SWAT problem

[DrGeoff]

I need help getting SWAT running. I am a new user of FreeBSD, reasonably experienced in using Windows but with little knowledge of networks. The idea of getting a little server was to teach myself a little bit more.

I have installed FreeBSD 9 from a memorystick image. I have compiled Samba 3.6 with the SWAT option selected. I have accepted the default suggestions during the make process. I have edited

/etc/rc.conf: samba_enable="YES"

(I have also tried samba_config="/usr/local/etc/smb.conf", winbindd_enable="NO", swat_enable-"YES", as suggested on some websites)

/etc/inetd.conf : swat stream tcp ...

/usr/local/etc/smb.conf : I've set workgroup, hosts allow, added a private share

I have confirmed that /etc/services has 901 for swat

I have added a Samba user.

(All of the above from the Samba manual or from various tutorials on the web. I have used the Samba manual to confirm that swat and its support files are installed.)

I can use shared directories from Windows machines on the network, but when I try to use swat from a Windows machine by http://192.168.1.30:901 I get "Could not connect to remote server" (Opera) or "The remote device or resource won't accept the connection" (Internet Explorer).

(I have confirmed the IP address with ifconfig.)

I have installed X11 and Opera on the FreeBSD server and tried "http://localhost:901" and this time get "Connection closed by remote server".

I have not loaded any other software and I assume there's no firewall installed and activated by the default installation process. I have de-installed Samba and re-installed using pkg_add -r samba36. The end result is unchanged.

I can find no-one else with this problem on Google searches, so I am forced to ask for help from the forum or give up on FreeBSD because I can't spend more time re-installing everything a fourth time. I must be missing something obvious because Samba is such a popular package there would be others complaining about the same thing.

Any suggestions welcomed. Thanks.

 

[wblock@]

Please read http://forums.freebsd.org/showthread.php?t=8816 about using tags for markup in your messages.

Generally, stick to the Handbook suggestions. For Samba, they are here. Don't combine them with settings from other web sites.

Don't reinstall. That's a bad habit from Windows.

So the problem is swat doesn't run. Have you tried running it manually?

 

[DrGeoff]

Thank you very much for replying and for your guidance.

I have removed the non-handbook lines from the .conf files. I had to re-make Samba because my last install, using pkg_add, had not included swat. I won't do it again.

Checking through the web to see how you start swat manually (different keywords to my previous searches), I did find a few other postings like mine (such as this), though no solutions.

I assume that you start swat by typing "swat" at the command line. I have done this from the root directory and the directory that swat lies in. The cursor drops to the next line without the prompt and waits until either I interrupt it with Ctrl-c, or the cursor re-appears of its own accord some minutes later with Alarm clock written.

elockwood# swat
Alarm clock
elockwood#

There is no local or remote access during this time or afterwards. I have found a log file that may show the problem:

[2012/12/01 10:41:22.454779,  2] lib/interface.c:341(add_interface)
  added interface bge0 ip=192.168.1.30 bcast=192.168.1.255 netmask=255.255.255.0
[2012/12/01 10:41:22.460480,  2] lib/tallocmsg.c:124(register_msg_pool_usage)
  Registered MSG_REQ_POOL_USAGE
[2012/12/01 10:41:22.460970,  2] lib/dmallocmsg.c:78(register_dmalloc_msgs)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2012/12/01 10:41:22.462452,  3] web/cgi.c:574(only_ipaddrs_in_list)
  only_ipaddrs_in_list: list has non-ip address (192.168.1.)
[2012/12/01 10:41:22.462713,  3] web/cgi.c:608(check_access)
  check_access: hostnames in host allow/deny list.
[2012/12/01 10:41:22.463195,  0] lib/util_sock.c:1067(get_peer_addr_internal)
  getpeername failed. Error was Socket operation on non-socket
[2012/12/01 10:41:22.464447,  0] lib/util_sock.c:1067(get_peer_addr_internal)
  getpeername failed. Error was Socket operation on non-socket
[2012/12/01 10:41:22.464940,  1] lib/util_sock.c:1257(get_peer_name)
  get_peer_name: getnameinfo failed for 0.0.0.0 with error ai_family not supported
[2012/12/01 10:41:22.465933,  0] lib/access.c:338(allow_access)
  Denied connection from UNKNOWN (0.0.0.0)
[2012/12/01 10:41:22.466183,  0] web/cgi.c:622(check_access)
[2012/12/01 10:41:22.466430,  0] lib/util_sock.c:1067(get_peer_addr_internal)
  getpeername failed. Error was Socket operation on non-socket
[2012/12/01 10:41:22.466687,  0] lib/util_sock.c:1067(get_peer_addr_internal)
  getpeername failed. Error was Socket operation on non-socket
[2012/12/01 10:41:22.467160,  1] lib/util_sock.c:1257(get_peer_name)
  get_peer_name: getnameinfo failed for 0.0.0.0 with error ai_family not supported
  Denied connection from UNKNOWN (0.0.0.0)

Does that mean anything? The line in smb.conf that's probably relevant is

hosts allow 192.168.1 192.168.2 127.

