Securing SWAT through SSL
Many people have asked about how to set up SWAT with SSL to allow for secure remote
administration of Samba. Here is a method that works, courtesy of Markus Krieger.
Modifications to the SWAT setup are as follows:
Generate certificate and private key.
/usr/bin/openssl req -new -x509 -days 365 -nodes -config \
-out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
Remove SWAT entry from [x]inetd.
stunnel -p /etc/stunnel/stunnel.pem -d 901 \
-l /usr/local/samba/bin/swat swat
Afterward, simply connect to SWAT by using the URL
https://myhost:901, accept the certificate, and the SSL connection is up.