michael hiatt wrote:
Hi guys,
I have Ubuntu 9.04 (Desktop) and attempting to use authentication to a windows werver 2003 r2 box.
I have installed likewise-open and been able to successfully "join" with domainjoin-cli command
using the following link as a guide: https://help.ubuntu.com/9.04/serverguide/C/likewise-open.html
Is it possible to use this method instead of winbind (as the config examples wiki shows)?
If so how would i go about implmenting this so that users on windows xp machines that are logged into my domain will be denied or allowed access using internet explorer?
Maybe yes, maybe no.
There are a few parts to this: (for the pedantic, please forgive my
generalizations)
1) "join the domain" --- so that the squid box/IP has permission to
question the domain controller for credentials. Nothing more, nothing
less. This is separate to the rest of the setup, but is required in most
cases for (3) to happen.
2) "authentication" --- getting the credentials from the client.
The auth helpers Squid provides do this part. Is independent of the
other steps, but limited to links where the client 'knows' its talking
to Squid.
3) "authorization" --- checking that the credentials are right.
The auth helpers do this when possible as well. Some require both auth
helper and external_acl_type helpers like winbind to check additional
criteria (groups etc).
This is the part which require (1) above. The nature of the helpers
involved has a LOT of variance, and may be self-written to do anything.
Winbin dis one such helpers, if you are able to find or create a helper
that works in your specific needs/environment great.
On a side note, (3) can be done regardless of (2) with carefully
selected criteria other than username/password.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15
Current Beta Squid 3.1.0.7
