SWAT expects to authenticate as root

Bug #5608 reported by Maduser
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Won't Fix
samba (Debian)
Fix Released
samba (Ubuntu)
Won't Fix

Bug Description

For the full function of SWAT you nedd a root acount, but ubuntu have normly no root acount.

Revision history for this message
Patrice Vetsel (vetsel-patrice) wrote :

May be server team had to adjust this package to work on ubuntu.

Changed in samba:
assignee: nobody → ubuntu-server
Adam Conrad (adconrad)
Changed in swat:
assignee: ubuntu-server → adconrad
Revision history for this message
Martin Bergner (martin-bergner) wrote :

what is the progress on this bug?

Changed in samba:
status: Unconfirmed → Needs Info
Revision history for this message
Philip Guyton (phil-lxnet) wrote :

Although this is not advisable from a security point of view you can use swat with the root account if you first give the root account a password. It is there it just doesn't have a password.

To give the root user a password you do:-
sudo passwd root
you will then be prompted for your normal user password in order to execute the sudo command but only if you haven't used sudo for a few minutes,
you will then see the following :-
Enter new Unix password:

this means the new root password as the user passed to "passwd" was "root"
you will then be asked to retype this new password and you are away for using swat as root.

This worked for me on a secure network with feisty (after first installing the openbsd-inetd package which can be used to launch swat)

Please note this has a baring on the system security and as such you should really understand what the implications are before doing this. But if you are on a secure network then great.

Again note that this is a bad idea as you root password will be transmitted in open text across a network if you use swat over a network, use with extrem caution and only if you know about such things.

I have added this note by way of supplying a work around. Please be advised that I am not an expert in these matters and hope that this comment might attract other more knowledgeable ones.

I hope this helps someone.

Revision history for this message
Christian Perrier (bubulle) wrote :

This is indeed Debian Bug #378454 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378454) which I'll forward to upstream, given the prevalence that Ubuntu and Debian systems now have. Hopefully we will convince upstream to change SWAT to allow alternative ways to log in (for instance, using a SMB password for root and not the UNIX password

Changed in samba:
status: Unknown → Unconfirmed
Changed in samba:
status: Unconfirmed → Confirmed
Changed in samba:
assignee: adconrad → ubuntu-server
Mathias Gug (mathiaz)
Changed in samba:
status: Incomplete → Triaged
Changed in samba:
status: Unknown → Confirmed
Revision history for this message
Nicolas Valcarcel (nvalcarcel) wrote :

Does this bug is still present on hardy?

Revision history for this message
Gerald Carter (coffeedude.jerry) wrote : Re: [Bug 5608] Re: SWAT expects to authenticate as root

Hash: SHA1

Nicolas Valcárcel (nxvl) wrote:
> Does this bug is still present on hardy?

Yes. This is not a bug but by design in SWAT.

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Chuck Short (zulcss)
Changed in samba:
importance: Medium → Low
Revision history for this message
Paul Smith (psmith-gnu) wrote :

This is unquestionably a bug in the Ubuntu SWAT package. If you can't log into SWAT as an administrator on a standard Ubuntu system, then the package is broken.

Not only that, but the Importance level of "Low" is wrong, since the package is not functional as installed.

If the SWAT developers cannot or will not change the software to allow the Ubuntu admin model to work properly, then the Ubuntu developers need to make those changes to the package on their own. If they can't or don't want to, then SWAT should be dropped as a supported Ubuntu package as it cannot be implemented correctly in Ubuntu. It can be added to universe or similar instead.

At the very, very least there should be something added to the SWAT package that pops up a message dialog when it is installed, explaining the situation to the user and describing how to work around it.

Revision history for this message
Ane-Pieter Wieringa (critx) wrote :

The workaround is very simple. Just change the rights of the smb.conf file. The group should be adm and the rights for the group should be set to rw. In commands:
sudo chgrp adm /etc/samba/smb.conf
sudo chmod g+w /etc/samba/smb.conf
Then it works for me.

And yes, IMHO it is a bug in the swat package.

Thierry Carrez (ttx)
Changed in samba (Ubuntu):
assignee: Ubuntu Server Team (ubuntu-server) → nobody
Revision history for this message
Clownfishy (clownfishy) wrote :

Still a problem with 10.10 beta. Ane-Pieter Wieringa's work around works though.

Revision history for this message
mkalkbrenner (markus-kalkbrenner) wrote :

Workaround from #8 solved the issue for me in ubuntu 10.10. But I don't know if this causes any unwanted side effects.

BTW it seems really strange to me that this issue exists since more than four years now! It's impossible to use SWAT out of the box on ubuntu unless you searched the web.

Changed in samba:
importance: Unknown → Wishlist
Changed in samba (Debian):
status: Confirmed → Fix Released
Revision history for this message
fred.thomas (fred-thomas-5of9au84) wrote :

Workaround from #8 (Ane-Pieter Wieringa) also solved the issue for me in Xubuntu 12.04.
Thanks for the workaround although the "status: Confirmed → Fix Released" should really be "status: Confirmed → Workaround Released" IMHO.

Changed in samba:
status: Confirmed → Won't Fix
Revision history for this message
Jelmer Vernooij (jelmer) wrote :

SWAT has been discontinued.

Changed in samba (Ubuntu):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.