Install and configure Samba with Stunnel in Linux

[root@server~]# yum install samba*

 [root@server~]# vim /etc/samba/smb.conf

 [root@server~]# chcon -t samba_share_t  /your shared directory

 [root@server~]# testparm # check ur config file

 [root@server~]# service smb start

 [root@server~]# service nmb start

 [root@server~]# service winbind start

[root@server~]# Chkconfig smb on

[root@server~]# Chkconfig nmb on

[root@server~]# chkconfig winbind on

[root@server~]# pgrep smb                       #test whether the smb process is running

 >>>>>>>>>>>>>>>>Configure swat for samba>>>>>>>>>>>>>>>>>>>>>>>>>

[root@server~]# vim /etc/xinetd.d/swat

service swat


        disable            = no

        port                 = 901

        socket_type     = stream

        wait                 = no

        protocol           = tcp

        only_from       = localhost or any other ip from which u want to access swat

        user                 = root

        server              = /usr/sbin/swat

        log_on_failure  += USERID


[root@server~]# service xinetd restart

[root@server~]# chkconfig xinetd on

[root@server~]# chkconfig swat on

enter “” in your browser to get the login screen of swat on samba server

 >>>>>>>>>>>>>>>>>>>>>>Encrypting SWAT>>>>>>>>>>>>>>>>>>>>>>>>>

[root@server~]# yum install stunnel*

[root@server~]# useradd stunnel

[root@server~]# cd /etc/pki/tls/certs

[root@server~]# make stunnel.pem

[root@server~]# chmod 640 stunnel.pem

[root@server~]# chgrp stunnel stunnel.pem

Create An /etc/stunnel/stunnel.conf Configuration File

[root@server~]# vim /etc/stunnel/stunnel.conf

# Configure stunnel to run as user “stunnel” placing temporary

# files in the /home/stunnel/ directory

chroot  = /home/stunnel/

pid     = /

setuid  = stunnel

setgid  = stunnel

 # Log all stunnel messages to /var/log/messages

debug   = 7

output  = /var/log/messages

 # Define where the SSL certificates can be found.

client  = no

cert    = /etc/stunnel/stunnel.pem

key     = /etc/stunnel/stunnel.pem

# Accept SSL connections on port 901 and tunnel it to  port 902 for swat.


accept   = 901

connect  = 902

Create A New /etc/xinetd.d File For Secure SWAT

[root@server~]# cd /etc/xinetd.d

[root@server~]# cp swat swat-stunnel

[root@server~]# vim swat-stunnel

service swat-stunnel


       port                       = 902

       socket_type           = stream

       wait                      = no

       only_from            =

       user                       = root

       server                    = /usr/sbin/swat

       log_on_failure  += USERID

       disable                  = no

       bind                      =


 Disable SWAT in the /etc/xinetd.d/swat File

[root@server~]# vim /etc/xinetd.d/swat

service swat


        disable = yes

        port                  = 901

        socket_type     = stream

        wait                   = no

        protocol            = tcp

        only_from         = localhost or any other ip from which u want to access swat

        user                  = root

        server               = /usr/sbin/swat

        log_on_failure  += USERID


Edit The /etc/services file To create a Secure SWAT entry

[root@server~]# vim /etc/services

swat-stunnel    902/tcp     # Samba Web Administration Tool (Stunnel)

[root@server~]# chkconfig swat off

[root@server~]# chkconfig swat-stunnel on

Start stunnel

[root@server~]# stunnel

To stop stunnel

[root@server~]# pkill stunnel

 Making stunnel Start at Boot Time

[root@server~]# which stunnel >> /etc/rc.local

Test Secure SWAT

root@server~]# netstat -an

Test The Secure SWAT Login

#enter this url in your browser



About Manish Jha

Hi All I am Manish Kumar Jha aka Alex Hunt. I am currently working in VMware Software India Pvt Ltd as Operations System Engineer (vCloud Air Operations). I have around 5 Years of IT experience and have exposure on VMware vSphere, vCloud Director, RHEL and modern data center technologies like Cisco UCS and Cisco Nexus 1000v and NSX. If you find any post informational to you please press like and share it across social media and leave your comments if you want to discuss further on any post. Disclaimer: All the information on this website is published in good faith and for general information purpose only. I don’t make any warranties about the completeness, reliability and accuracy of this information. Any action you take upon the information you find on this blog is strictly at your own risk. The Views and opinions published on this blog are my own and not the opinions of my employer or any of the vendors of the product discussed.
This entry was posted in Server Configuration. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s