Re: IP Masq and users
On Tue, 28 Apr 1998, Breathnach, Proinnsias (Dublin) wrote:
> Anyway what I need is to ask all users connecting (from any of the client
> machines (2 * W95, 1 * Linux)
> to 'login' before they're allowed net access (mainly for monitoring - who's
> running up the usage bill etc.)
> Is there an easy way to do this ?, the HOWTO doesn't seem to mention
> requiring passwords for access, but I
> might have missed it !
There are numerous ways of doing this, but I want to tell you about an
interesting project I was involved at at the local highschool.
The highschool was a little different in that SAMBA filesharing was an
essential part of our setup, but other than that, it was an
IP-Masquerading ppp Gateway.
Each user had a home directory on the server, which they could mount from
any of the workstations using samba.
now the smbd (which accepts the samba connections)has an option to run a
script, either as that user, or as the superuser, when a particular shared
directory is mounted, and this script can be given the IP address of the
calling machine, and the username of the client as arguments.
So I used this script to trigger the appropriate ipfwadm commands when the
user mounted his or her home directory, and a similar script was run when
the user unmounted the home directory, which would undo each of the rules
applied previously, and store the results of the accounting rule.
Seemed to work quite well once some of the client-side bugs were ironed
out, and if, or anyone, wants a hand with setting such a system up, I'd be
glad to hear from you.
-7~he 7~hought /|ssassin
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org