Re: Authentication for Squid.

From: Kendall Lister <kendall@dont-contact.us>
Date: Thu, 24 Feb 2000 16:45:20 +1100 (EST)

On Thu, 24 Feb 2000, Simon Bryan wrote:

> Not directly, but you can use the userlist from NT to create the
> initail userlist for Squid. Sadly I forget how to get the list of
> users as a Text file!

If you wanted to do this you could use the utility from the Samba team for
creating smbpasswd files from NT registries. However, if Mark already has
an NT network he can simply use the smb_auth module that comes with Squid
to authenticate directly against the PDC. See squid/auth_modules/SMB for
details.

> Perhaps if you are using Samba and keeping the users syncrhonised you
> could use the main password file, but this is not considered good
> practice. I am using separate files so I can take away students access
> to the internet without taking away their access to the network.

If Mark (and anyon else) is running a Samba server then smb_auth can
authenticate directly against it, even though Samba cannot yet be a PDC -
this works for me, although I had to slightly hack Richard's smb_auth.sh
to get the right smbclient commands happening.

To remove a user's Internet rights without interfering with their network
access, simply remove their access to the file 'proxyauth' on the
'netlogon' share - this is what smb_auth uses by default as a test for
access.

In summary, Squid can authenticate against an NT PDC, or a Samba server,
and very good guiding documentation exists.

--
 Kendall Lister, Systems Operator for Charon I.S. - kendall@charon.net.au
  Charon Information Services - Friendly, Cheap Melbourne ISP: 9589 7781
Received on Wed Feb 23 2000 - 22:55:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:31 MST