[stunnel-users] Trouble wrapping samba SWAT...
Marco Gaiarin
gaio at sv.lnf.it
Mon Jun 16 12:53:36 CEST 2014
I was used to use stunnel3 to 'wrap' swat (samba web interface) in '-P'
mode (change password), to provide to roaming users a web interface for
the password change. I'm mostly using debian.
In stunnel3 (and also for stunnel4 'till squeeze, eg stunnel
4.29-1+squeeze1) i simply put on /etc/inetd.conf:
swat stream tcp nowait.400 root /usr/bin/stunnel stunnel -l /usr/sbin/swat -- swat -P
and works as expected, providing the correct certificates in
/ets/stunnel/stunnel.pem.
Now on wheezy (4.53-1.1) that row does not work (browser complain about
wrong certificates, or something like that), so i've tried to switch to
'stunnel4' sintyax, putting:
swat stream tcp nowait root /usr/bin/stunnel4 stunnel4 /etc/stunnel/swat.conf.inetd
and in /etc/stunnel/swat.conf.inetd:
cert = /etc/ssl/certs/LNFFVGNobel.pem
key = /etc/ssl/private/LNFFVGNobel.pem
CAfile = /etc/ssl/certs/LNFFVG.pem
service = swat
exec = /usr/sbin/swat
execargs = swat -P
and now SWAT page open, i can login, but if i try to change password, i
see on samba logs a bounch of:
[2014/06/13 12:59:48.626211, 0] passdb/secrets.c:76(secrets_init)
Failed to open /var/lib/samba/secrets.tdb
obviously file exist:
root at nobel:~# ls -la /var/lib/samba/secrets.tdb
-rw------- 1 root root 20480 nov 2 2011 /var/lib/samba/secrets.tdb
the only thing i suppose is that for some reason stunnel4, run by root
in inetd, then switch to an unprivileged user before running swat,
preventing access to /var/lib/samba/secrets.tdb .
I've read docs and manpage, and also googled around, but found nothing
useful.
Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bont�, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the stunnel-users
mailing list