Just wondering (and please excuse the stupid question, I’m not a dev, or a devop, and have no knowledge about these things), but is it possible to maybe add functionality into the NS groups (in the management section of users, groups, and shared folders) to be able to add AD users into a group?
That way, I would be able to create an NS group, add/remove any AD user from it, and apply the content-filter policies on the NS group.
Again, I don’t know if it’s easier or simpler or how it can be done, so if that’s impossible to add as a feature, I apologize.
This is not possible for the same reason: if a user belonging to a NS group has been deleted inside the AD, who notifies NS about the change?
Also as a common accepted rule, usually users and groups should be managed only in one place (like NS or AD) to avoid data duplication.
I would much rather do an occasional or quarterly housekeeping and delete a few users from NS groups by hand, rather than make 2000 separate profiles, just saying
I finally moved my NS 6.7 server that I was testing for webfiltering to production. However, I’ve started noticing that none of my created profiles are being implemented, and only the default profile is being used for all users (even if those users have another specific profile set for them).
Any help guidance?
Edit: So the individual profiles are working if I use IP address, but not if I’m using AD users. This is just not working at all with AD integration. Which means that DHCP (general DHCP, not NS dhcp) on the network becomes useless.
Edit2: It seem the default profile is fucking things up, since it’s using “any host” … so I assume NS filtering based on host (IP), and then also filtering based on AD username, so both sets of profiles are being implemented. What’s the best way to use it? Allow everything on the default, and then enable profiles based on AD username? Would that help me filter things for users that I need filtered, or would they go unrestricted due to “default” profile? And how do I edit the default profile? Can I change it in any way?
If the default rules, is “any host”, after trigger this rule it should shortcut rules behind…
If you have difficulties with network objects, I would suggest you to install NethServer-avahi, this little daemon will help you to find all netwotk “objects”, and help you to create fine grained local group to make your filters.
That’s exactly the problem. I have an AD user “XYZ” on a host “192.168.x.x” … I’ve created a filter (F0) for the user, and in “who” section, I’ve selected the XYZ user. Default filter is set to allow all, and it acts on “any host”. F0 filter is set to block facebook/twitter/etc. Now when user goes on internet, he is able to access all these sites.
In second case, when I create a policy F1, and select his host “192.168.x.x” from the drop-down “who” section of the filter, then his traffic is being blocked for these websites.
I don’t see any option to do this in the content filter.[quote=“Jim, post:27, topic:3251”]
If not, create another group in place of “any host”, for exemple " allowed group"…
[/quote]
The “default profile” cannot be edited. I can edit the “default filter” which is being used by the “default profile” … but then the point remains the same. Whatever is set as policy in the “default filter” will apply to all hosts on the network, and over-rule any filter set by AD username.
Can someone check if they have this same issue or is it only me? I’ve run 2-3 different instances of NS, both 6.7 and also 7 … and in all of them, for web filtering, the “default profile” is not editable. I can edit the “default filter”, but not the “default profile”
Out of curiousity, am I the only one with this issue? Nobody else is facing this “default profile applied to any host” effectively kills the concept of using “user-based” profiles and restricts to using only “host-based” profiles?