able to get mine up and running no problems by emerging samba then xinetd, enabling swat in /etc/xinetd.d/swat, then by doing the following:

```
tosk@audioproc tosk $ sudo smbpasswd -a root

New SMB password:

Retype new SMB password:

Added user root.

tosk@audioproc tosk $ sudo smbpasswd -e root

Enabled user root.
```

After that, swat worked no problem.

----------

## BlackWolf2k5

well, like said above, i did that about a million times now - still doesn't work.

----------

## BlackWolf2k5

well, just looked up the log.swat again and this is what it says:

```

[2005/06/08 13:53:35, 0] auth/pampass.c:smb_pam_account(573)

  smb_pam_account: PAM: UNKNOWN PAM ERROR (28) during Account Management for User: root

[2005/06/08 13:53:35, 0] auth/pampass.c:smb_pam_passcheck(816)

  smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User root !

[2005/06/08 13:53:39, 0] auth/pampass.c:smb_pam_account(573)

  smb_pam_account: PAM: UNKNOWN PAM ERROR (28) during Account Management for User: root

[2005/06/08 13:53:39, 0] auth/pampass.c:smb_pam_passcheck(816)

  smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User root !

[2005/06/08 14:58:01, 0] auth/pampass.c:smb_pam_account(573)

  smb_pam_account: PAM: UNKNOWN PAM ERROR (28) during Account Management for User: root

[2005/06/08 14:58:01, 0] auth/pampass.c:smb_pam_passcheck(816)

  smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User root !

[2005/06/08 14:58:36, 0] auth/pampass.c:smb_pam_account(573)

  smb_pam_account: PAM: UNKNOWN PAM ERROR (28) during Account Management for User: root

[2005/06/08 14:58:36, 0] auth/pampass.c:smb_pam_passcheck(816)

  smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User root !

```

any solutions?

----------

## alex_dr

 *BlackWolf2k5 wrote:*   

> hi,
> 
> i got the following problem: i installed samba and xinetd. then i configured /etc/xinetd.d/swat so it looked like that:
> 
> ```
> ...

 

If your samba server is connected to NT-domain, try to add domain administrator account to samba password database and login as domain administrator.

----------

## Simsonite

I have been dealing with this very same problem.  The fix I found after noticing in the message log:

```

Nov 26 20:09:32 flsrv swat[26043]: [2005/11/26 20:09:32, 0] printing/print_cups.c:cups_cache_reload(85)

Nov 26 20:09:32 flsrv swat[26043]:   Unable to connect to CUPS server localhost - Connection refused

Nov 26 20:09:32 flsrv PAM_smbpass[26043]: user root has null SMB password

Nov 26 20:09:32 flsrv PAM_smbpass[26043]: failed auth request by root for service samba as root

Nov 26 20:09:32 flsrv swat[26043]: [2005/11/26 20:09:32, 0] auth/pampass.c:smb_pam_passcheck(810)

Nov 26 20:09:32 flsrv swat[26043]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root !

```

The password is set a null, if you check /var/lib/samba/private/smbpasswd you will see the first string is all XXXXX.  For whatever reason I cannot set any password using smbpasswd to the same as the root password.  If you do it sets it as null, so just use a different one and it works fine.  I will assume this is a security feature, and dont mind the cups error, the service is stopped.

----------

## schorsche

Is there any way I can get swat working in case I uninstalled pam, see also

http://gentoo-wiki.com/HOWTO_Remove_PAM

?

----------

