Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: williel on November 24, 2006, 10:48:00 AM

Title: restrict user internet access
Post by: williel on November 24, 2006, 10:48:00 AM

Hi

I have changed the default settings to ask for username and password when a user whant to access the internet, but some of the users I would like to set that it cannot access the internet.

I use it as a mail server as well, so I cannot delete or disable the user.

Can someone please assist.

Thanks

Title: restrict user internet access
Post by: cjensen on November 25, 2006, 07:08:19 AM

Quote

I have changed the default settings to ask for username and password when a user whant to access the internet

So you added user internet access restrictions???  And you now want to allow some that were restricted?

What did you use to restrict them?

Not enough information to help you...

Craig

Title: restrict user internet access
Post by: williel on November 25, 2006, 07:17:20 AM

Hi

I have added a scrpit to ask for authentication, to access the internet, but some of that users I would like to restrict access even when entering the password

Title: restrict user internet access
Post by: cjensen on November 25, 2006, 07:31:26 AM

Dansguardian will do what you want.

Craig

Title: restrict user internet access
Post by: williel on November 30, 2006, 09:24:28 AM

where can I find it, because on dansguardian.org I found rpm's but non of them are for SME 7?

I have tried downloading the one for redhat 9 but it need a zlib-devel and compat-libstdc++ packages.

Please remember I am a newbie.

Thanks

Title: restrict user internet access
Post by: cactus on November 30, 2006, 09:30:27 AM

Quote from: "williel"

where can I find it, because on dansguardian.org I found rpm's but non of them are for SME 7?

I have tried downloading the one for redhat 9 but it need a zlib-devel and compat-libstdc++ packages.

Please remember I am a newbie.

Thanks

Check the dungog repository: www.dungog.net.

Title: restrict user internet access
Post by: chris burnat on November 30, 2006, 09:40:29 AM

Or, consider purchasing the commercial version released by Dungog, I know I should not make free advertizing here, but Dans can be a bit daunting (as I found out...(':cry:'), the interface provided by Dungog in their package is well worth the investment. Plug and play, almost...

Title: restrict user internet access
Post by: Tib on November 30, 2006, 10:43:30 PM

williel

Try this contrib out ... you can block users by ip address as well as dump the cache and bypass cache for particular domains.

http://www.cooltemp.com.au/smefiles/smeserver-squidproperties-1.0.0-01.noarch.rpm

With this contrib you have to nominate the IP you want to block ... there is another contrib out there that blocks all IP's and you have to nominate the IP you want to allow.

http://www.vanhees.cc/modules.php?op=modload&name=CmodsDownload&file=index&req=viewdownloaddetails&lid=307&ttitle=smeserver-squid_restrict_ip-1.0-1.noarch.rpm

Regards,

Tib

Title: restrict user internet access
Post by: williel on January 05, 2007, 12:06:28 PM

Hi

Is there a way to rather block the user than the PC's IP, as the each user do not have their own PC?

thanks

Title: restrict user internet access
Post by: bcliburn on January 07, 2007, 01:08:13 AM

I know that you could do that on an earlier version of Dan's Guardian, configure user access by username and or IP.  Each computer would need an Ident server.  I am sure it's possible with the latest version of Dan's Guardian that I have (2.9.8.0) but I haven't figured out how yet.
The Ident Server I use is called 'DGTIdent'

I got that version of DG for SME7.0 by adding the dungog repository and installing it via the SME GUI installer and it has worked perfectly (Except for the user ident part)

Title: restrict user internet access
Post by: cjensen on January 07, 2007, 04:36:00 AM

Install DG, then use this how-to:
http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=40&meid=

Use the "pam" option.  Then your SME users authenticate with their personal login so you can restrict individual users.

Craig

Title: restrict user internet access
Post by: danfulton on March 12, 2007, 01:22:46 PM

Quote from: "bcliburn"

The Ident Server I use is called 'DGTIdent'

So you know where I can find DGTIdent. I can not find it on google.

Cheers

Dan

Title: restrict user internet access
Post by: raem on June 14, 2007, 05:47:15 AM

danfulton

> ...where I can find DGTIdent

search for DGID.zip

http://dansguardian.org/downloads/michaelpike/DGID.zip


see this thread
http://forums.contribs.org/index.php?topic=24886.0

Title: restrict user internet access
Post by: stephen noble on June 14, 2007, 01:06:59 PM

>install DG, then use this how-to:
>http://www.vanhees.cc/index.php?module=ContentExpress&func=display&ceid=40&meid=

Auth is included in smeserver-dansguardian

if you want it in the base raise a NFR and convince a dev.

[root@kiwi RPMS]# rpm -ql smeserver-dansguardian
/etc/e-smith/templates/etc/squid/squid.conf/15AuthProgramNCSA
/etc/e-smith/templates/etc/squid/squid.conf/15AuthProgramPamAuth
/etc/e-smith/templates/etc/squid/squid.conf/20ACL05ProxyAuth
/etc/e-smith/templates/etc/squid/squid.conf/20ACL06IdentAuth
/etc/e-smith/templates/etc/squid/squid.conf/39http_access00pwdprotect
/etc/e-smith/templates/etc/squid/squid.conf/39http_access01ident

config setprop squid RequireAuth foo
where foo ident/nsca/pam

expand and restart
use the proxy panel

Title: Re: restrict user internet access
Post by: raem on July 11, 2007, 05:39:41 PM

williel & others

See the new Howto.
The current rpms support various types of auth login configured with db commands. Use Filter Groups to control access rights for different sets of users.

http://wiki.contribs.org/Dansguardian