[Samba] Internet Explorer
Richard Ssekibuule
rkayondo at ics.mak.ac.ug
Thu Oct 30 04:33:30 GMT 2003
Thanks big time for your advice.
The solution is clearer now.
Richard.
On Wednesday 29 October 2003 21:49, rruegner wrote:
> hi,
> i am not sure if i understand you in the right way but
> this are the magic to make squid use transparent
> #transproxy feature, very cool content filtering can be done with
> squidguard #iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp
> --dport 80 -j DNAT --to 10.10.10.2:3128
> #iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j
> SNAT --to 10.10.10.2
> #iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p
> tcp --dport 3128 -j ACCEPT
> for sure you have to enable additional stuff in squid.conf and change
> settings to your need in example above ( study man squid)
> as you know changing settings for ie i think is only allowed for
> powersusers ( but i am not sure at the moment )
> but in fact if your users cant change it they have no permission too.(win
> stuff)
> As i think if you want to give them the permission to change i e settings
> you have to give them
> higher prior on their local workstations.( like superuser etc.)......not
> all users are equal in their needs!
> But as i remember i had never problem with that, if you store their
> profiles in their homes on samba.( when i use this old distro setup )
> But in Version 2.2.5 there is not a valid group mapping between samba /
> unix to windows,
> therefore an for other reason (security ) you should upgrade t samba 3 (
> load it from ftp.suse.com people gd )
> than you can build a nearly equal nt4 pdc with group mapping
> match the groups with that bash script
> #!/bin/bash
>
> net groupmap modify ntgroup="Domain Admins" unixgroup=root
> net groupmap modify ntgroup="Domain Users" unixgroup=users
> net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
> net groupmap modify ntgroup="Administrators" unixgroup=ntadmin
> net groupmap modify ntgroup="Users" unixgroup=users
> net groupmap modify ntgroup="Guests" unixgroup=nobody
> net groupmap modify ntgroup="System Operators" unixgroup=sys
> net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin
> net groupmap modify ntgroup="Backup Operators" unixgroup=bin
> net groupmap modify ntgroup="Print Operators" unixgroup=lp
> net groupmap modify ntgroup="Replicators" unixgroup=daemon
> net groupmap modify ntgroup="Power Users" unixgroup=sys
>
> you can use than USRMGR.EXE for create users groups etc
> in my setup this works fine....with nt policies i am able to give
> different users/groups to different proxies and fine tune the content
> filtering ie. example adults and kids
> machine adding on the fly to samba 3 work now too
> study the new faqs for samba.
> note that the out of the boy version from suse is not valid for a good
> working pdc
> ( for 700 users you should use ldap with samba not smbpasswd )
> Good Luck
> Best Regards
>
> ----- Original Message -----
> From: "Richard K Ssekibuule" <rkayondo at ics.mak.ac.ug>
> To: <samba at lists.samba.org>
> Sent: Wednesday, October 29, 2003 7:11 PM
> Subject: [Samba] Internet Explorer
>
> > I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
> > My problem: These users cannot change their Internet explorer proxy
>
> setting.
>
> > Question: How can I grant rights to change Internet explorer settings
> > without compromising administrative security?
> >
> > My kernel cannot do transparent proxy, but I use squid to schedule users
> > Internet access.
> > The server running squid is different from the one running squid/gateway.
> >
> > Thanks in advance.
> >
> > Richard.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list