On Wed, 20 Dec 2006, Kory Mohr wrote: > On a similar note to François' firewall/DHCP settings, we're using a > Sonicwall Pro 3060 running Enhanced.
> I'm finding, however, that the authentication only works on the Edubuntu > server when one person access the web. For example, if I access the web > using Firefox on an Edubuntu client, I'm prompted to authenticate. If > another client comes online and access the web, I'm not prompted to > authenticate because the first client already did. So, I'm receiving > their access rights. Perhaps the firewall is remembering users by IP Address. You would both be coming from the one ip address. That's a bit crappy if it's true, though perhaps there's some configuration change you can make. In principal it's possible to give every user a separate ip address on the thin client server, but it would probably be horribly complicated to do in practice. I guess you could give the machine 40+ ip addresses and then use iptables to mangle packets src address based on the UID. Yuck. Alternatively, you could use squid and its ldap_auth to do this. Some of this might be helpful: http://wiki.debian.org/DebianEdu/HowTo/Squid_LDAP_Authentication?highlight=%28squid%29 though I'm not sure what modifications are needed to get it to work against active directory. > Not a good way to do this, but it's what I have thus far. I've been > working with the Sonicwall in adding the Edubuntu DHCP subnet to it's > access object group but it's just not taking that subnet (probably > because it's not serving the IP address to the clients; the Edubuntu > server is.) Given that the Edubuntu thin clients should never directly access the firewall, why is this important? Gavin -- edubuntu-users mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
