From const at one.lv Fri Nov 2 01:24:52 2007 From: const at one.lv (Konstantin Chekushin) Date: Fri, 2 Nov 2007 10:24:52 +0200 (GMT+02:00) Subject: [NoCat] nocat patch needed Message-ID: <7210860.1193991892467.JavaMail.root@www3.one.lv> Can someone show me a patch, which add to auth. request MAC-address in case of RADIUS auth-tion. As I understand, this patch must add some information into nocat/authserv/cgi-bin/login ($user->authenticate(params_where_must_present_MAC)) and nocat/authserv/lib/NoCat/User.pm and nocat/authserv/lib/NoCat/Source/RADIUS.pm ... So, can someone help in this question? Thanks in advance! ------------------------------------------------------------------------------- http://www.one.lv - Tavs mobilais e-pasts! Tagad lasi savu e-pastu ar mobilo telefonu - wap.one.lv! From shawn.kondel at usu.edu Sat Nov 24 09:28:22 2007 From: shawn.kondel at usu.edu (Shawn Kondel) Date: Sat, 24 Nov 2007 10:28:22 -0700 Subject: [NoCat] Pop-Up blockers In-Reply-To: <63301.69.65.149.166.1192767306.squirrel@mail.linkabu.net> References: <63301.69.65.149.166.1192767306.squirrel@mail.linkabu.net> Message-ID: We found this to be annoyance for our users that have some kind of pop-up blocker whether it be IE7, IE6 w/ XPSP2, FF, or 3rd party, so our solution for time being was to extend the renewal idle timeout to 24 hours (NoCat gateway daemon gets restarted at 1:00am daily by cron job) and take out the renewal popup html code from the login_ok.html file on NoCat authentication server. In other words, the login user gets access to Internet all day without having to re-authenticate unless the user gets a different IP address later on. This poses some problems when a new user gets the old user's IP address that has already been authenticated. (Temporary solution is the have a bigger DHCP dynamic IP address pool than the average login users. DHCP server would give the users same IP address as long as possible and would not reallocated old IP address to another user unless all the new IP addresses from the pool are used up) Another solution (which I am working on) is to modify the gateway source code to monitor packet activities from IPtables and if there any packet in-activities for number of defined minutes, flushed associated IP address from the IPtables chain. The users would have to re-authenticate again if they tries to get back on again. The problem I have now is how to deal with users that have browsers with proxy settings enabled. Shawn Utah State University IT -----Original Message----- From: nocat-bounces at lists.nocat.net [mailto:nocat-bounces at lists.nocat.net] On Behalf Of Eduardo Bejar Sent: Thursday, October 18, 2007 10:15 PM To: nocat at lists.nocat.net Subject: [NoCat] Pop-Up blockers Hi everyone, I?ve been reading the mailing list archives and haven't found a definitive answer about this issue. Regarding pop-up blockers, how are you handling the NoCat pop-up window that opens after a user authenticates? Have you found a way to load this window despite the use of pop-up blockers, specially the one included in IE7? Thanks and regards, Edo _______________________________________________ NoCat mailing list NoCat at lists.nocat.net http://lists.nocat.net/mailman/listinfo/nocat From ehk20 at cam.ac.uk Sat Nov 24 10:07:39 2007 From: ehk20 at cam.ac.uk (Espen H. Koht) Date: Sat, 24 Nov 2007 18:07:39 +0000 Subject: [NoCat] Pop-Up blockers In-Reply-To: References: <63301.69.65.149.166.1192767306.squirrel@mail.linkabu.net> Message-ID: Given the associated security risks with this I think a neater solution to this is what the University of Cambridge has done with their "Lapwing" wireless service. Instead of automatically redirecting to the original request from the login confirmation page and then popping up a keep-alive window, it is the login confirmation page which contains the keep-alive code plus a link to open the originally requested page in a new window, from which you start your web browsing. This gets around the pop-up issue since user-initiated window creations aren't normally blocked by pop-up blockers. User can of course minimise the login confirmation page they way they would the classic pop up window, so the fact that it is a normal sized browser window isn't much of an issue. Unfortunately doing this is not a simple configuration change since it requires code changes to NoCat. Espen On 24 Nov 2007, at 17:28, Shawn Kondel wrote: > We found this to be annoyance for our users that have some kind of > pop-up blocker whether it be IE7, IE6 w/ XPSP2, FF, or 3rd party, so > our solution for time being was to extend the renewal idle timeout > to 24 hours (NoCat gateway daemon gets restarted at 1:00am daily by > cron job) and take out the renewal popup html code from the > login_ok.html file on NoCat authentication server. In other words, > the login user gets access to Internet all day without having to re- > authenticate unless the user gets a different IP address later on. > This poses some problems when a new user gets the old user's IP > address that has already been authenticated. (Temporary solution is > the have a bigger DHCP dynamic IP address pool than the average > login users. DHCP server would give the users same IP address as > long as possible and would not reallocated old IP address to another > user unless all the new IP addresses from the pool are used up) > > Another solution (which I am working on) is to modify the gateway > source code to monitor packet activities from IPtables and if there > any packet in-activities for number of defined minutes, flushed > associated IP address from the IPtables chain. The users would have > to re-authenticate again if they tries to get back on again. > > The problem I have now is how to deal with users that have browsers > with proxy settings enabled. > > > Shawn > Utah State University IT > > -----Original Message----- > From: nocat-bounces at lists.nocat.net [mailto:nocat-bounces at lists.nocat.net > ] On Behalf Of Eduardo Bejar > Sent: Thursday, October 18, 2007 10:15 PM > To: nocat at lists.nocat.net > Subject: [NoCat] Pop-Up blockers > > Hi everyone, > > I?ve been reading the mailing list archives and haven't found a > definitive > answer about this issue. Regarding pop-up blockers, how are you > handling > the NoCat pop-up window that opens after a user authenticates? > > Have you found a way to load this window despite the use of pop-up > blockers, specially the one included in IE7? > > Thanks and regards, > > Edo > > > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat > > > _______________________________________________ > NoCat mailing list > NoCat at lists.nocat.net > http://lists.nocat.net/mailman/listinfo/nocat