+ Post New Thread
Page 4 of 6 FirstFirst 123456 LastLast
Results 46 to 60 of 81
CLEO Thread, The LightSpeed Filtering issue thread in Regional Broadband Consortiums (RBC); Originally Posted by SimpleSi Eureka Using lancs email addresses as temp override authority so teachers can get on with things ...
  1. #46

    Join Date
    Oct 2012
    Posts
    33
    Thank Post
    10
    Thanked 7 Times in 5 Posts
    Rep Power
    5
    Quote Originally Posted by SimpleSi View Post
    Eureka
    Using lancs email addresses as temp override authority so teachers can get on with things in-between peripetic technician visits

    Create a new lancsngfl email address called web@school.lancs.sch.uk (use your real school)

    Goto Dashboard - Administration and then Add Authentication Source
    stick email in all boxes (or anything you want) but put in outlook.lancsngfl.ac.uk for mail server and tick the encrypt and end user use.

    Goto Webfile - Override Users and create a new list called web, description web
    Edit it and Add User
    Search for web - click on it - change Name to web@school.lancs.sch.uk
    Enter web as description


    Goto WebFilter and Policy Management - Rule Sets - Students
    Scroll to Access page
    Select Require Username and select Restrict username as well and select web for username access


    Then make sure all the overrides boxes are ticked for every category you want staff to be able to override and that web is selected

    And I think that does it
    I've got it working so if it doesn't work for you then its probably my instructions

    Simon
    Brilliant Si!
    Thanks! works perfect for me!

  2. #47
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    I've just emailed OCL about having a YouTube category created like @SchoolsBroadband have. This would give you a category of "YouTube" that you can block/unblock per policy instead of using URL pattern overrides. Plus in the future when YouTube change/add a domain one of us just emails OCL they add it to the category and boom every school in county is done.

  3. #48

    Join Date
    Apr 2012
    Location
    Leeds
    Posts
    302
    Thank Post
    0
    Thanked 67 Times in 53 Posts
    Rep Power
    36
    Quote Originally Posted by Arcath View Post
    I've just emailed OCL about having a YouTube category created like @SchoolsBroadband have. This would give you a category of "YouTube" that you can block/unblock per policy instead of using URL pattern overrides. Plus in the future when YouTube change/add a domain one of us just emails OCL they add it to the category and boom every school in county is done.
    yes makes sense its an easy way to do it

  4. #49
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    Quote Originally Posted by SchoolsBroadband View Post
    yes makes sense its an easy way to do it
    Yes it does!

    OCL are having issues at the moment that means that creating custom categories doesn't work at the moment but they do like the idea.

  5. #50
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    I have just added our AD as an authentication source and thought I'd share my experience since I am behind a firewall.

    I used a 1:1 NAT entry and just opened port 636 which is the secure LDAP port.

    The LS wiki entry is here

    The steps I took are:

    Administration > Add Authentication Source

    Type: Active Directory

    Name: AD Source (Only seen in the admin panel)

    Description: AD Source (Only seen in the admin panel)

    Friendly Name : Network log on (This is seen on the webpage for logging in)

    Server Hostname: 111.111.111.111 (Replace with the CLEO valid IP that you have mapped to your DC)

    Domain: schooldomain (This is the single label domain and not the FQDN eg schooldomain.local)

    Base DN: ou=schoolusers,dc=schooldomain,dc=local (This is the path to the OU that you want to get your user information from, you can get away with dc=schooldomain,dc=local but not advisable )

    Administrator Account: schooldomain\normaluser (This does not need to be an admin account, it only needs to be a normal account to query your AD)

    password: accountpassword

    Password Confirmation: accountpassword

    Encrypt Connection: (This is ticked to use secure LDAP port 636)

    Once this is done you can use the test button. It will add the domain so use the format user and not domain\user.

    Hopefully this should save someone a bit of time. Whether or not this kind of set up will work with the auto login client I don't know. See other posts regarding using this source for your users. You will need to tick Available to End Users on the authentication source btw.
    Last edited by ChrisH; 16th April 2014 at 12:48 PM.

  6. #51
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    Don't bother trying to use OUs as a source under assignments for rule sets as it just doesn't work! Stick to using groups.

  7. #52
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    So I have to pose the question how many schools use different internal VLANs (not just admin and curriculum) ? Surely I can't be the only one who is using multiple VLANs with a layer 3 core switch/router ? I know there are plenty of you out there with Procurve 5400s etc. I have a VLAN per building/cabinet and functional based ones such printers, phones, domain wireless, guest wireless etc. I managed to get my firewall to do 1:1 NAT so each client would map to its own CLEO IP (which shows up fine in the lightspeed logs correctly) but that doesn't help with the client which will always report the clients IP address and not the one it gets mapped to.

