Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Squid Authentication Via NT Domain Accounts

Posted on 2002-06-18
5
Medium Priority
?
297 Views
Last Modified: 2008-02-01
I am relative newcomer to linux. I have an NT 4 based domain with squid server as a proxy to approx 500 users. I want to allow users to authenticate (hopefully) transparently to the NT4 domain so that most importantly the username will be logged to access.log and hence appear in SARG (we currently only monitor ip addresses). I am using Winbind with SAMBA and want to do something similar as i have heard this works with other services and do not want to maintain multiple account databases. Does anyone have any suggestions.
0
Comment
Question by:tobyk
  • 2
  • 2
5 Comments
 
LVL 1

Accepted Solution

by:
Zook earned 800 total points
ID: 7092170
You can configure the authentification plugin "smb_auth" with the squid cache:

http://www.hacom.nl/~richard/software/smb_auth.html
http://www.squid-cache.org/


Assuming your Squid is running, the configuration is trivial. I doesn't make sense to copy and paste the good docmentation here, so just have a look at it.

They main concept is, you have a file on your NT Server, that can only be accessed by the NTgroup that is allowed to use the Internet. smb_auth tries to access this file via the samba client. If it can you may surf.

This works fine in our network.

cu
Zook

0
 
LVL 2

Author Comment

by:tobyk
ID: 7094227
How secure is smb_auth. I heard this is really good but then when searching for setup i read this link saying it had security holes. What do you think

http://linux.lexilog.org.uk/squid.html
0
 
LVL 1

Expert Comment

by:Zook
ID: 7098491
The weekness here is, that if an attacker got hold of your proxy, smb_auth might help him get your Windows passwords. But then again - if the attacker already got hold of your proxy machine, he might plant any trojan he likes. So until you have a dedicated firewall/proxy and have regular integrity checks the risk might be tolerable => You have to know.

My Opinion, but I am far from being a security expert, if the hacker is already inside my ==> Windows <== Network "Resistance is futile", anyway ;-)

cu
Zook
0
 

Expert Comment

by:CleanupPing
ID: 9078467
tobyk:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 2

Author Comment

by:tobyk
ID: 9085128
Zook thanks for your answer. This was the best idea at the time but i ended up using Winbind for this task
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question