On Mon, Jan 27, 2003 at 08:36:12PM -0500, GarUlbricht7@netscape.net wrote:
* Raymond Leach wrote on Mon, Jan 27, 2003 at 16:02 +0200:
Squid supports authentication via helper programs. I'm sure if you look hard enough on the net you can find one that will do SMB (windows) authentication.
I don't think that this was the question. He told, the authentication works, but the users needs to reenter the password. Well, and maybe the users enter their windows password
caution, dirty hack ahead. you could use acl ident <something> either implement and start an identd like service on each of your win boxes :) or: with iptables, redirect all ident requests from your proxy to your win boxes to some listening [e.g. quick'n'dirty-perl] server on the lo-interface of the proxy box. that server would check which client IP corresponds to the ident-request sockets, checks which user is corresponds to that client ip, and whether she should be granted access. it just fakes some ident reply, which you can match in your acl. since afaik ident-queries consist of two port numbers only, and you lost the client ip by the redirection, you have to check for any ip connection that matches the local and remote port. you can do so for example with lsof. no match: something went wrong, or the client closed the connection much faster than expected more than one match: either choose (insecure), or just ignore and let the client try again. exactly one match: that has to be the client, look it up in the who-is-who directory ... I have no idea regarding performance impact or fitness for real life environments, but it seems doable. Lars