Let me explain:
I have a school environment with Windows domain connected computers. Teachers can bring their personal laptops which are not domain connected. The active directory connector script authenticates the domain connected computers, and Captive Portal authenticates the laptops (the capture rule in CP is limited to "User" "is NOT" "[authenticated]"). This worked well.
Recently, the school was on vacation for a week and a half. Becasue of this, DHCP leases expired. Upon returning to school, the laptops are no longer prompted for a CP login. After much sweat, I figured out that the DHCP addresses assinged to the laptops used to be from the Domain computers, and the logins via the AD script never timed out. Therefore, people are being assigned the wrong policies, and can not change them without either being told to manually execute a logout script or browse to the link that the logout script goes to.
I would report this on bugzilla, but I figured I would start here. The solution is to allow an option to timeout logins via the connector script. (Optional and not manditory because those that are using the "logout" modification to the script will have a problem because their script isn't looping).
This really brings me to feel that the Connector Script is quite primitive. Firstly, it loops for backgrounded users, so if multiple users are logged in to a Windows computer, the policy will keep changing when each "loop" in the script takes effect for each user. The logout modification helps somewhat... but when one user logs out it messes up the other users that are logged in:
http://forums.untangle.com/directory...witchuser.html
I have a school environment with Windows domain connected computers. Teachers can bring their personal laptops which are not domain connected. The active directory connector script authenticates the domain connected computers, and Captive Portal authenticates the laptops (the capture rule in CP is limited to "User" "is NOT" "[authenticated]"). This worked well.
Recently, the school was on vacation for a week and a half. Becasue of this, DHCP leases expired. Upon returning to school, the laptops are no longer prompted for a CP login. After much sweat, I figured out that the DHCP addresses assinged to the laptops used to be from the Domain computers, and the logins via the AD script never timed out. Therefore, people are being assigned the wrong policies, and can not change them without either being told to manually execute a logout script or browse to the link that the logout script goes to.
I would report this on bugzilla, but I figured I would start here. The solution is to allow an option to timeout logins via the connector script. (Optional and not manditory because those that are using the "logout" modification to the script will have a problem because their script isn't looping).
This really brings me to feel that the Connector Script is quite primitive. Firstly, it loops for backgrounded users, so if multiple users are logged in to a Windows computer, the policy will keep changing when each "loop" in the script takes effect for each user. The logout modification helps somewhat... but when one user logs out it messes up the other users that are logged in:
http://forums.untangle.com/directory...witchuser.html