password access through squid from win98
Assuming its possible, how do I link ACLs in SQUID to the login at a win98 machine. ie different control for different users? thanks James Carter
Assuming its possible, how do I link ACLs in SQUID to the login at a win98 machine. ie different control for different users?
I don't think you can get "identd" information from your w98 machines, but if you could, then Squid has an acl based on "ident", so you would enter something like acl staff ident "/usr/local/etc/squid/staffnames" and put your staffnames in that file for elevated privileges. But if you can't get an "identd" name from your w98 service (maybe Samba can provide it for you) then this is off. We use ip numbers - our DHCP hands out fixed ip numbers and we authorise different things depending on ip number. About half our connections seem to be from services that provide ident information (you can see the names in the squid log files. If you can't, you haven't got ident). -- Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG 01371-822698/821076 or 07798 636725 cchd@felsted.essex.sch.uk
Assuming its possible, how do I link ACLs in SQUID to the login at a win98 machine. ie different control for different users?
I don't think you can get "identd" information from your w98 machines, but if you could, then Squid has an acl based on "ident", so you would enter something like
You can get an identd (which uses the logged in username) for Windows 9X (and ME, NT, 2000).
it for you) then this is off.
We use ip numbers - our DHCP hands out fixed ip numbers and we authorise different things depending on ip number. About half our connections seem to be from services that provide ident information (you can see the names in the squid log files. If you can't, you haven't got ident).
Alternativly there is the authenticate_program option... -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 13 January 2002 9:15 am, Mark Evans wrote:
You can get an identd (which uses the logged in username) for Windows 9X (and ME, NT, 2000).
I'd be very interested to hear where from :) Isn't it possible to spoof the names? - -- Cheers, Chris Howells -- chris@chrishowells.co.uk, howells@kde.org Web: http://chrishowells.co.uk, PGP key: http://chrishowells.co.uk/pgp.txt KDE: http://www.koffice.org, http://edu.kde.org, http://usability.kde.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8QVqfF8Iu1zN5WiwRAlFBAJ0W0gChCkBvIPecfcxsidyyto7cPQCcDEq+ /2R/UXNpUflJCNf9kWnntcA= =dXe6 -----END PGP SIGNATURE-----
On Sunday 13 January 2002 9:15 am, Mark Evans wrote:
You can get an identd (which uses the logged in username) for Windows 9X (and ME, NT, 2000).
I'd be very interested to hear where from :) I can't remember exactly where it came from. The file is called ident3d.exe and also requires cygwin1.dll to be present. Dates from mid 1998 -- Mark Evans St. Peter's CofE High School Phone: +44 1392 204764 X109 Fax: +44 1392 204763
On Sun, 13 Jan 2002 09:59:58 +0000, you wrote:
On Sunday 13 January 2002 9:15 am, Mark Evans wrote:
You can get an identd (which uses the logged in username) for Windows 9X (and ME, NT, 2000).
I'd be very interested to hear where from :)
http://sourceforge.net/projects/identd/ -- Simon Kelsall.
We use an identd program in Win 95 and 98 that can be run as a service and in *silent* mode. The original download URL is broken but you can get a copy from http://linnea.tucows.com/files5/identd15.zip. The zip file includes documentation. Hope this helps. Mike Rees Ysgol Glanymor School
Thanks for some of the advice Since posting have been doing some web searching along the lines of +identd +win98 +squid or +samba Have found several methods using an identd program to place on the win machines but quite a lot of complaints about crashes. Have also seen stuff in the squid docs about using Samba to authenticate squid but haven't tried this yet. Would appreciate from more details about the method below from Mike Rees. thanks James C South Lee School
We use an identd program in Win 95 and 98 that can be run as a service and in *silent* mode. The original download URL is broken but you can get a copy from http://linnea.tucows.com/files5/identd15.zip. The zip file includes documentation.
Hope this helps.
Mike Rees Ysgol Glanymor School
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
Thanks for some of the advice Since posting have been doing some web searching along the lines of +identd +win98 +squid or +samba Have found several methods using an identd program to place on the win machines but quite a lot of complaints about crashes. Have also seen stuff in the squid docs about using Samba to authenticate squid but haven't
Identd only identifies. This is helpful so that the squid logs show up
usernames not machine names or IP addresses depending on your DNS/DHCP
settings.
What you really need is samba + winbind + pam + an access group in squid. We
are working at this but still haven't fully cracked it. You can use samba
plus pam for NT but it's a bit of a fudge. The trouble is that winbind is
still fairly bleeding edge.
----- Original Message -----
From: James & Cybèle
this yet. Would appreciate from more details about the method below from Mike Rees.
thanks
James C South Lee School
We use an identd program in Win 95 and 98 that can be run as a service and in *silent* mode. The original download URL is broken but you can get a copy from http://linnea.tucows.com/files5/identd15.zip. The zip file includes documentation.
Hope this helps.
Mike Rees Ysgol Glanymor School
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any review, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organisations is strictly prohibited. The contents of this email do not necessarily represent the views or policies of East Norfolk Sixth Form College, its employees or students.
James & Cybèle We use the identd server on the win machines for log information and stopping pupils using the internet in the guest accounts that have been set up on our NT network. This is not foolproof, but it is a deterent. In squid.conf we have an ACL: acl block_these_users ident "/var/squid/block_these_users" followed later by http_access deny block_these_users The file block_these_users contains (each name on a separate line) guest1 guest2 . . guestxx Password authorisation is also compulsary through the use of smb_auth which can be obtained from http://www.hacom.nl/~richard/software/smb_auth.html - this where you will find how to set it up also. In squid.conf: authenticate_program /usr/local/bin/smb_auth -W server_name -U server_ip acl domainusers proxy_auth REQUIRED followed later by http_access allow domainusers This works fine with our NT server and our samba servers. Please note there are other (and probably better) ways of achieving this. HTH Mike Rees
participants (8)
-
Chris Howells
-
Christopher Dawkins
-
James & Cybèle
-
manager
-
Mark Evans
-
Mike Rees
-
Simon Kelsall
-
SuSE