On 6/28/07, Andreas Pettersson <andpet@xxxxxxxxx> wrote:
Kinkie wrote: > On 6/27/07, Andreas Pettersson <andpet@xxxxxxxxx> wrote: >> Hi list. >> >> I'm trying to have usernames logged in access.log, but I'm not (at the >> moment) interested in any kind of authentication. It should be more like >> a bonus, so to speak. If someone browses using firefox on linux then >> there's no hope, BUT traffic from my Windows 2003 Terminal Servers using >> Internet Explorer is perhaps easier to track. I just don't know how to >> approach this. I want the client to (silently) pass credentials but not >> deny access if there's none. (However there is an Active Directory >> available.) > > This can be done by ACL: > > [first the usual stuff protecting cachemgr, setting up ntlm > authentication via winbind. etc, then:] > <snip> Ok, so there still is the need to do a lookup against the directory using winbind? (Somehow I feel this question has an obvious answer, but this is completely unknown land to me)
Yes, there is no other way to determine whether the user credentials are OK. Or, you can blindly trust whatever the users's browsers say and use the 'fakeauth' helper. -- /kinkie