On Tue, 2006-01-24 at 14:23 -0200, Fernando Lujan wrote:
> Hi all,
>
> I'm researching a way to authenticate users using Samba or Ldap. There
> problem is that I need to authenticate the users using group policies.
> Which is the best alternative to implement this behavior?
Authenticate or authorize? As in: "yes, I the server trust that you are
really user foo\bar" or "yes, given that you are foo\bar you can access
url http://gazonk.com/"?
The former cannot be done via group policy, the latter can be. Not in
the "Group policy" sense, but rather in the "check group membership"
sense.
This is relevant because squid splits authentication from authorization.
The former can be done via samba's winbind or (if you're running on
windows using the LSA) or again via ldap against a domain controller,
the latter is better done via ldap. For the details on "how" please do a
search on this mailing-list - it's almost a FAQ.
Kinkie
Received on Tue Jan 24 2006 - 11:29:39 MST
This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST