Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: thefishguy on November 17, 2004, 04:32:12 PM
-
Hi,
I have setup a pc with sme server for my proxy server.but I would like to block some web sites that I don't want every one to vist.how do I do that? also,is i t possible to control the client access by say username and password? currently,any pc in my network can access the web,is it possible to control this?
-
block wesites:
squidProperties
control client access:
not possible by username, but by IP-adress
-
Damien Curtain has a package that forces users to login with their SME username and password before they can access the proxy.
http://www.pagefault.org/
Have a look in his download area.
Hint "download/rpms/RPMS/noarch/" and it is called "e-smith-proxy-auth-0.0.1-01dc.noarch.rpm"
This combined with sarge gives you reports for all users proxy activity. If you are into that sort of thing...
-
look here:
http://forums.contribs.org/index.php?topic=25168.msg106437#msg106437
-
Check out Dan's Guardian
Dungog.net has a install script
Works very well.
Rick
-
If you use dan's guardian and enable ident this is a good ident program for all windows clients and it works well
http://dansguardian.org/downloads/michaelpike/DGID.zip
-
bcliburn
> If you use dan's guardian and enable ident
Can you please advise how to go about doing this, thanks
-
All I did was install the ident client on all of the desktops my family uses (WindowsXP)
logon to the SME machine (using Putty or on the actual machine)
cd to /etc/dansguardian
pico dansguardian.conf
scroll down to this code...
# Username identification methods (used in logging)
# You can have as many methods as you want and not just one. The first one
# will be used then if no username is found, the next will be used.
# * proxyauth is for when basic proxy authentication is used (no good for
# transparent proxying).
# * ntlm is for when the proxy supports the MS NTLM authentication
# protocol. (Only works with IE5.5 sp1 and later). **NOT IMPLEMENTED**
# * ident is for when the others don't work. It will contact the computer
# that the connection came from and try to connect to an identd server
# and query it for the user owner of the connection.
usernameidmethodproxyauth = off
usernameidmethodntlm = off # **NOT IMPLEMENTED**
usernameidmethodident = on
change the lines to look like this ( try to only use one method of userid, more than one tends to slow down authentication in my experience)
pico exceptionuserlist and add the names of people that do not need to be blocked like Administrators
Done!
(I hope this is ok I still consider myself somewhat of a Newbie when it comes to Linux)
Oh yeah sometimes you have to open a hole in the firewall to your local network for the SME box to be able to contact the Desktop's Ident server
-
All I did was install the ident client on all of the desktops my family uses (WindowsXP)
logon to the SME machine (using Putty or on the actual machine)
cd to /etc/dansguardian
pico dansguardian.conf
scroll down to this code...
I'm not sure but aren't Dansguardian configuration files not templated for SME Server like any good contrib?