Everyone,
I have set up squid to authenticate to an NT domain
and have it working, BUT...it is not transparent like
MS Proxy 2.0, so I have not replaced my MS Proxy yet.
There are a few ways to authenticate to an NT domain.
One is by using a program called smb_auth. This is a
small program that is called by squid to read a file
from an NT share. You can set permissions on the file
and thereby restrict squid access to users in an NT
group. Very handy. The latest version of squid also
has an auth method called NTLM which makes direct
calls the domain but it only checks whether the
user/password combination is valid (no restriction by
group). Both of these methods require authentication
for each new session (it pops up a dialog box for the
user to fill in the user/password). Because IE uses
MS/CHAP for authentication, there is no way right now
for the auth check to be done invisibly.
You can get the latest source for smb_auth at
http://www.hacom.nl/~richard/software/smb_auth.html
You'll have to compile it on a Red Hat system that has
the same libs as your version of e-smith (4.0 = red
hat 6.1, 4.1 = red hat 7.0), or you can link it
staticly (but then it gets really big).
I haven't tried any of the log viewing programs since
I had to set squid aside for now.
Keith Winston
--- Gordon Rowell <[EMAIL PROTECTED]> wrote:
> On Wed, Apr 04, 2001 at 09:31:05AM +0200, Brandon
> Friedman <[EMAIL PROTECTED]>
> wrote:
> >
> > A reply to myself.....
> >
> > Is calamaris a recommend squid tool???
> > [...]
>
> I have heard good reports about it, though I haven't
> used it myself.
>
> As for the authentication issue, you will need to
> use either smbpasswd
> or /etc/shadow - the LDAP database doesn't provide
> enough information for
> authentication at this stage.
>
> Remember to share your findings - many others have
> asked for this as well.
>
> Thanks,
>
> Gordon
> --
> Gordon Rowell
> [EMAIL PROTECTED]
> http://www.e-smith.org (development)
> http://www.e-smith.com (corporate)
> Phone: +61 (0418) 467 366 Fax: +1 (613) 564 7739
> e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P
> 1P1 Canada
>
>
=====
LPIC-1
N+
MCSE
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
