Koozali.org: home of the SME Server

Internet access

Offline ronald1969

  • **
  • 34
  • +0/-0
    • http://www.kramsvogel.nl
Internet access
« on: February 16, 2005, 11:08:27 AM »
I got SME up and running, thanks to RequestedDeletion.

Now I want to control internet access for the users, but not by IP but by Username/Password.

Can anybody tell me what I need to do/install and how.

Thanks,

Ronald
...

Offline Tib

  • *
  • 571
  • +0/-0
    • http://www.tibors.net
Internet access
« Reply #1 on: February 16, 2005, 12:16:37 PM »
Hello ronald1969,

Do a search on Danguardian ... it'll be the closest thing to what your ar looking for.
Dungog have a dansguardian setup for SME ... but it will cost a very small price to get it and all the other contribs they have.

http://www.dungog.net/sme/index.php

I purchased the yearly license for work ... I think it's worth it ... unless you want to play with the guts of files and templates etc. I may even get it for home use in the near future.

Regards,

Tib

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
Internet access
« Reply #2 on: February 17, 2005, 05:19:02 AM »
There is another option 'not' requiring any evicerations ;-):

sme-squid (sme-squid-1.0-2 is wat is on my SME 6+ boxes), squidguard, and sarg reports to view the archived history of accesses.

The sme-squid package provides a server-manager panel with which you can create a proxy port requiring users to authenticate before gaining outside access.

Squidguard (a common contrib), provides a decent filter of the stuff you wish your network not to access.  Also provides a server-manager panel.

Sarg reports provides a panel as well where you can view all accesses by users.

If you have trouble finding the packages and are interested let me know.

Craig Jensen

Offline jackl

  • ****
  • 136
  • +0/-0
Internet access
« Reply #3 on: February 17, 2005, 09:25:26 AM »
I agree with Craig, I use the same rpm it is relatively simple to install and yet very effective.
The only problem you may have with is that after logging on to the web using certain versions of IE6, you may get a blank page and have to hit refresh to get it to work. This is an IE6 authentication problem and you can download a fix from micrososft:
http://support.microsoft.com/default.aspx?id=kb;en-us;331906
 
This rpm also integrates well with other apps such as Dansguardian etc.

Regards,
Jack
......

Offline ronald1969

  • **
  • 34
  • +0/-0
    • http://www.kramsvogel.nl
Internet access
« Reply #4 on: February 17, 2005, 08:02:09 PM »
Craig Jensen,

Yes I can use some help finding these packages.

So please tell me

Ronald
...

Offline Tib

  • *
  • 571
  • +0/-0
    • http://www.tibors.net
Internet access
« Reply #5 on: February 18, 2005, 08:39:29 AM »
http://e-smith.dyndns.org/

google is your friend :)

Regards,

Tib

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
Internet access
« Reply #6 on: February 21, 2005, 06:09:37 AM »
http://www.acenet-tech.org/cdj/netsecure/netsecure.tar.gz

Contains four packages: Squidguard (sg3 directory), sme-squid, sarg, and sgedit.

There have been serveral requests for the same results... filtering/restricting outside access to users by username/password.

Installing the above packages accomplishes this and more, providing 'Content filtering', 'Sarg Reports', and 'Proxy Users' panels for configuration.

SquidProperties by Abe Loveless adds additional functionality to this process:
here

from Abe's readme.txt...
"This package will help you expand the functionality of your Squid Proxy server.  You will be able to flush the cache from the server-manager panel.  You will also be able to specify individual domains that should not be cached.  Once added, these domains will connect directly every time accessed."

I would install in this order:

Squidguard (actually multiple packes installed with the install.sh script)

Sarge (two rpm packages)

Sme-squid (two rpm packages)

sgedit and squidproperties- if desired.  These two are nice additions.  Sgedit allows a quick and easy way from any ssh access to your server to edit the accepted and rejected sites on your network.  Squidproperties is explained above.

Once you enable the filtering of squidguard and then enable user authentication (using the 'Proxy Users' link under Collaboration in server-manager- set to 'protected'), you can enable/disable(default) user access.  Users then configure their network systems to use the ip of this server and port (default is 3128) to access the outside world and with each access they must authenticate.

You can then go to the Sarg Reports link and view history of users access, listed with usernames... a little more security when you must be sure of who/what/when.

Many of you may already have known this, but I noted four different posts requesting nearly this same thing.

