157 lines
6.4 KiB
HTML
157 lines
6.4 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
||
<HTML>
|
||
<HEAD>
|
||
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
|
||
<TITLE>Samba Authenticated Gateway HOWTO: Introduction</TITLE>
|
||
<LINK HREF="Samba-Authenticated-Gateway-HOWTO-2.html" REL=next>
|
||
|
||
<LINK HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1" REL=contents>
|
||
</HEAD>
|
||
<BODY>
|
||
<A HREF="Samba-Authenticated-Gateway-HOWTO-2.html">Next</A>
|
||
Previous
|
||
<A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1">Contents</A>
|
||
<HR>
|
||
<H2><A NAME="s1">1.</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1">Introduction</A></H2>
|
||
|
||
<P>As you can see by the poorness of my language, English is not
|
||
my native language. I am writing this document in English for the
|
||
sake of the Linux community. So, please, excuse me for my poor English.
|
||
And, please, if you speak Portuguese, address me in this language.</P>
|
||
|
||
<P>This document intends to enlighten you (and myself) in the process
|
||
of building a Linux Gateway or Firewall, which modify rules on demand
|
||
when users log in or out from their Windows workstations.</P>
|
||
|
||
<P>In this document, I will try to show how to build a gateway to
|
||
NAT or MASQUERADE Windows workstations. Use your imagination to modify
|
||
it to get any level of network management. You may use it to grant
|
||
or deny access to services, servers or entire subnetworks on your
|
||
network.</P>
|
||
|
||
<P>Imagine that you have to build a gateway to let Windows workstation
|
||
access the Internet and that you need to authenticate each user before
|
||
letting them access the external networks. The first solution you
|
||
think about is Squid. It's indeed a great solution, when http and
|
||
ftp access is enough for your users. When it comes to let them access
|
||
other services like pop, smtp, ssh, a database server or whatever
|
||
else, you immediately think about NAT or MASQUERADE. But what happens
|
||
to the user authentication?</P>
|
||
|
||
<P>Well, this is my solution. It gives you user authentication and
|
||
fine grain control over their access to the external networks.</P>
|
||
|
||
<H2><A NAME="ss1.1">1.1</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.1">Overview</A>
|
||
</H2>
|
||
|
||
<P>We know that SAMBA can act as a Domain Controller and so it can
|
||
authenticate users on Windows boxes. As a PDC, SAMBA can push netlogon
|
||
scripts to the Windows workstations. We can use this netlogon scripts
|
||
to force the Windows workstations mounting a given share from our
|
||
Linux PDC. This "forced" share shall have preexec and postexec scripts
|
||
which shall be triggered when the user logs in or out. There is a
|
||
program named smbstatus which lists the shares being used, giving
|
||
us also the username and ip address of the workstation. We just need
|
||
to grep this information from smbstatus output and update our firewall
|
||
rules.</P>
|
||
|
||
<H2><A NAME="ss1.2">1.2</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.2">Candy</A>
|
||
</H2>
|
||
|
||
<P>If you are impatient and don't like to read, go to
|
||
<A HREF="http://sourceforge.net/projects/smbgate/">http://sourceforge.net/projects/smbgate/</A>, but in the
|
||
end you may find yourself coming back here to read.</P>
|
||
|
||
<H2><A NAME="ss1.3">1.3</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.3">Disclaimer</A>
|
||
</H2>
|
||
|
||
<P>No liability for the contents of this document can be accepted.
|
||
Use the concepts, examples and other content at your own risk. As
|
||
this is a new edition of this document, there may be errors and inaccuracies,
|
||
that may of course be damaging to your system. Proceed with caution,
|
||
and although this is highly unlikely, the author(s) do not take any
|
||
responsibility for that. </P>
|
||
|
||
<P>All copyrights are held by their respective owners, unless specifically
|
||
noted otherwise. Use of a term in this document should not be regarded
|
||
as affecting the validity of any trademark or service mark. </P>
|
||
|
||
<P>Naming of particular products or brands should not be seen as
|
||
endorsements. </P>
|
||
|
||
<H2><A NAME="ss1.4">1.4</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.4">New versions</A>
|
||
</H2>
|
||
|
||
<P>The newest release of this document can be found at
|
||
<A HREF="http://ram.eti.br">http://ram.eti.br</A> or at
|
||
<A HREF="http://www.tldp.org">http://www.tldp.org</A></P>
|
||
|
||
<P>Related HOWTOs can be found at the Linux Documentation Project
|
||
homepage at
|
||
<A HREF="http://tldp.org">http://tldp.org</A>. </P>
|
||
|
||
<H2><A NAME="ss1.5">1.5</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.5">Translations</A>
|
||
</H2>
|
||
|
||
<P>A Portuguese version is available.</P>
|
||
|
||
<P>A French translation by Guillaume Lelarge is available at
|
||
<A HREF="http://www.traduc.org/docs/HOWTO/lecture/Samba-Authenticated-Gateway-HOWTO.html">http://www.traduc.org</A></P>
|
||
|
||
<P>A Hungarian translation is available at
|
||
<A HREF="http://tldp.fsf.hu/HOWTO/Samba-Authenticated-Gateway-HOWTO-hu/Samba-Authenticated-Gateway-HOWTO-hu.html">http://tldp.fsf.hu</A></P>
|
||
|
||
<P>If you want to contribute with a translation, please do.</P>
|
||
|
||
<H2><A NAME="ss1.6">1.6</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.6">Feedback</A>
|
||
</H2>
|
||
|
||
<P>Contributions and criticism are both welcome.</P>
|
||
|
||
<P>Corrections to my English are also very welcome!</P>
|
||
|
||
<P>If you find any bugs in the scripts included, please tell me.</P>
|
||
|
||
<P>You can find me at ricardo@ram.eti.br or at ricardo.mattar@bol.com.br</P>
|
||
|
||
<H2><A NAME="ss1.7">1.7</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.7">Copyright and trademarks</A>
|
||
</H2>
|
||
|
||
<P>Copyright (c) 2002-2003 Ricardo Alexandre Mattar</P>
|
||
|
||
<P>Permission is granted to copy, distribute and/or modify this
|
||
document under the terms of the GNU Free Documentation License, Version
|
||
1.2 or any later version published by the Free Software Foundation;
|
||
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
|
||
Texts. A copy of the license is included in the section entitled
|
||
"GNU Free Documentation License".</P>
|
||
|
||
<H2><A NAME="ss1.8">1.8</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.8">Acknowledgments and Thanks</A>
|
||
</H2>
|
||
|
||
<P>Thanks to Carlos Alberto Reis Ribeiro for introducing me to Linux.</P>
|
||
|
||
<P>Thanks to Cesar Bremer Pinheiro for motivating me to write this
|
||
document.</P>
|
||
|
||
<P>Thanks to Guillaume Lelarge for the (continuous) help with the
|
||
revision.</P>
|
||
|
||
<P>Thanks to Erik Esplund for further language corrections.</P>
|
||
|
||
<P>Thanks to Albert Teixid<69> for code improvements.</P>
|
||
|
||
<P>Thanks to Felipe Cordeiro Caetano for helping on my main testing
|
||
site.</P>
|
||
|
||
<P>Thanks to the secure communications company
|
||
<A HREF="http://www.raseac.com.br">RASEAC</A> for sponsoring my
|
||
work.</P>
|
||
|
||
<HR>
|
||
<A HREF="Samba-Authenticated-Gateway-HOWTO-2.html">Next</A>
|
||
Previous
|
||
<A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1">Contents</A>
|
||
</BODY>
|
||
</HTML>
|