[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] password protecting browser use?



Yes, this sounds like it's worth trying. If you'd be willing to tar up the docs,
files we'd be grateful. 

Thanks also to Peter, whose idea also sounds worthy of trying:

I use a workaround that involves a LinuX/Samba as PDC.
It is a bit ugly, but it works (at school).


I have a LinuX that serves both as a PDC and as DNS.
The DNS is blocked from the subnet in the server, and gets opened for
specific IP-address when logging in.

In the home share I have a
root preexec and a root postexec that opens and closes the DNS port

When not logged in this gives that the DNS port is blocked for that
IP-address, but when user logges in port opens and user can make use of
InterNet.
Ofcourse I could in the same manner block all external traffic, but I didn't
want to load my server with that and found DNS access to be a satisfactory
comprimize.

Now samba does not run root postexec if user is not correctly logged off so
I put a cleanup code in cron.15 that checks with smbstatus what computers
are logged in and closes other ports.

Works great on Win95, Win98 in school environment.



Peter Andersson 

==
Quoting Joseph Morelock <morelocj canby k12 or us>:

> Steve,
> 
> I, for one, would love to look at the scripts (and docs, files, etc) 
> you wrote to make this work. Every once in a while, we get a parent who 
> doesn't want their child on the Internet, and it would be great to be 
> able to manage this a little more easily.
> 
> 
> Joe
> 
> ____
> Joseph Morelock, Library & Information Services
> Canby High School
> morelocj canby k12 or us
> 
> On Wednesday, November 27, 2002, at 02:13 AM, Steve Wright wrote:
> 
> > David Bucknell wrote:
> >
> >> Does someone know how to make it necessary for windows workstation 
> >> users to
> >> authenticate in order to use their Web browsers? The gateway is Linux 
> >> of course.
> >>
> >
> > The beauty of Linux is, there will be a dozen ways to do this.
> >
> > I use Squidguard + ncsa-auth + a couple of glue scripts to make it 
> > work.
> >
> > In operation, I looks like this ;
> >
> > A user of any machine on my network wants to get onto the internet.  I 
> > create them an account on the gateway, and add them to the 'access' 
> > group.
> >
> > Every so-often, a script runs and grabs all the members of group 
> > 'access' and puts their Linux passwords in the squid auth file.
> >
> > When a user wants to get to the internet, they direct their browser 
> > towards the internet and squid asks for their credentials..
> >
> > I can disable any persons' access to the net, regardless of browser or 
> > operating system, simply by dropping them from the 'access' group.
> >
> > You will also be able to create other groups, or 'classes' of users 
> > who have different sets of restrictions, ie, time of day, day of week 
> > etc...
> >
> > If you would like to use it, I will get all the scripts, files, and 
> > docs together for you.
> >
> >
> > HTH,
> > Steve
TIA,

David
Rose Marie Academy, Thailand
http://rose-marie.ac.th/webportal/
-- 
http://www.iteachnet.org
http://members.iteachnet.org/webzine *
http://opensourceschools.org *
http://schoolforge.net *
http://www.over-seas.com *
http://www.rose-marie.ac.th *


------------------------------------------------
http://members.iteachnet.org/
http://www.opensourceschools.org/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]