Edubuntu in an existing network
Gavin McCullagh
gmccullagh at gmail.com
Wed Dec 20 18:08:44 GMT 2006
On Wed, 20 Dec 2006, Kory Mohr wrote:
> On a similar note to François' firewall/DHCP settings, we're using a
> Sonicwall Pro 3060 running Enhanced.
> I'm finding, however, that the authentication only works on the Edubuntu
> server when one person access the web. For example, if I access the web
> using Firefox on an Edubuntu client, I'm prompted to authenticate. If
> another client comes online and access the web, I'm not prompted to
> authenticate because the first client already did. So, I'm receiving
> their access rights.
Perhaps the firewall is remembering users by IP Address. You would both be
coming from the one ip address. That's a bit crappy if it's true, though
perhaps there's some configuration change you can make.
In principal it's possible to give every user a separate ip address on the
thin client server, but it would probably be horribly complicated to do in
practice. I guess you could give the machine 40+ ip addresses and then
use iptables to mangle packets src address based on the UID. Yuck.
Alternatively, you could use squid and its ldap_auth to do this. Some of
this might be helpful:
http://wiki.debian.org/DebianEdu/HowTo/Squid_LDAP_Authentication?highlight=%28squid%29
though I'm not sure what modifications are needed to get it to work against
active directory.
> Not a good way to do this, but it's what I have thus far. I've been
> working with the Sonicwall in adding the Edubuntu DHCP subnet to it's
> access object group but it's just not taking that subnet (probably
> because it's not serving the IP address to the clients; the Edubuntu
> server is.)
Given that the Edubuntu thin clients should never directly access the
firewall, why is this important?
Gavin
More information about the edubuntu-users
mailing list