On Wed, 2002-06-05 at 14:34, Peter Whysall wrote: > Here's the scenario. > > I have a Woody box running the Squid web proxy server, with the > oh-so-nifty Squidalyser log analyser doohickey and it's working fine, > serving Windows clients. The Boss is pleased. > > However there's a small fly in the ointment. Squid can look up RFC931 > idents from clients. Squid can, with the aid of the smb_auth module > (which is included in the Debian package) authenticate against a Windows > PDC. > > I really really want to tie these two together. I want Squid to do Samba > magic to get the username - or at a stretch, the NETBios name of the > client box - and stuff it in the logs. > > I know there is a freeware ident server for Windows, and I know it works. > > What I'm trying to avoid is installing something on the thick end of 200 > boxes just to get a username out. > > I've Googled. I've read the RFC. I'm all searched out. I can't find > anything about this - but I have a sneaking suspicion that someone, out > there, has already met this problem and has dealt with it with more > fortitude than I. >
What you want is NTLM authentication. Unfortunately the current stable version of squid does not have support for it. I have built a squid 2.5pre5 .deb(binary) package with NTLM support that has been the proxy for ~150 users in my company for a few months now. If you want, I can send it to you, or you can compile from source yourself. there are a few caveats like making sure to set the correct location for nmbclient in the SMB auth helpers makefile. These are the config options I use: --prefix=/usr --datadir=/usr/lib/squid --libexecdir=/usr/lib/squid --mandir=/usr/share/man --infodir=/usr/share/man --sysconfdir=/etc/squid '--enable-auth=ntlm basic' '--enable-basic-auth-helpers=SMB PAM MSNT' '--enable-ntlm-auth-helpers=NTLMSSP fakeauth no_check' I also have a shell script that pulls down the members of my NT domain groups once an hour and dumps the user names into a usable-by-squid text file if you care to look at it. Hope that helps, -Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
