I am also helping a friend of mine to setup a cyber cafe, they want users to be disconnected after an hour's usage. Squid does not have this feature to best of my hacking. Any thought on how to impliment this?
The best way to do this is to use IPtables to block the specific client ip after a certain interval of time. As far as someone changing ip on windows machine use dhcpd to alocate a specific ip to specific mac address.
Derwyn
Sometime Today, Derwyn Dpenha assembled some asciibets to say:
client ip after a certain interval of time. As far as someone changing ip on windows machine use dhcpd to alocate a specific ip to specific mac address.
That doesn't stop them from changing the IP. They just have to change the client settings from dhcp to static ip.
Philip Tellis philip.tellis@gmx.net writes:
That doesn't stop them from changing the IP. They just have to change the client settings from dhcp to static ip.
Using ip-tables, you can check for ip-mac address combination. This way you can make sure, each machine on the network has only one address. If someone tries changing it, the gateway simply wont accept it.
On Tue, 2005-01-18 at 12:01, Philip Tellis wrote:
That doesn't stop them from changing the IP. They just have to change the client settings from dhcp to static ip.
1. ok my knowledge of winz is extremely rudimentary, but cant we lock them into booting into SAMBA at boot (user name/passwd) ?
2. ULtimately, since we want to give them surfing time cant we use the
"authenticate_program" tag in squid to achieve this somehow ?
look @ "authenticate_ip_ttl" also.
I think this is acheivable using these two?
( of course i must admit i missed most of this thread so.. if im off track.. my apologies )
regards Erle
- ok my knowledge of winz is extremely rudimentary, but cant we lock
them into booting into SAMBA at boot (user name/passwd) ?
I think you can use username/password authentication in squid which has a timeout after a period of time. However you will need to change the password once the hour is up, so that he cant use the username/password again. Also transparent proxy dosent work in this case. You will have to set the browsers to use squid with the IP and port. http://www.squid-cache.org/Doc/FAQ/FAQ-23.html
Something like this ------ auth_param basic program /usr/lib/squid/pam_auth auth_param basic children 5 auth_param basic realm Squid Proxy-Caching Web Server auth_param basic credentialsttl 1 hours acl authenticated proxy_auth REQUIRED ------
I dont remember since I had done this just one some time ago. But it works...
Regards, Keith
On Sat, 2003-01-18 at 23:22, Keith Fernandez wrote:
I think you can use username/password authentication in squid which has a timeout after a period of time. However you will need to change the password once the hour is up, so that he cant use the username/password again. Also transparent proxy dosent work in this case. You will have to set the
thats similar to what i was suggesting (read my full email) basically with two config options in squid
"authenticate_program" & "authenticate_ip_ttl" for more info "google" :)
c'ya Erle
Keith Fernandez wrote:
auth_param basic program /usr/lib/squid/pam_auth auth_param basic children 5 auth_param basic realm Squid Proxy-Caching Web Server auth_param basic credentialsttl 1 hours
What I understood out of the documentation is : credentialsttl will ask for a password after every 1 hour. The user is forced to enter his password. I would like to make sure that the user is not allowed to surf after an hour.
Amish.
On Wed, 2005-01-19 at 11:36, Amish Munshi wrote:
forced to enter his password. I would like to make sure that the user is not allowed to surf after an hour.
http://www.wizdom.org.uk/linux/squid.shtml perhaps we could take a spin off from this ?
the script mentioned on the link above would require some to be changed a bit, but i believe with a simple application of some logic it can be achieved.
never tried out exactly something like this myself, but i am pretty sure it just requires a slightly different approach. and it would require minimal coding. to combine the solution into a workable one.
c'ya Erle
-
Amish Munshi -
Derwyn Dpenha -
Erle Pereira -
Joe Steeve -
Keith Fernandez -
Philip Tellis