On Fri, 2003-01-17 at 16:50, Jeff Waugh wrote: > <quote who="[EMAIL PROTECTED]"> > > > I'm wanting to restrict internet access to users of our network depending > > on who they are. (ie. remove it completely). The only exception to this is > > when they are logged in to a particular machine. > > > > The users are on MS Windows machines, and the server is running samba as > > PDC. > > > > Has anyone done anything similar to this?
Oh yes, many folk. The NTLM code in squid was developed on a site with ~40000 users - enough to test it's robustness :}. > The best method would be to set up a squid proxy (very useful anyway) and > have everyone authenticate to use the external web. Yep. For maximum 'neatness': Install squid 2.5 S1 or above. Use the winbind NTLM authentication helper, and the winbind_group external ACL helper, and then you can limit internet access by group membership from your SAMBA controller, without any login prompts being displayed. (There are other group helpers, winbind_group is just one). Rob -- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
signature.asc
Description: This is a digitally signed message part
