File and proxy server + auth?

Hello all!

I’m setting up a samba-based file server on a small LAN (~10 machines). I don’t need any PDC setup because I don’t have many users here, so I just created some unix users named exactly like my windows client-users, and set them the same passwords that they have on their winXP machines.
Now the problem is, that the same server must act like a www-proxy, so I installed squid on it, but I still can’t figure out how should I authenticate users there :expressionless:

Most howto-s & tutorials assume that I have a samba-PDC and use domain authentication, but I don’t need it (and actually I still can’t figure out how to setup a Samba + LDAP PDC on openSUSE 11 :shame:)

Right now my proxy server is open to anyone in LAN, but I want to control how much traffic people use and which sites they can visit…

Actually the Linux passwords and Samba passwords can be different, because Samba uses a different authentication database, usually smbpasswd but could also be TDB or LDAP. Just so you know in case you don’t trust your users with Linux logins.

Squid authentication is done with an external program. If you look at the comments in /etc/squid/squid.conf around OPTIONS FOR AUTHENTICATION, one of the simplest methods is to use Apache htpasswd files. Just the format, you don’t actually have to run Apache. However it is possible to authenticate against a SMB server, only I’m not sure if you have to set it up as a DC. You’d have to read the documentation at the squid site and also the helper programs installed by squid, such as /usr/sbin/smb_auth.pl and /usr/sbin/smb_auth.sh

Yes, I have set them samba passwords and disabled unix login. :slight_smile:

Squid authentication is done with an external program. If you look at the comments in /etc/squid/squid.conf around OPTIONS FOR AUTHENTICATION, one of the simplest methods is to use Apache htpasswd files. Just the format, you don’t actually have to run Apache.

I think I read about it but can’t figure out exactly how to do it :shame:

However it is possible to authenticate against a SMB server, only I’m not sure if you have to set it up as a DC.

Well, that’s why I’m confused here :\ PDC is somehow a good thing, but it brings many strange features/problems (like roaming profiles) that I don’t really need :expressionless:

…And I have another openSUSE-specific question:

Is this even possible to setup squid authentication via YAST?

I don’t think so yet. I’ve always done it by editing squid.conf.

Good… I mean bad, but I just wanted to make sure.

Seems like what I need is called “nsca_auth”, and I even found a neat Squid Account Management System - SAMS… :slight_smile: