Am Dienstag, 28. Oktober 2003 17:13 schrieb André Sänger:
Hello Markus,
Tuesday, October 28, 2003, 4:56:27 PM, you wrote:
Right. Because only IE is able to send NTLM (or ADS) auth. what a pity, hm? Better is: Open LDAP Server - Single Sign on solution, incl Firewall, Mail and all that you can imagine.
But how do I get a single sign on to the squid proxy then (taken that the clients stay NT4 Workstations)? Wouldn´t I still have to use NTLM?
Not necessarily. Ldap helps. In a different solution we do that by activating (per-user, per-client, per-client-ip) specific iptables rules (also stored in ldap directory) after a successul login to our ldap server. So we can exactly control what Mr A is allowed to on machine B with operating system C under circumstances D and so on... (and not only squid... ;-) That's probably the best way I know, but I'm always open for suggestions! Other possible solutions are e.g. pam or samba auth for squid... i guess
Is it possible to migrate an NT Domain to a Samba/Ldap SuSE Linux Server yet - without having to touch the clients? Can I replicate the accounts like NT PDC/BDCs do for the case the main Samba/LDAP Server goes down?
-- Best regards, André mailto:Andre.Saenger@gmx.de
-- Mit freundlichen Grüßen Markus Feilner -- Linux Solutions, Training, Seminare und Workshops - auch Inhouse Feilner IT Linux & GIS Erlangerstr. 2 93059 Regensburg fon: +49 941 70 65 23 - mobil: +49 170 302 709 2 web: http://feilner-it.net mail: mfeilner@feilner-it.net