Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,527

    Default Captive Portal/OAuth for students Google Accts..push different class to diff policies

    A small school would like to start getting more granular with policies/racks. Right now, just "Staff" and "Student" racks, controlled by IPs. Small K-12 school, approx 65 students total.

    They wish to see if the following is possible.
    A rack for K through 5, with the strictest rules.
    A rack for grades 6,7,8, not as strict
    A rack for upper class...even less strict
    And a staff rack..of course no rules

    I also just put in a big Unifi system...switches and nano APs.
    They are thinking the captive portal with no password is one approach, as...the way this school is, soon as we change the "staff/production" wifi password, it's known. So we really need a way to capture all smart phones and force to a guest wlan, and with the laptops...they wish to separate to different rules as noted above.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  2. #2
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,596

    Default

    Are you expecting K-2 to accurately enter username/passwords, or you would handle those devices differently?
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.0 to protect 700Mbits for ~400 residential college students and associated staff and faculty

  3. #3
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,527

    Default

    Quote Originally Posted by jcoehoorn View Post
    Are you expecting K-2 to accurately enter username/passwords, or you would handle those devices differently?
    Good point...I have a hunch those devices will be minimal in number. I think devices skyrocket nearly vertical with the 5/6 grades...based on the APs in those classrooms. So although K-5 was a separate policy on their wish list...I'm guessing the numbers of devices there are low (except teacher managed)..but I will find out about that. Good point.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  4. #4
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,589

    Default

    Are their directory services handled by google? Where is the mapping of users to groups stored?

    An approach I have seen, especially if you have devices that don't change hands is to just tags the hosts or devices with info of their groups. That doesn't work if the laptops or devices are shared amongst different users...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,527

    Default

    Mapping of "users to groups" ....good question, I'm not familiar with how Google Apps are setup for schools, suppose I should try to find out if they have any security group functions in there.

    All in all...with <100 users total combining students and staff...perhaps just have a local users within Untangle is most efficient. Would there be a way to organize those into groups?
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,589

    Default

    Oh, its in google? Yeah, unfortunately we have no way to query that info (yet).

    Although an easier approach now that I think of it...

    Just tag the users in the user table. When they sign in with "jimmy@myschool.com" through captive portal they will appear in the user map. You can go in there and add a tag "6thgrade" tag for little jimmy. You can even set it to expire at the end of the year.
    This would apply the tag to all sessions regardless of where little jimmy logs in.

    That approach is less convenient for 1000s of students, but for 100 its probably not too bad.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,804

    Default

    Quote Originally Posted by dmorris View Post
    Oh, its in google? Yeah, unfortunately we have no way to query that info (yet).

    Although an easier approach now that I think of it...

    Just tag the users in the user table. When they sign in with "jimmy@myschool.com" through captive portal they will appear in the user map. You can go in there and add a tag "6thgrade" tag for little jimmy. You can even set it to expire at the end of the year.
    This would apply the tag to all sessions regardless of where little jimmy logs in.

    That approach is less convenient for 1000s of students, but for 100 its probably not too bad.
    Perhaps a method can be made to import / export those tags?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,589

    Default

    Quote Originally Posted by sky-knight View Post
    Perhaps a method can be made to import / export those tags?
    Sure, there is an import button in the top right.

    If your first thought after reading that sentence is "But..." then I would suggest not using it. Its not for you.
    A person can only have the data format conversation so many times...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,804

    Default

    Quote Originally Posted by dmorris View Post
    Sure, there is an import button in the top right.

    If your first thought after reading that sentence is "But..." then I would suggest not using it. Its not for you.
    A person can only have the data format conversation so many times...
    Oh I know, I'm just pointing out that button and some experience in a scripting language could result in a very powerful solution. It just requires someone to know enough Python/Perl/Powershell to pull it off.

    And before anyone asks, no... that's not me. At least not yet.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,596

    Default

    Quote Originally Posted by dmorris View Post
    Just tag the users in the user table. When they sign in with "jimmy@myschool.com" through captive portal they will appear in the user map. You can go in there and add a tag "6thgrade" tag for little jimmy.
    Even better, set the tag name based on the expected graduation year. Then the you don't have to re-tag everyone each June. You only have to re-assign tag policy rules.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 14.0 to protect 700Mbits for ~400 residential college students and associated staff and faculty

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2