hello all, i am running squid 2 on a SuSe 6.3 and it works OK. Now I want to restrict my users' access logged on a Windows NT terminal server. So I cannot restrict them by IP numbers because there is only one. Now I have seen the parameter "authenticat_program" for an external authenticator. In squid.conf they tell about the program ncsa_auth, but Suse seems to use LDAP access. I started LDAP server and tried to enter a user, but I was not successful. I read the administrator guide from openldap.org but I think I need more basic understanding in this subject. Is there any easy introduction to administration of openldap, adding users, defining access rights... Thanks for any hint Richard Hegewald
Have a look at the SMB_AUTH package. It's very Easy to setup and works like a charm. I have not used it with more than 300 users though, so I'm not sure how scalable it is. I guess it's dependant on the NT server's FS ability as it basically does a smbclient connection for AUTH. Sorry, I can't help you with LDAP. Something I need to learn more about... HTH -Nix PS. It's considered rude to attach any files to a mailing list. Especially Microsoft .vcf files to a Linux mailing list :-) Just a friendly reminder. At 11:48 AM 19/12/2000 +0100, you wrote:
hello all, i am running squid 2 on a SuSe 6.3 and it works OK. Now I want to restrict my users' access logged on a Windows NT terminal server. So I cannot restrict them by IP numbers because there is only one. Now I have seen the parameter "authenticat_program" for an external authenticator. In squid.conf they tell about the program ncsa_auth, but Suse seems to use LDAP access. I started LDAP server and tried to enter a user, but I was not successful. I read the administrator guide from openldap.org but I think I need more basic understanding in this subject. Is there any easy introduction to administration of openldap, adding users, defining access rights... Thanks for any hint Richard Hegewald
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking
Have a look at the SMB_AUTH package.
thank you I will try this
PS. It's considered rude to attach any files to a mailing list. Especially Microsoft .vcf files to a Linux mailing list :-) Just a friendly reminder.
Sorry, I did not know, that Netscape sends MS files Richard
Its not a "Microsoft vcf file" its a netscape vCard. If you enable the "attach my personal card to messages (as a vCard)" it will get attached to all outgoing mail. -miah - less talk more clue. On Tue, Dec 19, 2000 at 03:15:41PM +0100, Richard Hegewald wrote:
Have a look at the SMB_AUTH package.
thank you I will try this
PS. It's considered rude to attach any files to a mailing list. Especially Microsoft .vcf files to a Linux mailing list :-) Just a friendly reminder.
Sorry, I did not know, that Netscape sends MS files
Richard
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
At 10:10 AM 19/12/2000 -0800, you wrote:
Its not a "Microsoft vcf file" its a netscape vCard. If you enable the "attach my personal card to messages (as a vCard)" it will get attached to all outgoing mail.
-miah
- less talk more clue.
I realise he's using Netscape, but the vcard format was designed by Microsoft as far as I know. At least the first time I saw it was in Outlook 97. In any case, sending attachments like that to a mailing list is not the usually considered polite.... Just like quoting full emails isn't considered polite (which I have been guilty of occasionally) -Nix -- Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking
El Mar 19 Dic 2000 14:55, escribiste:
Have a look at the SMB_AUTH package. It's very Easy to setup and works like a charm. I have not used it with more than 300 users though, so I'm not sure how scalable it is. I guess it's dependant on the NT server's FS ability as it basically does a smbclient connection for AUTH.
I have 400+ users authenticating against a NT PDC and working ok. You need some machine, though, but is Squid the one to blame, not smb_auth. As its author says in the documentation, smb_auth doesn't perform quite well when calling NT, but he's inteding to change that in the future. Anyway, it's not a so important matter, as your users will authenticate only once per session (at least, this is true for my case). Best regards. -- Marco Antonio Blanco Activa Sistemas, S.Coop.And. www.activasistemas.com
participants (4)
-
Marco Antonio Blanco -
Miah Johnson -
Nix -
Richard Hegewald