LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-15-2004, 01:53 AM   #1
citrus
Member
 
Registered: Dec 2003
Location: California
Distribution: Kubuntu 6.1
Posts: 548

Rep: Reputation: 30
samba domain question


soo here the situation

me and my friend are trying to put to gether a buisness a little internet cafe about 10 winxp computers and a linux server is what i am thinking

the linux server will act as a domain for all the other computers

then there will be another computer at the "front desk" that creat users as the come in so they can use the computers

what i want

a user will come into the store

tell the "clerk" how long he/she plans to be using the computer for then pay accordinally then the "clerk" will make a user account on the server so he/she can now log into one/any of our computers with the specified privalages (most likely minimal) and then when there time is up it will give them a message saying they have like 5 minutes or whatnot then automatically log them out (if such is possible)

if he/she want to stay longer they will come pay the "clerk"

this is just one way i was thinking about do this
sound ideal in my head

but my question is

is this possible?
like with the forcing log off and/or displaying a message to the user that his/her time is going to be up?

sounds a litte futurist to me but if it can be done it sounds like a winning idea
 
Old 06-15-2004, 03:08 PM   #2
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
Ooooh....... That's a tough one.

With a native windows network, you can control when a user can and cannot be logged in. As far as I know, there is no way for samba (as a pdc) to do this directly (If there is, I'd sure like to know). I believe there are ways of restricting login (an access schedule) on a linux server, but it has to be done on an OS level, not w/ samba. In a windows 2000/2003 domain, you have even more control over the login process via group policies (GPO's). Again, there is no way to do this as far as I'm aware.

If you would be simply offering internet access, then you might want to forget the domain idea and think about researching a proxy server, or some kind of managed switch/router (filter by mac address). I'm really not sure what is out there, but I see no reason to set up a domain controller (if it is feasible, it would be very difficult and prone to error). Depending on your needs, you may want to rely on some other forms of software (... commercial software) if the open-source software doesn't pan out.

Good luck....
 
Old 06-15-2004, 05:52 PM   #3
citrus
Member
 
Registered: Dec 2003
Location: California
Distribution: Kubuntu 6.1
Posts: 548

Original Poster
Rep: Reputation: 30
well i kinda want to offer a few games as well

the domain idea sounded like a good idea
but i can easily scrap that idea and go with something else

is there a way i can just control when the machine has internet and when it does not from another computer via "front desk computer"?


that might work...

i am open to any suggestions
 
Old 06-16-2004, 02:35 PM   #4
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
Well, I dunno, but a proxy service (which could be managed from anywhere) would do the trick, I think. Or, perhaps a router/firewall that has remote management capabilities. It all depends on exactly what you want. I have never set up proxy services on linux, but I hear squid is awesome.

I have a small Linksys router, which isn't too fancy, but it has a built-in web interface, and allows restriction by mac address. You are probably looking for something more robust, but it would do the job. It all depends on how many people you are planning on servicing. This linksys router I have will handle no more than a Class C subnet (254 hosts).

I just think a domain would be a bit overkill. Even if you did games, I've never played a network game that required domain authentication. Usually the only requirement is a TCP/IP or IPX socket (or whatever protocol it uses).

Good luck....
 
Old 06-17-2004, 05:24 AM   #5
Trd79
LQ Newbie
 
Registered: Aug 2001
Location: Sheffield, UK.
Posts: 16

Rep: Reputation: 0
Have you had a look on sourceforge for projects that do this kind of thing?

<looks>


try this one http://sourceforge.net/projects/cyborg/


or go to sourceforge.net and search for cafe or something similar.

I'm sure there are several such projects which may do exactly what you need and save you a lot of effort (especially training your clerk to adjust filtering rules per client!)


All the best
 
Old 06-17-2004, 07:53 PM   #6
citrus
Member
 
Registered: Dec 2003
Location: California
Distribution: Kubuntu 6.1
Posts: 548

Original Poster
Rep: Reputation: 30
has anyone successfully got cyborg working???
it doesn't provide shit for a how-to or anything

just sets these requierments and tells you to have fun
 
Old 06-17-2004, 09:01 PM   #7
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
No, a domain isn't going to help you here (especially not a Samba one).

I run public use internet machines where I work, so I can help you out here.

First off, ditch Windows XP. Windows XP is a good home operating system. It is ill suited for public or even commercial use. What you want is Windows 2000 Professional. The user level restrictions, policy options, and the file-by-file security makes it an infinitely better OS for use in a public environment. If you want, I could even send you the policy file I wrote for Windows 2000 Pro that completely locks down the machine.

But that isn't good enough by itself. Lets face it, the public can be pretty stupid when it comes to computers. Spyware, viruses, and files randomly saved can quickly destroy a computer system when the users are clueless. To prevent this from happening, it is not enough to simply lock down the policy. This won't help with viruses, temporary files, and even spyware. To combat this, you need Deep Freeze.

Deep Freeze is a brilliant piece of software. What it basically does is keep anything from being saved to the hard drive. Once you are done setting up your work stations, you install Deep Freeze which "freezes" the drive, and from that moment on, no matter what anybody does, they cannot change or damage the software configuration in any way. As soon as the computer is restarted, EVERYTHING that wasn't on that computer when you froze it is wiped away, even viruses (of course you can temporarily disable Deep Freeze if you want to make changes and install software). And it is pretty cheap.

