Prev: Posting Debian Bug Reports via Yahoo Mail
Next: Discussion: Login portal through linux to get internet and print
From: Douglas Mayne on 16 Jun 2010 09:39 On Wed, 16 Jun 2010 13:06:32 +0200, Geir Holmavatn wrote: > Hi, > > In a school environment we originally had windows domain controllers > which our students logged on to, but now with piles of netbooks > restricted to only running Home editions we can no longer force the > students to log on to a domain. Hence this is an opportunity to throw > out the windows servers and replace them with linux servers. > > BUT we want to force our students to somehow authenticate before they > get access to the internet in the classrooms. Not having logged in, no > internet access. When having logged in their additional bonuses are > access to their personal (and common) folder(s) and print services > through CUPS. > > The client computers run WinXP, Vista and Win7 both Home and Pro > versions, also we have quite a few Macs. > > Which options do we have? Do we need to run some client software on > each computer or are there other elegant ways to achieve what we > need...? > > PS We don't have the necessary server hardware to run TS for 300 > students :-) > > Thanks a lot for comments and suggestions. > > regards geir > I wouldn't give up on kerberos authentication. Perhaps, this module is a place to start: http://grolmsnet.de/kerbtut/ Kerberos solves a lot your problems, without introducing new security vulnerabilities. It is probably likely that valid tickets can be given to and used by non- Active Directory machines. This would likely be sufficient to pass along and use to use access network resources. Note: MS did not invent the kerberos protocol. There is /* probably */ an XP home client which at least allows access to resources without full AD participitation, but I could be wrong. Macs are a *nix derivative and can use kerberos, as can Linux. -- Douglas Mayne
From: jellybean stonerfish on 16 Jun 2010 10:58
On Wed, 16 Jun 2010 13:06:32 +0200, Geir Holmavatn wrote: > Hi, > > In a school environment we originally had windows domain controllers > which our students logged on to, but now with piles of netbooks > restricted to only running Home editions we can no longer force the > students to log on to a domain. Hence this is an opportunity to throw > out the windows servers and replace them with linux servers. > > BUT we want to force our students to somehow authenticate before they > get access to the internet in the classrooms. Not having logged in, no > internet access. When having logged in their additional bonuses are > access to their personal (and common) folder(s) and print services > through CUPS. > > The client computers run WinXP, Vista and Win7 both Home and Pro > versions, also we have quite a few Macs. > > Which options do we have? Do we need to run some client software on > each computer or are there other elegant ways to achieve what we > need...? > > PS We don't have the necessary server hardware to run TS for 300 > students :-) > > Thanks a lot for comments and suggestions. > > regards geir Have you tried chillispot? Description: Wireless LAN Access Point Controller ChilliSpot is an open source captive portal or wireless LAN access point controller. It supports web based login which is today's standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication, Authorization and Accounting (AAA) is handled by your favorite radius server. |