IPChians and smb_auth
Jason Cook
jasonc at dsgtech.com
Thu Sep 21 17:31:31 GMT 2000
Off the top of my head, no. I don't think there is any way with smb_auth
to gather any info about groups. Maybe its possible to grab group
membership info from the domain controller via rpcclient. But even that way
may not be what you want. You're going to have to grab that info, figure
out the user's host name or ip address and enter that into your ipchains
rules. Provided you can get the group info, that shouldn't be terribly
hard.
Another option is to force them to go through a proxy. Squid can use
multiple methods for authentication including PAM and flat files. Downside
is the squid proxy doesn't know who the user is without them entering their
user name and password again. IIRC there is a module for apache out there
that knows how to grab the correct credentials from the client, it might be
possible to adapt this to squid.
On Thu, Sep 21, 2000 at 12:23:31AM +0800, Andy W. K. Chan wrote:
> Can I use smb_auth to allow the NT Groups accessing Internet or not ?
>
--
Jason Cook
PGP Fingerprint: D531 F4F4 BDBF 41D1 514D F930 FD03 262E 5120 BEDD
PGP Key: http://dayton.net/~dsg/pgp.html
Don't hate yourself in the morning - sleep till noon.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-ntdom/attachments/20000921/9d831950/attachment.bin
More information about the samba-ntdom
mailing list