Hope it helps someone else...  ;-)

Craig Jensen

Offline ronald1969

  • **
  • 34
  • +0/-0
    • http://www.kramsvogel.nl
Internet access
« Reply #7 on: February 22, 2005, 10:45:24 PM »
I tried to install the packages mentioned starting with Squidguard.

During the installation I get next (error)messages:

-file etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy from install of e-smith-transproxy-0.3-1 conflicts with file from package e-smith-proxy-4.12.0-01

-file etc/e-smith/templates/etc/squid/squid.conf/50-transproxy from install of e-smith-transproxy-0.3-1 conflicts with file from package e-smith-proxy-4.12.0-01

-cp: cannot overwrite non-directory "/home/e-smith/files/primary" with directory "/home/e-smith/files/primary"

-ln: "/home/e-smith/squidguard/trusted" : file exists

-ln: "/home/e-smith/squidguard/untrusted" : file exists

-ln: "/var/log/squidguard.log" : file exists

Anybody who can help me with this?

Ronald
...

Offline cjensen

  • *
  • 133
  • +0/-0
    • http://acenet-tech.org
Internet access
« Reply #8 on: February 23, 2005, 12:29:51 AM »
Look here:

On fresh installs the e-smith-transproxy does not install as in the above thread mentions.  Remove it:

rpm -e e-smith-transproxy

Then re-install.

Craig

Offline ronald1969

  • **
  • 34
  • +0/-0
    • http://www.kramsvogel.nl
Internet access
« Reply #9 on: February 23, 2005, 11:26:18 PM »
Craig,

I did a complete fresh install of SME 6.

Then I installed Squidguard from the package you provided and reveived the same messages as mentioned before.

Running the command rpm -q e-smih-transproxy says package e-smih-transproxy is not installed so this can not be uninstalled.

As you can see in my question above a file being installed by squidguard conflicts with a file that is installed by SME 6. When I removed the package mentioned (rpm -e e-smith-proxy-4.12.0-01) and then installed Squidguard I get the message that e-smith-proxy was missing so e-smith-transproxy could not install.

I think the Squidguard version tou gave is not up to date enough for SME 6, but I can't find a newer version.

Any ideas/solutions?

Greetings,

Ronald
...

Offline ronald1969

  • **
  • 34
  • +0/-0
    • http://www.kramsvogel.nl
Internet access
« Reply #10 on: March 01, 2005, 10:06:07 PM »
I found a simple solution for the problems I mentioned before and like to share this with other people who like to use the packages mentioned for internet access control.

From the package SG3 I removed /rpm/e-smith-transproxy-0.3-1.noarch.rpm. This rpm-package is not needed with SME 6.0.1 and was causing the 2 (error)messages I mentioned before.

If you install the packages from SG3 by using .install.sh it will install without problems.

Now you can also install the other packages from netsecure.tar.gz

After this you will be able to control internet access by user/password

I hope this helps other people.

Ronald
...

Offline ronald1969

  • **
  • 34
  • +0/-0
    • http://www.kramsvogel.nl
Internet access
« Reply #11 on: March 01, 2005, 10:17:03 PM »
I do have 1 question/wish about this topic.

Users can access the SME server by username/password.
When you give them access to the internet squidguard asks them to fill in a username/password again.

Isn't it possible that squidguard uses the username/password they fill in when they logon to the SME server.

Ronald
...

firstbishop

Internet access
« Reply #12 on: August 14, 2006, 08:42:10 AM »
[Sorry! Just noticed now that the forum is locked. I've reposted in the 7.0 contribs forum.]

Does anyone know if the sme-squid rpm has been updated for SME 7.0 and if so, where it can be found? I installed sme-upgppp-1.0.1.rpm successfully (which was necessary under 6.5 in order to install sme-squid) and then attempted to install sme-squid-1.0.2.rpm but got the following message:

Stopping squid: [FAILED]
error: %pre(sme-squid-1.0-2.i386) scriptlet failed, exit status 1
error:   install: %pre scriptlet failed (2), skipping sme-squid-1.0-2

This is such a useful contrib - I'd be grateful for any help to get it going on 7.0

Thanks, Mike.

jarnox

internet user access on sme server 7
« Reply #13 on: August 19, 2006, 06:31:52 PM »
Hi
I want to control internet access for the users, with SME Username/Password.
Can anybody tell me what I need to do and how install on SME 7??
thanks