> > We use Samba here (2.2.6) and Squid. Due to our high internet usage, I've > had to block access for most people. > > I've been allowing access on an IP basis, however this isn't > ideal (we use > dhcp) and I'd like to be able to block/allow access on a user-level basis. > > Now, I understand that this can be done with PAM. Is winbind also > required? > > What documentation exists about this?
smb_auth is a doddle to setup if you have a Windows Domain, however it asks each user for a username and password when they start browsing, this can annoy some people. smb_auth is well documented. Winbind is not needed in this case. The latest versions of Squid can use ntlm authentication (really need to get the latest snapshot or things might not work). You do need winbind for this, getting the usernames etc in the log files is easy, the advantage of ntlm is that it recognises your Windows Domain groups so you can have different levels of access based on existing domain groups. This is new and not that well documented yet, but the bare minimum is there, worth the trouble if you need to work with Domain Groups. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
