Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 37
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    You cant... Ultimately Untangle routes traffic based on the IP address. The login process is just filling a table of names to addresses that the device then uses to route. It will take some light proxy/session tracking with cookies to make it truly user driven. To be honest that's the next logical step, and along the way Untangle will likely end up with a caching proxy too.

    CP doesn't change user based policies... All it provides is another way to build that ad table.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Quote Originally Posted by sky-knight View Post
    CP doesn't change user based policies... All it provides is another way to build that ad table.
    Ok, fair enough. Then, in this way I could see the Captive Portal being a service instead of in the rack. Though, I believe we need a few tweaks to Captive Portal to really work right. The following should be settable options, and we should be able to set these options per IP, Subnet, etc:

    1.) If a user is already logged in through the AD connector, the Captive Portal should detect this and not present the captive portal page at all. If they are not logged in through the AD connector they would get the captive portal with the option to force a disclaimer onto the user.

    2.) For those that want to display a "disclaimer", for no matter who is logged in: if a user is already logged in through the AD connector, the Captive Portal should detect this and only present the disclaimer page. If the user isn't already logged in through the AD connector, then the Captive Portal would present a login with disclaimer.

    This would make the Captive Portal complete from our standpoint. This would create a smooth experience.

    #1 would allow users who are already logged in via Active Directory, access to the Internet without having to deal with the captive portal. For most of our clients, this is how they would want it. They don't want to add an extra step for their people. They would want the Captive Portal for guests and/or new computers that have not yet been added to the domain. For those who are captured, an optional disclaimer could be presented.

    #2 Would allow our clients to provide a disclaimer for everyone. For those already logged in through the ad connector, it would only display the disclaimer. For those who are not logged in through the ad connector, it would provide both a logon and the disclaimer.

    Thoughts?

  3. #13
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    interesting conversation and some neat ideas, but the reality is the captive portal is integrated in the kernel, not in the virtual network inside the untangle-vm. This means that it is a system-wide singleton. Its not just a user interface issue, it has to be a service because its a singleton.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #14
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Oooh, I need to get this so I can try out AD groups. The lack of group information in the AD connector has stopped us from ever using it. It might work for us now, although I guess we still need to push out the AD script to every user in our company. That shouldn't be a big deal, though.

    Has anyone tried it out? Can you say anything about how it is implemented?
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  5. #15
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    We're still at 7.1.0. Do I need to upgrade to 7.1.1 before 7.2 will show up as available, or can we upgrade directly from 7.1.0 to 7.2?
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  6. #16
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Quote Originally Posted by neiby View Post
    Oooh, I need to get this so I can try out AD groups. The lack of group information in the AD connector has stopped us from ever using it. It might work for us now, although I guess we still need to push out the AD script to every user in our company. That shouldn't be a big deal, though.

    Has anyone tried it out? Can you say anything about how it is implemented?
    Instead of deploying the script, why not just use captive portal to identify the users?

    And I think AD groups works great but I'd love you feedback.

    Lastly, yes you will need to upgrade to 7.1.1 in order to get to 7.2.

    Why aren't you on 7.1.1?
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  7. #17
    Master Untangler k6rtm's Avatar
    Join Date
    Feb 2010
    Location
    Silicon Valley
    Posts
    110

    Default

    Simple question -- is 7.2 RC1 the same as 7.2 stable, or do we know yet?

    cheers--

    bob in sunny silicon valley

  8. #18
    Master Untangler
    Join Date
    Aug 2008
    Posts
    939

    Default

    Quote Originally Posted by mrunkel View Post
    Instead of deploying the script, why not just use captive portal to identify the users?

    And I think AD groups works great but I'd love you feedback.

    Lastly, yes you will need to upgrade to 7.1.1 in order to get to 7.2.

    Why aren't you on 7.1.1?
    Captive portal is not a replacement for the AD Connector/Script. 100% of my clients would be pissed off if they had to login to the captive portal, instead of automatically being logged on via the login script. Captive portal is great for:

    1.) those that are not logged on via Active Directory.
    2.) Disclaimer for environments that require it.
    3.) Guest subnets
    4.) Public access points
    5.) Linux workstations

  9. #19
    Master Untangler neiby's Avatar
    Join Date
    Jun 2009
    Location
    Denver, CO
    Posts
    603

    Default

    Quote Originally Posted by mrunkel View Post
    Instead of deploying the script, why not just use captive portal to identify the users?

    And I think AD groups works great but I'd love you feedback.

    Lastly, yes you will need to upgrade to 7.1.1 in order to get to 7.2.

    Why aren't you on 7.1.1?
    Captive portal does not interest me in any way. We have way too many users who would complain about it, and we also have dozens of devices that need unattended Internet access, so then I'd have to figure out all of those, give them static IP addresses and then create exceptions for them. Not fun. I don't think management would even consider using the captive portal at this point.

    I don't really have a good reason for not being on 7.1.1. I seem to recall reading some people having problems with it and when I looked at the change log it didn't seem to fix anything that applied to us, so I just haven't bothered with it. We seem to have issues with upgrades that happen automatically. The last two have stopped Internet access until I manually reboot the server, so I have automatic upgrades turned off.
    Disclaimer: I may or may not have had enough coffee when I'm posting. Interpret my responses thusly.

  10. #20
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,058

    Default

    Quote Originally Posted by far182 View Post
    Captive portal is not a replacement for the AD Connector/Script. 100% of my clients would be pissed off if they had to login to the captive portal, instead of automatically being logged on via the login script. Captive portal is great for:
    Doesnt the script just notify the UT box what the username is and what IP they are using? It in no way does any kind of authentication.

    We will require each and every person to login to get to the internet. Each company may do it differently. I agree they should be able to just read the agreement and click OK to get past. This at least records they agreed to the terms.

    Lannie

Page 2 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2