I'm dealing with a slightly unusual set of circumstances with a client who wants to require all employees to login for internet access and have all of their activity logged while online. Part of the network is typical - windows domain with xp workstations for office staff. The tricky part is logging user access on a single ubuntu netbook they use for the drivers who come and go all day. I thought captive portal would require each user to logn each time they open a browser, but I see now the first person who authenticates through captive portal bypasses that machine's IP for the timeout period, such that each subsequent user is not required to login, and their activity online is presumably associated with the first user who logged in. The ubuntu box is not authenticating to the windows DC, so the report plugin may not be logging the user name correctly either.
Aside from shortening the captive portal timeout period for the entire network, is there a method for requiring each user who logs into this box to also authenticate with captive portal each time? It seems like this would require captive port to authenticate by user instead of client IP, and I see no mention of how to enable that in the wiki. Im open to suggestions. We cant have the first user leaving the door open for everyone who comes after him on this box during the timeout period.