Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Extended User Policies
  •  
PeterM

Messages: 12
Karma: 0
Send a private message to this user
Hello,
is it possible to extend user authentication to all Services and not only to http and ftp traffic. Every user can access the internet without authentication for example for Internet Games or other services. If you acces the internet with an internet browser you need to authorize your request with an username and a password but there are no authentification requests on other services. I just want to have the clients to authenticate for everything they do on the internet. Would be great if there will be a possibility to do that!
MFG Peter
Edit: (sorry for my english =) )

[Updated on: Tue, 02 March 2004 19:19]

  •  
PeterM

Messages: 12
Karma: 0
Send a private message to this user
Hello,
No one knows how to do that with winroute or is it just impossible ?
If my question isn't clear please tell me...
Hoping for replies..
Peter
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
PeterM wrote on Wed, 03 March 2004 11:19

Hello,
No one knows how to do that with winroute or is it just impossible ?
If my question isn't clear please tell me...
Hoping for replies..
Peter


There is a possibility to set different source in the traffic rule with NAT option. If you set source as "authenticated user" instead of local interface, only authenticated users can access Internet.
So user must login on the firewall's webadmin interface first, otherwise all connections will be dropped by the default traffic rule.
  •  
techkid

Messages: 18

Karma: 0
Send a private message to this user
I tried that once and had a few interesting connections from people that should not have been Authorized. I think these connections were made from the outside because when watching the connections window in Kerio, I could see them logging on for about 300 secs then off.

I may be paranoid or could it be an unknown flaw.

TK.
  •  
PeterM

Messages: 12
Karma: 0
Send a private message to this user
Thank You,
thats it !!

Peter

PS:
Could it be that you can login from everywhere if i set this option instead of the other source?
  •  
Jeff Wadlow (Kerio)

Messages: 162
Karma: 6
Send a private message to this user
Hi Peter,
You could authenticate from the Internet if you had a rule allowing for wradmin or wradmin ssl.
  •  
PeterM

Messages: 12
Karma: 0
Send a private message to this user
Hello,


Pavel Dobry:
There is a possibility to set different source in the traffic rule with NAT option. If you set source as "authenticated user" instead of local interface, only authenticated users can access Internet.
So user must login on the firewall's webadmin interface first, otherwise all connections will be dropped by the default traffic rule.


Could it be that you can login from everywhere if i set this option instead of the other source?
I mean there is no more an interface specified in the source and then you could logon from the internet and not only from the Local Area Network! How can I specify that the users must be on the local area network with this new rule activated?

Peter

  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
PeterM wrote on Sat, 06 March 2004 14:24

Hello,


Pavel Dobry:
There is a possibility to set different source in the traffic rule with NAT option. If you set source as "authenticated user" instead of local interface, only authenticated users can access Internet.
So user must login on the firewall's webadmin interface first, otherwise all connections will be dropped by the default traffic rule.


Could it be that you can login from everywhere if i set this option instead of the other source?
I mean there is no more an interface specified in the source and then you could logon from the internet and not only from the Local Area Network! How can I specify that the users must be on the local area network with this new rule activated?

Peter




No, you will be able to login from everywhere only in case when you have allowed access to the webadmin interface (port 4080 or 4081 for secured one) from anywhere.

If you have not allowed access to webadmin interface from the Internet, nobody can login to the firewall. So only users from local network can logon.

  •  
PeterM

Messages: 12
Karma: 0
Send a private message to this user
Hello,

I've got one more question. How can I forbid users to login twice from different computers? Every User Account should only used once. How can I do that ?

Peter
  •  
PeterM

Messages: 12
Karma: 0
Send a private message to this user
Hello,
there is something again =)
what is MSIE proxy autodiscovery in DHCP-Server settings
What is it good for and what value has to be in there?
Would it make configuration easier to set this option?

Peter
Previous Topic: HTTP and HTTPS Auth. problem; connection.log problem
Next Topic: "Unable to open cache data file: cache.dat"
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 18:32:23 CET 2017

Total time taken to generate the page: 0.00440 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.