Topic: User authentication

[Lloyd Keen]

I must have broken something with my user authentication. Before if I didn't specify a proxy I would not get net access and if I specified a proxy I was asked to be authenticated. It was working great. But something happened and now If I bypass the proxy it lets me straight in??? Do I have to do /sbin/e-smith/db configuration squid Transparent yes or similar? Or maybe restart masq with service masq restart? anyone else come accross this problem.

[Filippo Carletti]

squid transparent and authentication are mutually exclusive.
If you need to use auth, you should disable transparent and put the proxy config in every browser (or use something like proxy.pac or wpad protocol).

[Lloyd Keen]

Thanks Filippo, I realise that you can't authenticate against a trans proxy but how do you stop users bypassing the proxy_auth?

[Filippo Carletti]

WIth a chain to redirect traffic to port 80 to another port.
I chose port 81 and setup an httpd on port 81 which serves a page with instructions for auth and browser setup.

[John Lewis]

Filippo or anyone else,

Could you write a howto which details all the steps to
1) enable user-authentication to get net access
2) detail how to deny certain users or groups net access, or even better, deny certain users or groups specific protocols, or allow only certain protocols (like http and ftp, but no others)
3) enable sarg to tract statistics by user, no ip
4) turn off all net access for certain time periods

what would be awesome would be a panel which lets you do the above

i'm no developer, so can assist by testing and helping with the howto language.

This would be really usefull for families, schools, etc.

Thanks

[Filippo Carletti]

I could offer answers to questions, but not a complete howto (I'd like to, but it need time).
I agree that a panel would be ideal, but it will be even more time consuming.
I would not deny my help to a volunteer, though.