Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Squid Authentication Via NT Domain Accounts

Posted on 2002-06-18
5
Medium Priority
?
296 Views
Last Modified: 2008-02-01
I am relative newcomer to linux. I have an NT 4 based domain with squid server as a proxy to approx 500 users. I want to allow users to authenticate (hopefully) transparently to the NT4 domain so that most importantly the username will be logged to access.log and hence appear in SARG (we currently only monitor ip addresses). I am using Winbind with SAMBA and want to do something similar as i have heard this works with other services and do not want to maintain multiple account databases. Does anyone have any suggestions.
0
Comment
Question by:tobyk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Zook earned 800 total points
ID: 7092170
You can configure the authentification plugin "smb_auth" with the squid cache:

http://www.hacom.nl/~richard/software/smb_auth.html
http://www.squid-cache.org/


Assuming your Squid is running, the configuration is trivial. I doesn't make sense to copy and paste the good docmentation here, so just have a look at it.

They main concept is, you have a file on your NT Server, that can only be accessed by the NTgroup that is allowed to use the Internet. smb_auth tries to access this file via the samba client. If it can you may surf.

This works fine in our network.

cu
Zook

0
 
LVL 2

Author Comment

by:tobyk
ID: 7094227
How secure is smb_auth. I heard this is really good but then when searching for setup i read this link saying it had security holes. What do you think

http://linux.lexilog.org.uk/squid.html
0
 
LVL 1

Expert Comment

by:Zook
ID: 7098491
The weekness here is, that if an attacker got hold of your proxy, smb_auth might help him get your Windows passwords. But then again - if the attacker already got hold of your proxy machine, he might plant any trojan he likes. So until you have a dedicated firewall/proxy and have regular integrity checks the risk might be tolerable => You have to know.

My Opinion, but I am far from being a security expert, if the hacker is already inside my ==> Windows <== Network "Resistance is futile", anyway ;-)

cu
Zook
0
 

Expert Comment

by:CleanupPing
ID: 9078467
tobyk:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 2

Author Comment

by:tobyk
ID: 9085128
Zook thanks for your answer. This was the best idea at the time but i ended up using Winbind for this task
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question