lightspeed web auth
Another thread on here sparked a question I have about my lightspeed. First I should say I donít have full control of the box, I am a tier admin.
I have noticed under the authentication tab I can make all devices authenticate or just if the identity is unknown. Can I have this apply to only one subnet, or exclude a subnet from this?
I have two cases where I want opposite settings, and Iím not sure how it will all work out yet.
1 we have reports of students trying to look up inappropriate material, but it is coming from the Ipad subnet, so usernames are not in the reports. I have not had a chance to look at the lightspeed ipad app but that is one solution I will explore. However if I could force the ipads to web auth it might be a nicer solution than the app.
2 on the other hand we are talking about opening our wifi to guests, these guest devices would not have AD credentials to login to lightspeed. If the guest ip range could be excluded from auth that would be great.
Also is there a url a user could go to get the login page, currently the only way to web auth is to hit the login link from the blocked page, without forcing all devices to auth of course.
Thanks for any help and advice.
Yes you can do this :)
1 - if you set authentication to either on for unknown devices then you should get the authentication prompt come up for any devices that do not have a lightspeed agent installed. So the iPads that don't have a agent will prompt for a username & password where as your network machines with the agent on will then proceed through to internet without any prompting.
2 - Again this is "doable" by adding the IP range that your gussets will be using to the exemptions panel at the bottom of the web filter settings page.
The way we run out lightspeed system is that the require users to authenticate only when their identify is not known, we then add into the exemptions panel any ranges of IPs (or invidual IPs) that we do not want to authenticate. But you do then need to add these ranges/ips to the policy management section with a policy otherwise they will just defualt to what ever your tier policy is (this can be found at the bottom of the policy management page)
Hope that helps :)
Its also worth checking out the lightspeed Wiki (Home - Dashboard -Lightspeed's Support Wiki)
Thanks, I'll investigate that and run it by the principals wanting the usernames.
Just to add some more info, to that great reply:
If your on version 2.2.17> you can have different authentication lifetimes per User, Group or User OU. Handy for just authenticating students for a class length of time, but staff for longer.
You can also force / manually log out a web authentication by going to http://lsaccess.me/logout
Originally Posted by dobsonl
I too am looking for the third request mentioned here that I don't see a solution for. Specifically, Is there a url that will show the access page without getting blocked first? The teachers here would like to login at the beginning of class and then use lsaccess.me at the end.