DansGuardian Documentation Wiki

You are here: Main Index » using_ident_for_user_identification


|

Wiki Information

Differences

This shows you the differences between the selected revision and the current version of the page.

using_ident_for_user_identification 2010/05/04 18:30 using_ident_for_user_identification 2010/08/31 23:40 current
Line 19: Line 19:
In case you want to know the technical details: DansGuardian operation using ident auth will proceed immediately and correctly so long as either connections reach a legitimate ident daemon or are rejected by a network packet with the RST bit set. But DansGuardian operation using ident auth will be dramatically delayed and jerky if it receives absolutely no response at all (not even a RST) to its port 113 traffic (or if if connects to a faulty ident daemon which later becomes unresponsive - fortunately this is very uncommon). In case you want to know the technical details: DansGuardian operation using ident auth will proceed immediately and correctly so long as either connections reach a legitimate ident daemon or are rejected by a network packet with the RST bit set. But DansGuardian operation using ident auth will be dramatically delayed and jerky if it receives absolutely no response at all (not even a RST) to its port 113 traffic (or if if connects to a faulty ident daemon which later becomes unresponsive - fortunately this is very uncommon).
-===== IDENT Servers ===== +Note that unlike earlier versions of Windows, Windows Vista and Windows 7 no longer reject packets sent to port 113 if no running Ident server is found.  This will result in no website being displayed in the browser.  Consequently all machines must have an Ident server installed if you use Ident on your network. 
-In order to use Ident for authentication, an Ident server application must be installed on all client systems. Here are some IDENT servers that can be installed on your workstations:+ 
 +===== Ident Daemons ===== 
 +In order to use Ident for authentication, an Ident daemon/server application must be installed on all workstation computers. Here are some Ident servers that can be installed on your workstations:
**Windows 2000+**  **Windows 2000+** 
-  * Windows Ident Server 2.0 (Windows XP, 2003, Vista, Server 2008) (22 June 2008) - http://rndware.info/content/Windows+Ident+Server +  * Windows Ident Server 2.0 (Windows XP, 2003, Vista, Server 2008) (22 June 2008) - http://rndware.info/products/windows-ident-server.html - Seems to run under Windows 7. //Does not pull up actual username when running as a service - instead it shows the username of the user running the service (usually "system")// 
-  * Retina Scan IDENT (Last Update: vsn 0.3.0 08 Aug 2009) - https://sourceforge.net/projects/retinascan - supports fast user switching. Works on Vista but not Windows 7.+  * Retina Scan IDENT (Last Update: vsn 0.3.0 08 Aug 2009) - https://sourceforge.net/projects/retinascan - supports fast user switching. Works on Vista but not Windows 7. //Does not pull up actual username when running as a service - instead it shows the username of the user running the service (usually "system")//
  * Identdwin (Last Update: 2003) - http://identdwin.sourceforge.net/identd-en.html. Although not updated for many years, this supports fast user switching on Windows 7 if you install the "NT" version in the download.   * Identdwin (Last Update: 2003) - http://identdwin.sourceforge.net/identd-en.html. Although not updated for many years, this supports fast user switching on Windows 7 if you install the "NT" version in the download.
  * Microsoft Windows XP/2000/NT - http://freeware.teledanmark.no/identd (no longer available)   * Microsoft Windows XP/2000/NT - http://freeware.teledanmark.no/identd (no longer available)
Line 32: Line 34:
**Apple** **Apple**
 +  * Apple OS-X 10.0-10.2 - ident server is included in the OS - see below.
  * Apple OS-X 10.3 and higher - http://www.macmax.org/rubrique.php3?id_rubrique=21   * Apple OS-X 10.3 and higher - http://www.macmax.org/rubrique.php3?id_rubrique=21
-===== Installation Instructions =====+===== Workstation Installation Instructions =====
== Windows 9x == == Windows 9x ==
-On Windows 9x machines, simply extract the identd.exe program and set it to run via the Registry Run key or via a network login script. You will need to run it as follows:  +On Windows 9x machines, simply extract the identd.exe program (link provided above) and set it to run via the Registry Run key or via a network login script. You will need to run it as follows:  
-<pre>identd.exe -n -r 0</pre>+<code>identd.exe -n -r 0</code>
    * The -n turns off port-based security which means that it will return an answer no matter where the request is coming from (thus breaking RFC-compliancy, but hey, it works).     * The -n turns off port-based security which means that it will return an answer no matter where the request is coming from (thus breaking RFC-compliancy, but hey, it works).
-    * The -r 0 returns the actul username of the person currently logged into the machine.+    * The -r 0 returns the actual username of the person currently logged into the machine.
== XP/2000/NT == == XP/2000/NT ==
 +**Note:** Make sure that if you have a firewall enabled on your workstations (such as the one included in windows XP SP2) that you allow ident (port 113 - TCP) through the firewall.
 +
On Windows XP/2000/NT just run "identd -install" as an administrator and double-check On Windows XP/2000/NT just run "identd -install" as an administrator and double-check
the Services applet in Control Panel to make sure it loads automatically the Services applet in Control Panel to make sure it loads automatically
Line 54: Line 59:
Once installed, the Ident service must be manually started or the client system rebooted. Once installed, the Ident service must be manually started or the client system rebooted.
- 
-**Note:** Make sure that if you have a firewall enabled on your workstations (such as the one included in windows XP SP2) that you allow ident (port 113) through the firewall.  If you don't DansGuardian will not allow you to browse the web). 
== Linux/Unix == == Linux/Unix ==
Line 69: Line 72:
http://www.macmax.org/rubrique.php3?id_rubrique=21 http://www.macmax.org/rubrique.php3?id_rubrique=21
-=== Enabling ident in DansGuardian ===+===== Enabling ident in DansGuardian =====
DansGuardian can then be configured to use Ident authentication in the dansguardian.conf file.  DansGuardian can then be configured to use Ident authentication in the dansguardian.conf file.