Ricardo,
Some environments do not have active directory.
Antony,
Do you still not understand? I need use Captive Portal to authenticate
my clients. With the use external_acl I getting through your ip your
username that already used in form auth. With this I apply my acls
blocking sites. What happens is that in a terminal server session I use
one different user.
Em 27/06/2013 14:57, Ricardo Klein escreveu:
> If you use active diroctory, maybe make your rules based on ldap_group
> and not in IP address?
> --
> Att...
>
> Ricardo Felipe Klein
> klein.rfk_at_gmail.com
>
>
> On Thu, Jun 27, 2013 at 2:42 PM, Antony Stone
> <Antony.Stone_at_squid.open.source.it> wrote:
>> On Thursday 27 Jun 2013 at 19:20:10, Oliveiros Peixoto (Netinho) wrote:
>>
>>> Hi Antony.
>>>
>>> I have different acls that permit or deny access to urls. These acls
>>> apply to groups and users where they are identified by the ip/user you
>>> are logged in mysql.
>>> If multiple users log into the same station I will not be able to apply
>>> these acls.
>> In that case (if you cannot select the correct ACL based on just the user
>> part, from the group which might use that IP) I cannot think of a solution :(
>>
>> I'd be interested if anyone else has an alterantive idea, though.
>>
>> Out of interest, given that the usernames on the terminal server machine must
>> be unique, and you can therefore identify them to specific people, why can't
>> you assign userA/IPx to ACL1, userB/IPx to ACL2 etc?
>>
>> Maybe you're sharing 5 usernames on the terminal server amongst 25 actual
>> people?
>>
>>> Em 27/06/2013 14:12, Antony Stone escreveu:
>>>> On Thursday 27 Jun 2013 at 19:06:45, Oliveiros Peixoto (Netinho) wrote:
>>>>> Hello everyone!
>>>>>
>>>>> I would like to clarify some issues with you. I need to set up a captive
>>>>> portal for authentication of my users. I make this using External_acl
>>>>> program that getting user and ip in mysql. The problem is that now I
>>>>> have a windows server where multiple users use the terminal service and
>>>>> using any browser for navigation making it impossible to authenticate a
>>>>> user / ip. Does anyone have a solution for this problem?
>>>> Can't you just put:
>>>>
>>>> userA / IPx
>>>> userB / IPx
>>>> userC / IPx
>>>>
>>>> into the database, so that all the users are accepted as coming from the
>>>> same IP?
>>>>
>>>> After all, what's the difference from a single PC where different users
>>>> could log on, but have the same IP address?
>> Regards,
>>
>>
>> Antony.
>>
>> --
>> "640 kilobytes (of RAM) should be enough for anybody."
>>
>> - Bill Gates
>>
>> Please reply to the list;
>> please don't CC me.
Received on Thu Jun 27 2013 - 18:28:29 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 28 2013 - 12:00:07 MDT