So, Windows 2000 Professional with a custom policy and Deep Freeze will create the perfect public use machine (Windows based, anyway).

Now, to control access, you are going to want to look into a managed switch. A managed switch is just like any other switch. You have all of the client machines plugged into it, and one line out to your internet source (be it T1, DSL, Cable, whatever).

Here is the difference with a managed switch though. With a managed stitch you can access it through a web interface (usually) and select which ports on the switch to be active, and which ones to be off. So you could just turn off a computer's port on the switch (which it is physically connected to) and there internet access is instantly gone.

Here is the punch line though. I see no place for Linux in this system . You could have the staff machine be Linux if you wanted to, but it isn't going to access the switch's web interface any better than a Windows machine can.

I feel a little odd not mentioning Linux at all in a post on LinuxQuestions.org...

But in all honesty, unless you want to make the client machines Linux ones, there is really no need to bring Linux into your project (not how you described it anyway).

Last edited by MS3FGX; 06-17-2004 at 09:04 PM.
 
Old 06-17-2004, 09:08 PM   #8
MS3FGX
LQ Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 357Reputation: 357Reputation: 357Reputation: 357
Wait! I found a place for Linux in your project!

Linux could be used for your firewall and internet gateway for all the machines.
 
Old 06-18-2004, 12:58 AM   #9
citrus
Member
 
Registered: Dec 2003
Location: California
Distribution: Kubuntu 6.1
Posts: 548

Original Poster
Rep: Reputation: 30
thanks for you input

but i am looking more for a way to control how long they are on the computers
i am not looking for sequrity right as this second

i did try that cyborg program that someone mentioned
but i could not get it to work

will anyone see what they can do to get that program to work and help me out?
 
Old 06-18-2004, 06:11 AM   #10
andrewdodsworth
Member
 
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
Just a thought - don't know how well it'd work - but have a look at DHCP to control client logon times http://www.isc.org/index.pl?/sw/dhcp/ .

DHCP server grants leases to clients - you can set up how long that lease runs for and after it expires the client IP gets removed.

Will need a bit of work to automate it but beauty is that the config file is text so should be pretty simple to do.
 
Old 06-18-2004, 06:39 AM   #11
andrewdodsworth
Member
 
Registered: Oct 2003
Location: United Kingdom
Distribution: SuSE 10.0 - 11.4
Posts: 347

Rep: Reputation: 30
Had a look at the DHCP stuff and in the client configuration of a machine you can send lease times to the DHCP server. This sounds pretty good as you can control the lease time for each client.
 
Old 06-18-2004, 05:20 PM   #12
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
Well, it all depends on the setup. One catch I can see is if others are allowed to bring in their own machines, or if you would limit it to your own machines. And yes, I actually see linux playing a very large role, and I think the message is very appropriate. If all they need is web access, and the machines are your own, run linux on all of them as workstations. Firefox, etc. I see nothing wrong with that. It would be alot cheaper, and would work on older hardware, but that's your call.

The control on the internet access is going to focus on your gateway, not on the client. A proxy is a little less absolute in control, but would allow you to manage content. A managed network appliance (router/bridge) that allows you to control address via mac address would give you absolute control to the internet.

I think it all boils down to one question: would you allow others to bring in their own machines? The answer to that will greatly affect the best strategy to this whole issue.
 
Old 06-18-2004, 09:23 PM   #13
citrus
Member
 
Registered: Dec 2003
Location: California
Distribution: Kubuntu 6.1
Posts: 548

Original Poster
Rep: Reputation: 30
well i really would like to make it a wifi hot spot
so users could come in and use there laptops

the biggest thing tho is i don't just want to limit internet

i want the whole computer not to work if there time is up
like it will lock it down to a screen saver type deal

i have seen this before and it looks like this cyborg program should work very well

its runs my web server useing cgi perl and what not
and it has a small program that locks down win/lin client machine

and the server side program (that runs threw the web) tells what machines to lock down or un lock

this looks like the best idea

the only problem is getting the program to work

thats where i need the help

i have tested it on my linux server here at home

but i keep getting apach internel server errors when i try to log in to the program
 
Old 06-20-2004, 01:30 PM   #14
tisource
Member
 
Registered: Feb 2002
Posts: 322

Rep: Reputation: 30
I have no idea how to get such a program to work. I still think controlling internet access on your gateway (via mac address) is the best way to go. It is less hassle, more absolute, and you're not messing with other people's machines.
 
Old 06-22-2004, 03:04 AM   #15
citrus
Member
 
Registered: Dec 2003
Location: California
Distribution: Kubuntu 6.1
Posts: 548

Original Poster
Rep: Reputation: 30
yeah but what if i want to offer games as well

and there playing some game that has nothing to do with the internet....

that program i was looking at locked the computer down when there time was up
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba 3 problem - samba PDC can not join to the domain ananthak Linux - Networking 1 05-21-2006 10:39 AM
Samba and Windows Domain Question bchris999 Linux - Networking 3 11-12-2004 02:18 PM
Samba: Authenticate Linux-Clients in Samba Domain & Mount mule Linux - Software 0 12-10-2003 01:21 AM
Joining a machine from another domain to my linux samba domain acummins Linux - Networking 0 09-13-2003 07:07 AM
Question about Samba in WIN Domain ikw38 Linux - Networking 4 06-25-2003 10:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 03:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration