squid SSO with samba

[MorpheuS.Ibis]

Hi

I have a network with a central samba server/router/proxy and a bunch of MS computers in a samba domain. the proxy is currently squid in transparent mode

I would like squid to know which users are generating the requests (for per-user logging instead of per-pc), but without the browser asking for it. I have found some howtos, using winbind+kerberos to SSO against AD, but that probably won't work against samba domain, and requires IE.

is there a way for this? somehow having samba export list of PCs and logged-on users, and squid using that for identifying the user from IP

thanks

[nativemad]

Hi,

as far as i know IE is the only browser that sends the user credentials automatically for sso via ntlm. And it probably won't work in transparent mode.

One thought...
You could fetch the user via samba logs and map it through the timestamp and the used ip to produce some kind of a fake squid log. It should match the format that the different squid-log analyzers like....
But that would need some scripting and won't work with terminal servers!
_________________
Power to the people!

[MorpheuS.Ibis]

I am OK with scripting and not working terminal servers (I don't have those in my network), but I am unable to find any login/logoff messages in samba logs, and from what I can tell (using strace on smbstatus) the session data is stored in tdb files, and it does not correspond to logged on users (I get sessions even at midnight)

any further hints on how this can be done? if there was a way to have samba give nice login/logout messages to another program (ie. not by reading all the samba logs all the time) then this would be relatively easy (assuming squid wouldn't mind writing logs into a named pipe)

UPDATE: samba has preexec/postexec options, which nearly fit my usage, but the commands are executed more often than when mounting the share (probably every time the user accesses the directory), so this can't be used for simple login/logout indication

any thoughts for improving this?