Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Lance on June 11, 2003, 02:41:10 AM
-
I need SME server to authenticate users to the internet. I downloaded and installed the Proxy_auth rpm from here
http://www.pagefault.org/code/e-smith.shtml#proxyauth
and it works beautifully but not for my f'ed up situation unfortunately. the place I'm installing SME server for needs users authenticated to use the internet so that only managers have that priveledge. If I don't give everyone an account they won't have access to network resources (printers ibays etc) If I give them a SME account so they can get to shares and printers they then have access to the internet with that username and password which in some cases is not desirable. I need to configure the squid template files to just allow access to 1 username:password for internet access and I can give the managers that username:password, and they will use SME account login for SME network resources.
can anyone help me do this step by step . . . . please :-)
thanks
lance
-
Lance,
I am sorry I cannot comment on the squid-auth contrib you have used, but I use the squid-auth from vincent's site: http://www.e-smith.dyndns.org/ and it works great I setup whether each user has or has not got access to http/ftp.
I also have the managers here set on static IP's and have an additional addon to Vincent's contrib that allows you to set IP's that have access without needing passwords, works very well and can be found in my contrib section: http://mirror.contribs.org/smeserver/contribs/cbharda/
Works great for me.
Cyrus Bharda
-
do I do anything other than rpm -ihv the package? where do I define the internet usernames and passwords.
thanks a bunch
Lance
-
Lance,
Once you install the rpm, it adds a nice panel called "Proxy Users" under Collaboration and it is pretty much well self explanitory :-)
Cyrus Bharda
-
If you ever need a quick and dirty fix then setup a w/s with a static IP and leave the Gateway address blank.
Alternatively, (under Win9x using DHCP) you can execute a route delete command in a login script to remove the gateway address (works unde NT, 2k, XP if the user is a local admin).
This only works for a basic user tho you can use policies to stop people changing it or use regedt32 (in NT, 2k, XP only) to make the registry read only so it can't be set.
These tips are at ya own risk :-)
-
Cyrus
e-smith-squid-0.3-2.i386.rpm . . . . this is the correct file right? I'm getting ready to check it out, but just want to make sure that this is the rpm I need to install. the www.e-smith.dydns.org site is down so I pulled it from your contribs.
I'm reinstalling 5.5 and will try the rpm if it's the correct one
-
Lance,
Yes that is the rpm I use, Vincent's site is up and down during certain times, but that rpm is for 5.5 _ONLY_ and will probably not work with 5.6!
If you need the package for 5.6 then wait for Vincent's site to come back online and get it from there, his site is also mirrored somewhere, but I do not have the address handy and I just tried his site and it is down at the moment.
But if you are using 5.5 then that rpm is the one you want, also you might want to download the tarball that is in the same directory as it adds the ability to add IP's that get access without the need for authentication, username/password.
Enjoy!
Cyrus Bharda
-
It did EXACTLY what I wanted . . . . beautiful. I was hung up for a while until I set the client machines manually with the proxy information. once I did that it was perfect. thanks again.
-
Lance,
That's good to hear, dont thank me though Vincent made the rpm!
Cyrus Bharda
-
hi, i have a copy of sme-squid-1.0-2.i386.rpm from http://linux06.chez.tiscali.fr/ i believed this is the mirror site of http://www.e-smith.dyndns.org/ .
when i installed it it doesnt have the IP entry for the no authentication, while the e-smith-squid-0.3-2.i386.rpm does but inteneded for 5.5 only. it does run on 5.6 but there is error on ipchain which does not exist anymore. i hope sme-squid-1.0-2.i386.rpm will be updated to have the no authentication for a certain ip.
nef
-
Nef,
Ummm the stock rpm's that Vincent has kindly made do not have the feature to allow IP's without passwords, (unless he has updated them recently?) you need to add the tarball add on found in my contribs as stated above.
Why dont you download that and try it on the 5.6, all it is, is a couple of templates, if it all gets mucked up, just delete the templates and expand them and hey presto.
Of course this would be only done on a test machine to check to see if it has worked, I do not advise testing on a production box.
Actually I do believe that it should work on 5.6, but I have never tried it and have not heard from anyone who has tried it on 5.6, it _should_ work, but then again I am not the one who made it so I cannt comment on what it actually does.
Cyrus Bharda
-
Cyrus,
i did install the rpm and the tarball in your contibs and it work except that, i got some message when i save:
Jun 13 09:50:12 e-smith e-smith[19032]: Shutting down IP masquerade and firewall rules:^I^IDone!
Jun 13 09:50:12 e-smith e-smith[19032]:
Jun 13 09:50:13 e-smith e-smith[19032]: Enabling IP masquerading: /etc/rc.d/init.d/masq: /sbin/ipchains: No such file or directory
Jun 13 09:50:13 e-smith e-smith[19032]: /etc/rc.d/init.d/masq: /sbin/ipchains: No such file or directory
Jun 13 09:50:13 e-smith last message repeated 8 times
Jun 13 09:50:13 e-smith e-smith[19032]: iptables: No chain/target/match by that name
Jun 13 09:50:13 e-smith e-smith[19032]: iptables: No chain/target/match by that name
Jun 13 09:50:13 e-smith e-smith[19032]: done
although it works but i dont know the extend of the above error, any idea? by the way i installed it on my production unit, i dont have test unit.
thanks
nef
-
Nef,
nef kho wrote:
>
> Cyrus,
>
> i did install the rpm and the tarball in your contibs and it
> work except that, i got some message when i save:
If you are using 5.6 then the rpm in my contrib will not work, you need the 5.6 rpm which is not in my contribs, but can be found here:
http://linux06.chez.tiscali.fr/filessme/rpms/sme-squid-1.0-2.i386.rpm
It is because 5.5 is based on ipchains and 5.6 is based on iptables, the rpm in my contribs should not fully work with 5.6, so uninstall the rpm from my contribs and install sme-squid-1.0-2.i386.rpm and then try expanding the templates in the tarball after installing that, then see if it works.
> although it works but i dont know the extend of the above
> error, any idea?
Well I'm guessing you'll find that it does not work 100%, you really need to install sme-squid-1.0-2.i386.rpm as that is the right rpm for 5.6.
> by the way i installed it on my production
> unit, i dont have test unit.
You must be feeling lucky or brave to do that, especially on Friday the 13th, ooOOooOOoo :-) All jokes aside though, you really should not be messing around with your production server unless you have a backup ready to restore from and you dont mind spending a couple of hours reinstalling SME if you break something!
Cyrus Bharda