LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Samba-Authenticated-Gateway...

157 lines
6.4 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
<TITLE>Samba Authenticated Gateway HOWTO: Introduction</TITLE>
<LINK HREF="Samba-Authenticated-Gateway-HOWTO-2.html" REL=next>
<LINK HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1" REL=contents>
</HEAD>
<BODY>
<A HREF="Samba-Authenticated-Gateway-HOWTO-2.html">Next</A>
Previous
<A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1">Contents</A>
<HR>
<H2><A NAME="s1">1.</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1">Introduction</A></H2>
<P>As you can see by the poorness of my language, English is not
my native language. I am writing this document in English for the
sake of the Linux community. So, please, excuse me for my poor English.
And, please, if you speak Portuguese, address me in this language.</P>
<P>This document intends to enlighten you (and myself) in the process
of building a Linux Gateway or Firewall, which modify rules on demand
when users log in or out from their Windows workstations.</P>
<P>In this document, I will try to show how to build a gateway to
NAT or MASQUERADE Windows workstations. Use your imagination to modify
it to get any level of network management. You may use it to grant
or deny access to services, servers or entire subnetworks on your
network.</P>
<P>Imagine that you have to build a gateway to let Windows workstation
access the Internet and that you need to authenticate each user before
letting them access the external networks. The first solution you
think about is Squid. It's indeed a great solution, when http and
ftp access is enough for your users. When it comes to let them access
other services like pop, smtp, ssh, a database server or whatever
else, you immediately think about NAT or MASQUERADE. But what happens
to the user authentication?</P>
<P>Well, this is my solution. It gives you user authentication and
fine grain control over their access to the external networks.</P>
<H2><A NAME="ss1.1">1.1</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.1">Overview</A>
</H2>
<P>We know that SAMBA can act as a Domain Controller and so it can
authenticate users on Windows boxes. As a PDC, SAMBA can push netlogon
scripts to the Windows workstations. We can use this netlogon scripts
to force the Windows workstations mounting a given share from our
Linux PDC. This "forced" share shall have preexec and postexec scripts
which shall be triggered when the user logs in or out. There is a
program named smbstatus which lists the shares being used, giving
us also the username and ip address of the workstation. We just need
to grep this information from smbstatus output and update our firewall
rules.</P>
<H2><A NAME="ss1.2">1.2</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.2">Candy</A>
</H2>
<P>If you are impatient and don't like to read, go to
<A HREF="http://sourceforge.net/projects/smbgate/">http://sourceforge.net/projects/smbgate/</A>, but in the
end you may find yourself coming back here to read.</P>
<H2><A NAME="ss1.3">1.3</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.3">Disclaimer</A>
</H2>
<P>No liability for the contents of this document can be accepted.
Use the concepts, examples and other content at your own risk. As
this is a new edition of this document, there may be errors and inaccuracies,
that may of course be damaging to your system. Proceed with caution,
and although this is highly unlikely, the author(s) do not take any
responsibility for that. </P>
<P>All copyrights are held by their respective owners, unless specifically
noted otherwise. Use of a term in this document should not be regarded
as affecting the validity of any trademark or service mark. </P>
<P>Naming of particular products or brands should not be seen as
endorsements. </P>
<H2><A NAME="ss1.4">1.4</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.4">New versions</A>
</H2>
<P>The newest release of this document can be found at
<A HREF="http://ram.eti.br">http://ram.eti.br</A> or at
<A HREF="http://www.tldp.org">http://www.tldp.org</A></P>
<P>Related HOWTOs can be found at the Linux Documentation Project
homepage at
<A HREF="http://tldp.org">http://tldp.org</A>. </P>
<H2><A NAME="ss1.5">1.5</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.5">Translations</A>
</H2>
<P>A Portuguese version is available.</P>
<P>A French translation by Guillaume Lelarge is available at
<A HREF="http://www.traduc.org/docs/HOWTO/lecture/Samba-Authenticated-Gateway-HOWTO.html">http://www.traduc.org</A></P>
<P>A Hungarian translation is available at
<A HREF="http://tldp.fsf.hu/HOWTO/Samba-Authenticated-Gateway-HOWTO-hu/Samba-Authenticated-Gateway-HOWTO-hu.html">http://tldp.fsf.hu</A></P>
<P>If you want to contribute with a translation, please do.</P>
<H2><A NAME="ss1.6">1.6</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.6">Feedback</A>
</H2>
<P>Contributions and criticism are both welcome.</P>
<P>Corrections to my English are also very welcome!</P>
<P>If you find any bugs in the scripts included, please tell me.</P>
<P>You can find me at ricardo@ram.eti.br or at ricardo.mattar@bol.com.br</P>
<H2><A NAME="ss1.7">1.7</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.7">Copyright and trademarks</A>
</H2>
<P>Copyright (c) 2002-2003 Ricardo Alexandre Mattar</P>
<P>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled
&quot;GNU Free Documentation License&quot;.</P>
<H2><A NAME="ss1.8">1.8</A> <A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1.8">Acknowledgments and Thanks</A>
</H2>
<P>Thanks to Carlos Alberto Reis Ribeiro for introducing me to Linux.</P>
<P>Thanks to Cesar Bremer Pinheiro for motivating me to write this
document.</P>
<P>Thanks to Guillaume Lelarge for the (continuous) help with the
revision.</P>
<P>Thanks to Erik Esplund for further language corrections.</P>
<P>Thanks to Albert Teixid<69> for code improvements.</P>
<P>Thanks to Felipe Cordeiro Caetano for helping on my main testing
site.</P>
<P>Thanks to the secure communications company
<A HREF="http://www.raseac.com.br">RASEAC</A> for sponsoring my
work.</P>
<HR>
<A HREF="Samba-Authenticated-Gateway-HOWTO-2.html">Next</A>
Previous
<A HREF="Samba-Authenticated-Gateway-HOWTO.html#toc1">Contents</A>
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink