SMB auth and Iptables...

SMB auth and Iptables...

[Gustavo Castro Puig]

[-- Attachment #1: Type: text/plain, Size: 674 bytes --]

Hi, guys:

    One customer asked me about the possibility of install in an iptables based firewall some sort of solution (perhaps a proxy) it could add/delete rules based on users login into a SMB(Samba/NT) server. He want to grant or deny access to Internet (TCP/IP) based on authenticated users, not the IP or MAC. It's not a bad idea, but I don't know if it even exists... I've googled and found nothing about this kind of solution. Anyway, I told him I could check it out, and... here I am. :-)
    Do you have any idea about a solution like this using iptables and "something" else? 
    Any info will be highly appreciated.
    Thanks!

Cheers,
    Gustavo.

[-- Attachment #2: Type: text/html, Size: 1492 bytes --]

Re: SMB auth and Iptables...

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 1025 bytes --]


You could use NuFW : http://www.nufw.org to build an authenticating
firewall. There's no direct interaction with samba but if users are
stored in ldap it should be possible to have products work together.

On Thu, 2004-07-29 at 22:51, Gustavo Castro Puig wrote:
> Hi, guys:
>  
>     One customer asked me about the possibility of install in an
> iptables based firewall some sort of solution (perhaps a proxy) it
> could add/delete rules based on users login into a SMB(Samba/NT)
> server. He want to grant or deny access to Internet (TCP/IP) based
> on authenticated users, not the IP or MAC. It's not a bad idea, but I
> don't know if it even exists... I've googled and found nothing about
> this kind of solution. Anyway, I told him I could check it out, and...
> here I am. :-)
>     Do you have any idea about a solution like this using iptables and
> "something" else? 
>     Any info will be highly appreciated.
>     Thanks!
>  
> Cheers,
>     Gustavo.
-- 
Eric Leblond <eric@inl.fr>
INL

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

RE: SMB auth and Iptables...

[Steve Wakelin]

[-- Attachment #1: Type: text/plain, Size: 1026 bytes --]

Squid with NTLM authentication will provide this functionality

 

-----Original Message-----
From: netfilter-admin@lists.netfilter.org
[mailto:netfilter-admin@lists.netfilter.org] On Behalf Of Gustavo Castro
Puig
Sent: 29 July 2004 21:51
To: netfilter@lists.netfilter.org
Subject: SMB auth and Iptables...

 

Hi, guys:

 

    One customer asked me about the possibility of install in an
iptables based firewall some sort of solution (perhaps a proxy) it could
add/delete rules based on users login into a SMB(Samba/NT) server. He
want to grant or deny access to Internet (TCP/IP) based on authenticated
users, not the IP or MAC. It's not a bad idea, but I don't know if it
even exists... I've googled and found nothing about this kind of
solution. Anyway, I told him I could check it out, and... here I am. :-)

    Do you have any idea about a solution like this using iptables and
"something" else? 

    Any info will be highly appreciated.

    Thanks!

 

Cheers,

    Gustavo.


[-- Attachment #2: Type: text/html, Size: 4339 bytes --]