| View previous topic :: View next topic |
| Author |
Message |
Fraggle
Apprentice
Joined: 13 Mar 2003
Posts: 187
Location: Washington, DC
|
 Posted: Sat Jun 28, 2003 2:00 am Post subject: only able to access internet when logged into samba PDC |
 |
|
| Is this possible? |
|
| Back to top |
|
 |
PowerFactor
Veteran
Joined: 30 Jan 2003
Posts: 1693
Location: out of it
|
| Posted: Sat Jun 28, 2003 2:07 am Post subject: |
|
|
Anything's possible. 
Being a bit more specific would help though. |
|
| Back to top |
|
|
Fraggle
Apprentice
Joined: 13 Mar 2003
Posts: 187
Location: Washington, DC
|
| Posted: Sat Jun 28, 2003 3:43 am Post subject: |
|
|
| PowerFactor wrote: | Anything's possible.
Being a bit more specific would help though. |
I don't want users to be able to access ANYTHING until they are authenticated through the domain. |
|
| Back to top |
|
|
PowerFactor
Veteran
Joined: 30 Jan 2003
Posts: 1693
Location: out of it
|
| Posted: Sat Jun 28, 2003 4:57 am Post subject: |
|
|
| Well, I have to admit that I've never dealt with NT domains except as a user so I don't know how to setup whatever it is you want. But you really should provide more details in order for anyone to help you. These users, are they on windows clients authenticating to a samba pdc? Or are they on linux clients that you want to integrate into an NT domain. I do know that linux can use samba to control logins, I've never done it myself though. Is something like that what you're looking for? |
|
| Back to top |
|
|
Crg
Guru
Joined: 29 May 2002
Posts: 345
Location: London
|
| Posted: Sat Jun 28, 2003 7:45 am Post subject: |
|
|
| Fraggle wrote: | | PowerFactor wrote: | Anything's possible.
Being a bit more specific would help though. |
I don't want users to be able to access ANYTHING until they are authenticated through the domain. |
You could force them through a proxy and have them authenticate themselves there.
for example - setup squid with the SMB authentication module, so they have to authenticate with NT username/password before having web/ftp access. |
|
| Back to top |
|
|
Fraggle
Apprentice
Joined: 13 Mar 2003
Posts: 187
Location: Washington, DC
|
| Posted: Sat Jun 28, 2003 1:20 pm Post subject: |
|
|
| PowerFactor wrote: | | Well, I have to admit that I've never dealt with NT domains except as a user so I don't know how to setup whatever it is you want. But you really should provide more details in order for anyone to help you. These users, are they on windows clients authenticating to a samba pdc? Or are they on linux clients that you want to integrate into an NT domain. I do know that linux can use samba to control logins, I've never done it myself though. Is something like that what you're looking for? |
Windows Clients connecting to a samba pdc. I already use samba to control logins  Sorry I just didn't know what information you wanted |
|
| Back to top |
|
|
Fraggle
Apprentice
Joined: 13 Mar 2003
Posts: 187
Location: Washington, DC
|
| Posted: Sat Jun 28, 2003 7:16 pm Post subject: |
|
|
| Any other ideas? |
|
| Back to top |
|
|
Crg
Guru
Joined: 29 May 2002
Posts: 345
Location: London
|
| Posted: Sat Jun 28, 2003 7:59 pm Post subject: |
|
|
| Fraggle wrote: | | Any other ideas? |
You could try using the pre/postexec statements in smb.conf to add the client address to a firewall allow list.
ie something like:
| Code: |
[home]
preexec = ssh firewall_machine allow_ip_through_fw.script %I
postexec = ssh firewall_machine allow_ip_through_fw.script %I
|
Don't know how it'd work out.
Using a proxy is much better for security and performance reasons among other things. |
|
| Back to top |
|
|
|
Networking & Security
