User Tools

Site Tools


User authorization types

Login/password authorization

If user been supplied with username and password during creation, we can get Internet access if put proxy server in the browser settings: and port 3128.

During the attempt to use internet ICS will ask username/password. This is called “Login/password authorization”.

Authorization itself could be using 2 methods: • By user login and password - user, who created HTTP-query will receive pop-up window for entering its credentials (username and password) and will receive its query after successful identification • By domain - user, registered in Active directory will be automatically authorized on Proxy server;

Second type is only possible, when system is connected to Active Directory domain and users are imported from the domain.

Warning. Using this authorization type will prevent usage of ICQ, mail, bank-client and other software's, which are not using http-protocol.

Authorization by IP

Most used authorization type is authorization using IP address.

It is used in the cases, when LAN users having static IP addresses or dynamic addresses, registered with MAC-address. User get access to external network for all the protocols and according to global and personal rules and conditions set.

In order to provide user with the IP address it is necessary to select username in the list of users. The information page for this user will be opened. After that select IP address tab, click “add” and set address, assigned to this user.

Добавление IP-адреса пользователю

After that assigned address will appear in the list of user addresses. Each user could be assigned with any number of IP addresses. It is also possible to assign range of addresses to user in the format address/prefix.

IP-адреса пользователя

Warning! IP address could be easily high jacked. Malicious user could impersonate another user by changing network settings on its personal computer. In order to prevent it - use MAC address lock function.

Authorization by MAC

This type of authorization is convenient when network uses dynamic addresses, but ICS is not used as DHCP server. In order to assign MAC address to user, navigate to IP-addresses settings of the user and Click “Add MAC address:

Добавление MAC-адреса пользователю

Simultaneous work with two types of authorization

It is possible to assign some users with login/password authorization type and some with IP authorization.

The sequence in this case is “IP authorization” followed by “Username/Password authorization”:

1. IP address of the user is checked first of all. users with known IP addresses are allowed. 2. If user has proxy settings set in its browser - he will be asked to enter login name/password. Users who successfully authenticate themselves are allowed. 3. All the rest of the users are blocked.

More detailed description of authorization sequences are explained in proxy-server settings part.

Other authorization types

In order to user with dynamic IP-address to authorize by username/password and be allowed in the external network without any limitations it is necessary to use xauth or web-authorization.

To speed-up user creation process - import function is used.

After user creation it is possible to assign them with access rules.

Terminal server user authorization

All the users using Terminal Server are not different from each-other from ICS network queries prospective (same Terminal Server IP address is a source of traffic). Therefore in order to split statistical report and access settings it is necessary to specify proxy-server in the browser settings for each of the Terminal Server users. In this case every user will be registered under its own login and proxy-passing queries will be identified for each of the Terminal Server users.

auth_user.txt · Last modified: 2014/12/17 13:24 (external edit)