I had assumed that 192.168.1 included all addresses from 192.168.1.0 to 192.168.1.255. I have left 192.168.2 in the file but I don't think it plays any role on my system.

I am running FreeBSD on a new HP N40L Proliant microserver, which has an AMD Turion II Neo inside. It is the only operating system running. The only packages installed are Samba, then Xorg and rox-filer.

If you have time to give this more thought, I'd be grateful.

 

[wblock@]

Does smb.conf allow entering IP addresses in that format? This seems to suggest it does not:

[2012/12/01 10:41:22.462452,  3] web/cgi.c:574(only_ipaddrs_in_list)
  only_ipaddrs_in_list: list has non-ip address (192.168.1.)

A quick search found Samba Server Security, which shows an example of setting hosts allow to either a standard dotted quad, or using a netmask.

127/8 should not be included unless you have a specific reason. Just the localhost address should be enough.

So yours would become

hosts allow 192.168.1.0/24 192.168.2.0/24 127.0.0.1

That may not be the only problem, but one thing at a time.

 

[DrGeoff]

Thank you wblock@

I have changed the hosts allow line in smb.conf but it makes no difference to the attempts to run swat from Opera on remote or local machines. There are no new entries in the logs at /var/samba when trying to log on remotely. The error file /usr/local/etc/log. seems to be generated only when you attempt to run swat directly. That has again generated an error message when I have typed swat:

[2012/12/01 17:44:49.600444,  0] lib/util_sock.c:1067(get_peer_addr_internal)
  getpeername failed. Error was Socket operation on non-socket
[2012/12/01 17:44:49.605204,  0] lib/access.c:338(allow_access)
  Denied connection from  (0.0.0.0)
[2012/12/01 17:44:49.605239,  0] web/cgi.c:622(check_access)
[2012/12/01 17:44:49.605458,  0] lib/util_sock.c:1067(get_peer_addr_internal)
  getpeername failed. Error was Socket operation on non-socket
  Denied connection from  (0.0.0.0)

I wondered whether the fact that the two computers are linked through a switch rather than a router could be the cause, but problem persists when I use the same machine and use http://localhost:901 (I am typing that verbatim - I hope I'm not meant to substitute 'localhost' with the computer name)

 

[DrGeoff]

Sorry - I clicked 'Submit' when I meant to hit 'Preview'.

Not that I had much else to say. I just hadn't checked it properly. I'm still stuck. Perhaps you or someone else can spot the significance of the difference in the log entries.

I am grateful that you are bothering to look at this for me.

 

[Anonymous]

swat(8)() is not a networking capable daemon. As its man page tells:

... swat is run from inetd(8)() ...

This means, besides from compiling samba(7)() with the swat option enabled, you need to setup /etc/inetd.conf.

# cd /usr/ports/net/samba36
remove previous installs
# make deinstall
select the SWAT option
# make config
# make install clean

# echo "swat stream tcp nowait.400 root /usr/local/sbin/swat swat" >> /etc/inetd.conf

In addition, you need to enable /usr/sbin/inetd in /etc/rc.conf:
# echo "inetd_enable="YES" >> /etc/rc.conf

Finally start inetd and check if everything is working as expected:
# service inetd start

Because inetd is enabled in rc.conf, it (and swat with it) should be active also after restarting the computer.

 

[DrGeoff]

Well, well! Does it say to enable inetd in rc.conf anywhere in the Samba manual? I must have missed it, or maybe it's too obvious to everyone else to write it down. Anyway, that is the magic bullet and I can run swat from a remote computer now.

Thanks both to rolfheinrich and wblock@ for giving me their time. I am grateful.

 

[Anonymous]

Well, well! Does it say to enable inetd in rc.conf anywhere in the Samba manual? ...

Well, inetd is a quite outdated technology, and already for some years it is disabled by default. People start to forget it.

 

[wblock@]

Please enter a PR to add mention of enabling inetd to the Handbook Samba section.

 

[wblock@]

Update: Thanks for entering the PR (PR docs/174045). I added a note that inetd(8) must be enabled and a reference to the section that shows how to enable it. The changes should be visible in the Handbook in a few hours.