IPChians and smb_auth

Jason Cook jasonc at dsgtech.com
Thu Sep 21 17:31:31 GMT 2000

Off the top of my head, no.  I don't think there is any way with smb_auth   
to gather any info about groups.  Maybe its possible to grab group
membership info from the domain controller via rpcclient.  But even that way 
may not be what you want.  You're going to have to grab that info, figure    
out the user's host name or ip address and enter that into your ipchains
rules.  Provided you can get the group info, that shouldn't be terribly

Another option is to force them to go through a proxy.  Squid can use
multiple methods for authentication including PAM and flat files.  Downside 
is the squid proxy doesn't know who the user is without them entering their 
user name and password again.  IIRC there is a module for apache out there   
that knows how to grab the correct credentials from the client, it might be 
possible to adapt this to squid.

On Thu, Sep 21, 2000 at 12:23:31AM +0800, Andy W. K. Chan wrote:
> Can I use smb_auth to allow the NT Groups accessing Internet or not ?

Jason Cook
PGP Fingerprint: D531 F4F4 BDBF 41D1 514D  F930 FD03 262E 5120 BEDD
PGP Key: http://dayton.net/~dsg/pgp.html

Don't hate yourself in the morning - sleep till noon. 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000921/9d831950/attachment.bin

More information about the samba-ntdom mailing list