|
|
Web-based clients use the URT Web Client Interface to authenticate and assign VLANs to web users. Any configured LDAP or RADIUS domain can authenticate web clients.
For more information about adding LDAP directories and RADIUS servers, see "Setting Up Domains, Directories, and Servers."
These topics describe administrative and client tasks for using the Web Client Interface:
In the DNS field of the DHCP server Logon Vlan scope, add the IP addresses of your VPSs. Doing this allows the web client to be redirected to the VPS for the URT web logon page. If one VPS is down, the secondary VPS is accessed to display the web logon page.
Before logon, any URL the web user enters into the browser is automatically redirected to the URT web logon page. After logon, the user can browse to any permitted URL without editing any browser settings.
The DNS server that runs on the VPS replies to all queries from the current system IP address before logon.
 |
Note You must modify the DHCP setting for the logon VLAN to use the VPS as the DNS setting. When a user logs on from the web, the web address is queried in DNS. The response to the query is the IP address of the current VPS system; the URT web logon page is displayed. |
The following topics describe the administrative tasks you must perform for web logons:
The VPS generates a web page for web clients to enter their user ID, password, and domain name for authentication. The web logon page is the page users see when they first start their browsers.
You can add customized advertisement or announcement text to this page. When you edit the customized text, the page is regenerated. You make these changes on the Administrative Server and they are pushed to the VPS.
The web logon page is also regenerated when you add or remove an LDAP domain or RADIUS server.
Step 2 Click the Web tab.
Step 3 Enter the HTML code for the text you want to display on the logon page.
Step 4 Enter the title you want to be displayed on the page.
Step 5 (Recommended.) If you want the web browser to close, select the Close web browser window after launching URT Web Client option (default).
Step 6 Select the language for the logon page.
Step 7 Click OK.
The HTML code is immediately pushed out to all URT VPSs. The logon page is regenerated and all subsequent clients logging on will see the updated page.
In addition to VLAN associations, you can set web associations for an LDAP server.
Step 2 Click the Web Associations tab in the right pane.
Step 3 Double-click on the user or group again (in the left pane).
The Web Associations dialog box is displayed.
Step 4 Select these checkboxes as appropriate:
Step 5 Click OK.
Logging is enabled by default, and the logged information is written to the UrtWebClient.log trace file in the user's %TEMP% directory.
To view the information logged to the trace file, press F10. The information in the log shows several different events.
Step 2 Enter cd %TEMP%
The full path to the log file is displayed.
To use URT, all Macintosh Operating System (MacOS) clients must enable root and must log onto the system as root. Doing so allows MacOS users to release and renew their IP addresses as required by URT.
In situations where root is enabled and you try to log on as root, but the initial MacOS logon screen does not list root as a user, you must switch to the logon screen where you can enter the username, then enter the username root.
|
Note The default administrator on MacOS systems is called System Administrator. |
Each MacOS user must create the root user only once, using one of the methods described in the following topics:
Step 2 Select Domain>Security>Authenticate.
Step 3 If prompted, enter the admin password.
Step 4 Select Domain>Security>Enable Root User.
Step 5 Enter a new root user password.
Step 6 Confirm the new password.
Step 2 Enter the admin password.
Step 3 When prompted for a root login password, enter the new password.
Step 4 Enter su.
Step 5 Enter your root password to log on as root.
URT supports Linux users who use the DHCP pump, dhcpcd, or dhclient clients. On Linux systems with multiple users, you can provide all users with the required privileges to release and renew their IP addresses.
There are two methods for assigning the necessary privileges to users:
Step 2 To add all users to the new group, use a text editor to edit the /etc/group file.
Step 3 Enter chgrp groupname for the ifup, ifdown, pump, and usergroupname programs.
Step 4 Edit the /etc/sysconfig/network-scripts/ifcfg-IFACE file.
Step 5 In the line that contains your new group, change no to yes.
 |
Caution This method provides users with higher privileges than they would normally have. |
You can allow users to control the dhcp client. To do so, enter the following command:
|
Caution This method provides users with higher privileges than they would normally have. |
To use the web client, the user must log onto the local system as an Administrator or root user.
The VPS generates a web page for web logon clients. Web clients see this page when they first start their browsers. The web logon page contains user ID, password, and domain name fields.
Before logon, any URL the web user types into the browser is automatically redirected to the URT web logon page. After logon, the user can browse to any allowed URL without changing any browser settings.
|
Note In an environment with several web users, you should consider setting up a dedicated VPS for authenticating web logons. For more information, see the "Updating VPSs with New Group or Organizational Unit Lists" section. |
The first time URT web users open Netscape Navigator on MacOS and Linux systems using Netscape Navigator, they might be requested to install the Java plug-in. In this case, instructions are provided during the logon sequence to install the plug-in. This step is required only once; subsequent logons do not require it.
Users can enter their logon information in the URT web logon page.
URT authenticates the user, then gathers MAC address DHCP data from the client system to send to the VPS. If necessary, URT releases and renews the web user's IP address.
|
Note All web users must have root privileges to release and renew their current IP address so that URT can perform this step, if necessary. For information about setting up MacOS clients, see the "Enabling Root on MacOS Clients" section. For information about how URT processes user logons and logoffs, see the "Processing User Logons and User Logoffs" section. |
Step 2 In the Password field, enter your password.
Step 3 In the Domains list, select your domain.
Every LDAP and RADIUS domain added to URT is displayed.
Step 4 Click Logon.
The URT logoff page shows your connection time. However, if you selected the Log on user and remove logoff window option, the connection time is not displayed.
The web associations determine how a client logs off. If you select the Log on user and remove logoff window option, no logoff window is displayed. Clients remain connected until they power off or disconnect their systems from the network.
If this web association is not selected, a logoff window remains open for the user to log off at any time.
URT uses a synchronizing thread to send synchronized packets every five minutes for the logged on client, to ensure that the user is still logged on. When the synchronized packets are no longer received by the VPS, the client is moved back to the logon VLAN. This happens when the client system logs off in an abnormal state, such as when the browser freezes.
|
Note If users disconnect their systems by unplugging a cable, logoff takes about 10 minutes (the time it takes for two synchronizing messages to be generated). |
Posted: Tue May 20 18:36:01 PDT 2003
All contents are Copyright © 1992--2003 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.