similar to: PROPOSAL: Remove SWAT in Samba 4.1

Hi all, I would like to use page caching on my homepage, but also want to enable people to sign in via a modal dialog sign in form. I could have a setup in which when a user lands on the cached homepage, an Ajax GET request pulls in the whole login form so that there is a fresh authenticity token. That said, besides the additional hit to the server, the CSRF token in the head area of the page

Hi folks, I am just getting into rails again after a multi-year stint of mod_perl jobs, which might grant me some newbie-indemnity for the time being - but I''ve found an issue I think warrants discussion. As discussed here - http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/ClassMethods.html - the CSRF protection feature does not kick in for GET requests. This

Since I have not been able to get swat to work when I was installing webmin I noticed that it will configure samba! Are there any pros or cons to either one? Thanks Steffan --------------------------------------------------------------- T E L 6 0 2 . 5 7 9 . 4 2 3 0 | F A X 6 0 2 . 9 7 1 . 1 6 9 4 Steffan A. Cline Steffan@ExecuChoice.net Phoenix, Az

I have tried everything that I know of. I have reviewed the services file and the swat file in xinetd.d a tun of times. It appears, via netstat that swat is listening on port 901. However when I attempt to access it via the Mozilla browser on my Fedora server (with 127.0.0.1:901 or localhost:901) nothing happens. It just sits there. However, if I access it via webmin (which has swat stored

I am running RedHat 8.0 and Samba 2.2.6. I already provided a proper xinetd file and appointed port 901 in /etc/services. What am I still missing? -------------- next part -------------- HTML attachment scrubbed and removed

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694:

Release Announcements ===================== Samba 3.5.10, 3.4.14 and 3.3.16 are security releases in order to address CVE-2011-2522 (Cross-Site Request Forgery in SWAT) and CVE-2011-2694 (Cross-Site Scripting vulnerability in SWAT). o CVE-2011-2522: The Samba Web Administration Tool (SWAT) in Samba versions 3.0.x to 3.5.9 are affected by a cross-site request forgery. o CVE-2011-2694:

The only docs I found on getting SWAT to run, showed editing the inetd.conf file. As this version of RH (7.3) only uses xinetd things don't fit exactly. I have gone through and did everything that one should do for inetd and it still will not work. I don't normally use the thing, but this client will need the more simplistic interface to add shares, etc.

Hi, I'm setting up Samba on a RH ES linux machine. I have basic functionality working and can access a share from a Windows pc. I set up smb.conf manually. I'd like to use SWAT but when I try to run it I get the error: -- The connection was refused when attempting to contact localhost:901 -- I set up the xinetd configuration file exactly as I've seen online. Webmin works fine.

Hello, I'm using Suse Linux v 7.0 Professional. I successfuly compiled Samba v 2.2.2 with the command : ./configure \ --with-pam --with-tdbsam --with-winbind \ --with-acl-support --with-smbwrapper All works except SWAT ! However, I checked if the line "swat 901/tcp" is in the file /etc/services and it's in order My file /etc/inetd.conf contains the line : swat stream tcp

To: samba@samba.org cc: From: Thomas Bail/External/CologneRe/GRN @ GRN Date: 02/03/99 08:32:52 AM Subject: Swat problem Hi everyone out there in the world, I found a small problem with SWAT. I can easily switch off Samba with SWAT, but I am not able to start Samba with SWAT using the status panel. Is that correct or am I doing something wrong. I'm using Samba 2.0.0 and the

I just loaded Mandrake 7.1 and Samba with Webmin. I can get into Webmin and make changes to the Samba server, but I'm not able to get smbd or nmbd running. When I try to get into SWAT to make changes it keeps reverting back to my login which does not allow me to make changes. Is there a way to reset this? Also, any ideas on why smdb and smdb is not running? (go easy on me. I'm new to

Hi, New to Samba. I have it working correctly with clients from Linux and W2000 workstations. However, SWAT only shows the links for "VIEW", "Passwords", "Configuration?"--no "Global". In other words, I can view my configuration but I cannot set-up or change settings, shares, etc. Specs: Samba 2.2 Debian 2.2r3 Using webmin for everything but Samba

I''m setting up a Paypal IPN listener and need the create action to not use rails'' default CSRF protection. I''ve got that working fine & test it actually works with cucumber (where I''ve turned CSRF back on, since it''s full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail

Hi users, i've some problems with the swat tool of samba. I'cant start the configuration tool but the service is running and listening. When i want to start it from browser always could not open localhost:901 when i want to open it with webmin configuration tool i must give in username and passwort :-( username : Swat password : ???? ( the root password doesn't work) could you

I'm trying to use SWAT on my Compaq Tru64 UNIX v5.1 machine running Samba 2.0.7. I'm prompted for a username/password. I read in the docs to enter root with root's passwd. This does not work. I get login failed, retry. I never get authenticated. Any ideas? Thanks, Paul Gregory UNIX & Oracle Database Admin GE Nuclear Energy paul.gregory@gnf.com

Hello all, I''ve been trying to diagnose an issue with CSRF and Firefox specifically. I''ve got an ajax based form, using UJS (yes, I have csrf_meta_tag in my layout and I''ve tried adding the X-CSRF-Token header to the ajax beforeSend events without any luck)... The form just posts some data to an ajax method that creates, saves, and sets the session for a shopper as

Dear Rails community, As part of a programming languages/security research group at the University of Maryland, we are building some static analysis tools for Rails applications. These tools work by taking formally specified properties of interest, and then analyzing code to verify that those properties indeed hold. Using these tools, we found some security vulnerabilities in Rails, and we would

Posted this on stack overflow earlier today here<http://stackoverflow.com/questions/13673969/rails-3-2-session-id-nil-until-next-request>, I really either don''t know what I''m doing, or I don''t understand how sessions are supposed to work! I''m connecting to rails from an Air app and communicating with JSON only. When the client sends a login request,

On 29/10/2019 17:48, Steve Litt via samba wrote: > On Thu, 11 Jul 2019 11:59:20 +0000 > Gerard Seibert via samba <samba at lists.samba.org> wrote: > >> I know that this has probably been asked before. As a long time user >> of Samba, I remember using SWAT to configure Samba. It did seem, at >> least to me, to simplify things. At the very least, it did prevent me,