Next
Previous
Contents
Adding a Linux user by usual means and setting a samba password
using smbpasswd will work. If you have any doubt, just refer to the
SAMBA documentation. This is not a difficult issue.
I am issuing this a major topic because I couldn't learn yet
how to manage users and users' passwords from a Windows workstation
without using a web interface. I couldn't find and didn't know how
to build integrated tools to solve this problem. So, I am using a
CGI program to get it done.
Try the package at
http://changepassword.sourceforge.net, it seems to be a good choice.
As you could see in a previous section of this howto, the SAMBA
daemon will call a netlogon.sh script every time the tracking share
is mounted. This netlogon.sh script will call a script with the user's
name giving this script the ip address of the refered workstation
as a parameter. This user script will apply the desired rules.
For example if you want to give the user full access to internet:
#!/bin/sh
#
COMMAND=$1
ADDRESS=$2
EXTIF=$3
IPTABLES='/usr/sbin/iptables'
$IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
If you don't want to change anything to a particular user, just
give him an empty script:
#/bin/sh
#
exit 0
Or just don't create any script for the less privileged users,
letting them have the default.sh script, which would be empty as
the previous or just give limited access as follows:
#!/bin/sh
#
COMMAND=$1
ADDRESS=$2
EXTIF=$3
EXTIFADDRESS=$4
IPTABLES='/usr/sbin/iptables'
$IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF --dport 25 -j SNAT --to-source $EXTIFADDRESS
$IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF --dport 110 -j SNAT --to-source $EXTIFADDRESS
Remember that this script requires you to modify all the previous
scripts to include the extra parameter ou just modify the script
script. And remember that you will go nowhere whis this howto if
you don't understand iptables.
Next
Previous
Contents
| 
Free eBook: 
