[Samba] Internet Explorer

rruegner robowarp at gmx.de
Wed Oct 29 18:49:56 GMT 2003


hi,
i am not sure if i understand you in the right way but
this are the magic to make squid use transparent
#transproxy feature, very cool content filtering can be done with squidguard
#iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp --dport 80 -j
DNAT --to 10.10.10.2:3128
#iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j
SNAT --to 10.10.10.2
#iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p
tcp --dport 3128 -j ACCEPT
for sure you have to enable additional stuff in squid.conf and change
settings to your need in example above ( study man squid)
as you know changing settings for ie i think is only allowed for powersusers
( but i am not sure at the moment )
but in fact if your users cant change it they have no permission too.(win
stuff)
As i think if you want to give them the permission to change i e settings
you have to give them
higher prior on their local workstations.( like superuser etc.)......not all
users are equal in their needs!
But as i remember i had never problem with that, if you store their profiles
in their homes on samba.( when i use this old distro setup )
But in Version 2.2.5 there is not a valid group mapping between samba / unix
to windows,
therefore an for other reason (security ) you should upgrade t samba 3 (
load it from ftp.suse.com people gd )
than you can build a nearly equal nt4 pdc with group mapping
match the groups with that bash script
#!/bin/bash

net groupmap modify ntgroup="Domain Admins" unixgroup=root
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap modify ntgroup="Administrators" unixgroup=ntadmin
net groupmap modify ntgroup="Users" unixgroup=users
net groupmap modify ntgroup="Guests" unixgroup=nobody
net groupmap modify ntgroup="System Operators" unixgroup=sys
net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin
net groupmap modify ntgroup="Backup Operators" unixgroup=bin
net groupmap modify ntgroup="Print Operators" unixgroup=lp
net groupmap modify ntgroup="Replicators" unixgroup=daemon
net groupmap modify ntgroup="Power Users" unixgroup=sys

you can use than USRMGR.EXE for create users groups etc
in my setup this works fine....with nt policies i am able to give
different users/groups to different proxies and fine tune the content
filtering ie. example adults and kids
machine adding on the fly to samba 3 work now too
study the new faqs for samba.
note that the out of the boy version from suse is not valid for a good
working pdc
( for 700 users you should use ldap with samba not smbpasswd )
Good Luck
Best Regards

----- Original Message ----- 
From: "Richard K Ssekibuule" <rkayondo at ics.mak.ac.ug>
To: <samba at lists.samba.org>
Sent: Wednesday, October 29, 2003 7:11 PM
Subject: [Samba] Internet Explorer


> I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
> My problem: These users cannot change their Internet explorer proxy
setting.
>
> Question: How can I grant rights to change Internet explorer settings
> without compromising administrative security?
>
> My kernel cannot do transparent proxy, but I use squid to schedule users
> Internet access.
> The server running squid is different from the one running squid/gateway.
>
> Thanks in advance.
>
> Richard.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>




More information about the samba mailing list