Something like ident for NT

From: Ulrich Herbst <Ulrich.Herbst@dont-contact.us>
Date: Fri, 18 Feb 2000 09:22:40 +0100

We want to check usernames to restrict access to certain sites.

You can solve this with ident or proxy_auth.

ident doesn't work on plain NT workstations.

For proxy_auth, you have to type an userid and a password, if you
want to surf
(and our customer thinks, that is too much work for his users).

To solve this problem I patched squid:

Now there are two new ACLs "srcname" and "srcname_regex".
Squid give the src-ipaddress to an external program (you can
configure this in squid.conf with "srcname_program"). That external
program gives something back to squid, which is checked against
these new ACLs. That reply is cached for a specified time
("srcname_ttl" in squid.conf).

As external program I modified "nmblookup" (from the samba
packet) a little bit.

With that you can check NT-usernames in squid without the need
to type userid and password.

There are some more situations, where you can use "srcname":
You want to make name-resolution against LDAP, you can check
your src-adresses directly against a database,....

There is just a little problem:
We don't have a WWW- or FTP-Server to put that patch on.
Can anyone put this patch on his server ?

Uli
                             '''
                             (0 0)
                +------oOO----(_)--------------+
                | Ulrich Herbst |
                | debis Systemhaus ISM |
                | Tel. ++49-7225-61-2220 |
                | FAX ++49-7225-61-5222 |
                | Ulrich.Herbst@debis.com |
                +-------------------oOO--------+
                            |__|__|
                             || ||
                            ooO Ooo
Received on Fri Feb 18 2000 - 01:37:18 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:20 MST