SWAT and SSL for Samba

SWAT and SSL for Samba

SWAT and SSL

Lots of people have asked about how to setup SWAT with SSL to allow for secure remote administration of Samba. Here is a method that works, courtesy ofMarkus Krieger

My modifications to the swat setup are as following:

install OpenSSL

generate certificate and private key

root# /usr/bin/openssl req -new -x509 -days 365 -nodes -config /usr/share/doc/packages/stunnel/stunnel.cnf -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

remove swat-entry from [x]inetd

start stunnel

root# stunnel -p /etc/stunnel/stunnel.pem -d 901 -l /usr/local/samba/bin/swat swat

afterwards i simply contact swat by using the URL "https://myhost:901", accept the certificate and the SSL connection is up

Sources:

stunnel: http://www.stunnel.org/

openssl: http://www.openssl.org/