windows nt domains and ip masquerading...

Luke Kenneth Casson Leighton lkcl at
Fri Aug 11 07:26:12 GMT 2000

alternative, wrap samedit in scripts or dig down into its code just like
tim did, for writing winbind.

so use either winbind or samedit as a basis for writing a c-app.

On Tue, 25 Jul 2000, Peter Samuelson wrote:

> [Shawn Campbell <clasmc at>]
> > Specifically, when a computer sends a request to the masq box, it
> > would ask the pdc what group the user on that particular computer
> > belongs to, if the group is faculty or staff, the masq rules adjust
> > to let those requests go through uncensored.  If the user on that
> > machine is a student, their requests are filtered.  How feasible is
> > something like that?
> That is a *perfect* application of the `ident' protocol.  Too bad
> Windows doesn't support it.  You might look for a third-party ident
> server for Windows, though that still implies client software which you
> said you didn't want.
> What distinguishes ident is that it doesn't assume that a given
> computer can only have *one* person logged on.  That's a very poor
> assumption in most operating systems, and even Windows NT has started
> to catch up recently with Winframe/Metaframe/TSE.
> > Could a perl script be constructed to create such a solution?
> Yeah.  I believe `winbind' (look in recent Samba CVS and be prepared to
> fiddle around some) has some of this functionality in place.  Write
> glue code to call back to that -- see winbind_nss etc for examples.
> Peter

<a href=" mailto:lkcl at" > Luke Kenneth Casson Leighton    </a>
<a href=""  > Samba and Network Development   </a>
<a href=""      > Samba Web site                  </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals

More information about the samba-technical mailing list