    I am assuming in this situation an onsite rocket is the only answer but I never heard mention of having to make any IP changes from other managed service providers. Is anyone in Lancashire utilising VLANs like me and has subnetted up their allocated ranges ? I can see this as an option but I haven't sat down and worked it out yet.

    I really don't want to be changing my whole internal configuration because of the internet connection that just seems so wrong but it looks like my choices are:

    Onsite Rocket (mentioned in some of the information a while ago)
    Change my whole internal infrastructure including IP address, VLANs, ACLs and routing.

    So am I alone in this or have other people in Lancs having to make big changes ?

  8. #53
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    @ChrisH Without the machine (and thus the agent) knowing the CLEO IP that is has been given there is no way to have the automatic authentication work.

    I do wonder if it would be possible to modify the agents requests e.g. if your machine is 192.168.0.34 and it has a cleo ip of 10.23.12.34 to just do a string replacement on its messages but that just adds an extra overhead to your routers.

    Or if there was someway to give the CLEO IP to the machines as a virtual interface that the agent can see so it reports that IP aswell.

    Or if there was a way to add a static route to your tier only that can lets your internal IPs talk directly to the rocket.

    Just some ideas the last one seems like the best to me but it depends on if OCL will help and if shared tier system OCL is using supports it.

  9. #54
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    I think the only real options are the on-site Rocket or me changing all my IP ranges and subnetting up my curriculum range, the only issue I have with that is the router interface is always x.x.x.1 and if I wan't that in it's own subnetwork I'm going to be wasting 125 IPs which I can get away with but its a pain. If it was at the end of the range I could just use a /30 mask.

  10. #55
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    5,013
    Thank Post
    120
    Thanked 283 Times in 261 Posts
    Rep Power
    108
    Got mine all sorted now, you must have an IP address from your assigned 10.x.x.x range. I still have my firewall in-place and my separate VLANs so everything worked out okay in the end.

  11. #56
    ellsandell's Avatar
    Join Date
    Jan 2014
    Location
    Cumbria
    Posts
    65
    Thank Post
    13
    Thanked 11 Times in 10 Posts
    Rep Power
    3
    Is it just me or is almost every URL shortening service blocked? Yacapaca.com uses bit.ly, and after asking OCL they say they can't change the default block list to allow it?

  12. #57

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,048
    Thank Post
    590
    Thanked 1,032 Times in 791 Posts
    Blog Entries
    15
    Rep Power
    467
    Are you surprised? Given the choice, I would have every single one of them blocked too. Biggest source of infection from websites and downloads are thanks to those damn things.

  13. #58
    ellsandell's Avatar
    Join Date
    Jan 2014
    Location
    Cumbria
    Posts
    65
    Thank Post
    13
    Thanked 11 Times in 10 Posts
    Rep Power
    3
    Not surprised no, just annoying as they work fine on our old filtering (Cumbria) which we never had any problems with.

  14. #59
    Arcath's Avatar
    Join Date
    Feb 2009
    Location
    Lancashire
    Posts
    972
    Thank Post
    102
    Thanked 116 Times in 101 Posts
    Rep Power
    74
    @ellsandell you could try Unshorten any URL - unshort.me to get the link the bit.ly url points to.

  15. Thanks to Arcath from:

    ellsandell (3rd June 2014)

  16. #60
    Joanne's Avatar
    Join Date
    Nov 2007
    Location
    Lancashire
    Posts
    1,630
    Thank Post
    141
    Thanked 152 Times in 130 Posts
    Blog Entries
    17
    Rep Power
    81
    I've tried to set up the e-mail authentication method to do filtering over-ride, but it continues to say that there is no authentication source. I've followed the instructions and double checked all the settings... I'm so confused !!

SHARE:
+ Post New Thread
Page 4 of 6 FirstFirst 123456 LastLast

Similar Threads

  1. Problems with the smart filter
    By Arcath in forum CLEO
    Replies: 5
    Last Post: 9th June 2009, 11:10 AM
  2. Sonicwall Filtering Issue
    By Number6 in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 11th March 2009, 02:29 PM
  3. [CLOSED] Bug/Error: Changing the title of a thread
    By FN-GM in forum EduGeek.net Site Problems
    Replies: 10
    Last Post: 18th February 2008, 11:06 PM
  4. The Post Your Desktop Thread
    By mrforgetful in forum General Chat
    Replies: 59
    Last Post: 2nd July 2007, 10:25 AM
  5. Moodle and the Algebra Filter
    By wesleyw in forum Virtual Learning Platforms
    Replies: 3
    Last Post: 22nd May 2007, 09:33 AM

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (1 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •