Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Mark Peter on July 05, 2003, 01:04:42 PM
-
Hi
My five year old son has a habit of getting out of bed early in the morning (4.30!), logging onto his PC and playing away/browsing 'til we get up.
Since we use our e-smith server to authenticate the users, a simple fix would be to restrict his access between, say, 19:00 and 07:00. Can anyone tell me if it is possible to do this?
Cheers
Mark
-
try to play around with your squid.conf and look for the acl time.
mike
-
Thanks for this but won't this just restrict ability to access internet?
I am looking for something similar to the facility in NT user manager to restrict the user's ability to log onto the domain to certain times of day - any thoughts?
Mark
-
Pulling out ethernet cable from the router may do (for some time) agains 5 year old.
:-)
If you figure out way to do it (and for TV too :-( ) let me know. I have 6 year old one and the same problem.
-
Surely if it keeps them quiet it is a good thing?
I remember some time ago seeing a win app that allowed you to restrict user access to the login and apps on a time schedule. So if you cant find a linux solution try searching for something like that.
HTH
-
Mark,
I am playing around with CBQ and noticed that you can set times to it.
Basically CBQ can be used to limit up/down traffic, why not just limit all traffic to like 0.00000001 k/sec for a specific time period.
Unfortunatly I am not that good with the rules and stuff, there is a thread on CBQ, just do a search and you should be able to find all info you need.
Cyrus Bharda
-
Thanks to all for their comments and help so far (and to Douglas Musty who sent me some scripts direct). Unfortunately, my son has a couple of ways around most of the fixes:
1. I don't just want to restricy his internet access - I want him to stop logging on completely during those hours when the civilised sleep!
2. I can't tie the restrictions to one machine name, IP or MAC address as he has access to at least four different PC's in the home network (big family and work from home).
3. I do only want to restrict by login name as his big sister and I will both be on the network at night and early mornings.
So.... I guess what I really need is something that locks and unlocks the account at 19:00 and 07:00 respectively to avoid me having to do it manually from server manager (I work away a couple of days a week so can't do this). Maybe scripts which I can run from cron jobs.
Any ideas, folks?
Mark
-
Well I don't know about setting it up for the time but you might want to check of the DansGuardian server manager panel from dungog.net.
http://www.dungog.net/sme/help/index.html?page=smehelp/dansguardian.html
It's a fantastic content filter and you can set it up for pam athorization. The panel has an option of deny access to any individual account but it's not automatic. You mst manually turn off access. If you have access to a computer and a network connection on the road you can use something like Putty to manage the access. Or you could install the user manager panels and get your wife access to the DansGuardian panel to turn the access on and off, show her how to do it.
I use the DansGuardian panel myself but not the pam authorization. To block my daughter I use iptables, my daughter only has access (physically) to her computer, and cron events to turn on and off her access at the assigned times. All the other computers have user accounts only for my wife and I and the accounts are passworded.
Doug M.
-
Sounds like you need to implement a full domain and have the domain logon script deny access for the times required for his user group.
-
I've tried that myself. Win9X and XP Home doesn't require a domain to be able to log in. If Mark is running any 9X clients (including WinME) he's pretty much hozed. The only option would be to set a BIOS password which would keep the little one off the system until an adult logged in for him.
WinXP Home has more capabilities, you could set up a login for the boy that has restrictions on when he could log in. Any other logins would require a password be set. You'd have to mirror the login information to all the client PC's though.
Win2K and XP Pro can be set up with a domain that requires authentication and enforces policies for when a user can log in and forced logoff at set times also.
Another thing, Win9X clients that recieve the default route setting in a DHCP configuration will have access to the internet also - unless you enforce some kind of restrictions for access to the internet gateway. This would keep him off the internet but unless you run 2K or XP client OS (or most versions of Linux of course), there's little you can do to keep him off the system - asside from a BIOS password or put an enclosed lockable timer on the power cord that won't even let the PC power up.
-
Hi
I'm running XP Pro on the PC's and running a full domain on E-Smith with romaing profiles and a login script. I didn't even thinking of using the login script and policies to limit access - doh!
Just need to work out how to limit that script to the user or groups. I think I should remember enough about login scripts to be able to do that but if anyone can help and save me the time....
Thanks for all your help.
Mark
-
I have a 16 year old son, (Brandon) that I had to control his PC use as it was interfering with his homework and was skipping school to use the PC.
(Monday to Friday login times from 5pm - 9pm) (Sat 08:00 - Sunday 10:00)
Also running XP Pro.
The solution:
Open command prompt.
net user brandon /time M-F,17:00-21:00;Sat,08:00-24:00;Sun,00:00-22:00
So instead of saying what time the user can't logon, you are stating what times the user can logon.
So as you can see, this is really not a gateway server issue.
-
oops syntax error see below for corrected statement.
net user brandon /time:M-F,17:00-21:00;Sat,08:00-24:00;Sun,00:00-22:00
-
Steve
I had been trying to use the net user /time command but is didn't seem to do the job even when I set it at a domain level. When I run "net user harry", it confirms that the time restriction are in place but it just doesn't seem to do the trick. I have made the change in the local security settings to force logoff when logon hours expire but still no joy! This is certainly the neatest way I think but do you have any suggestions as to what I'm missing? Harry was up at 5.30 this morning on Midtown Madness!!!
Is Brandon logging onto a domain or onto the local machine?
Mark
-
Hi,
well, u can easily implement a regkey in WinME, or 9x, that the user must logon to the domain.
open regedit
Hkey_local_machine\blablabla\network\logon
here u add a new key named
MustBeValidated
and set the value to 1
afterwards there is no "escape" feature on the logon screen.
but pls be aware, if ur logonserver is down, then ur are definitely not able to logon to the WS.
Cheers
Frank