From: <eob...@us...> - 2011-11-27 17:56:40
|
Revision: 6135 http://ipcop.svn.sourceforge.net/ipcop/?rev=6135&view=rev Author: eoberlander Date: 2011-11-27 17:56:34 +0000 (Sun, 27 Nov 2011) Log Message: ----------- Move CRE section to later Proxy chapter. Modified Paths: -------------- IPCopDoc/trunk/en/admin/xml/proxy.xml IPCopDoc/trunk/en/admin/xml/services.xml Modified: IPCopDoc/trunk/en/admin/xml/proxy.xml =================================================================== --- IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-11-27 15:31:41 UTC (rev 6134) +++ IPCopDoc/trunk/en/admin/xml/proxy.xml 2011-11-27 17:56:34 UTC (rev 6135) @@ -39,6 +39,11 @@ <link linkend="proxy-auth-radius"><guimenuitem>RADIUS Authentication</guimenuitem></link> </para> </listitem> + <listitem> + <para> + <link linkend="proxy-cre"><guimenuitem>Classroom extensions</guimenuitem></link> + </para> + </listitem> </itemizedlist> </para> @@ -77,4 +82,221 @@ </para> </sect2> + <sect2 id="proxy-cre"> + <title>Classroom extensions</title> + <para> + The ClassRoom Extensions (CRE) to the proxy server + give you the ability to delegate administrative tasks to + non-administrative users through a separate Web Access + Management page. + </para> + <para> + The CRE offers these features: + </para> + <para> + Full web based access management + </para> + <itemizedlist> + <listitem> + <para> + Predefined client groups can be turned on or off using a + standard web browser. + </para> + </listitem> + <listitem> + <para> + All administrative CRE options are accessible and configurable + within the web based IPCop GUI. + </para> + </listitem> + </itemizedlist> + <para> + Different security levels + </para> + <itemizedlist> + <listitem> + <para> + Web Access Management rights can be controlled by password + and/or by network address. + </para> + </listitem> + <listitem> + <para> + No administrative privileges to the IPCop GUI required for the + Web Access Management. + </para> + </listitem> + <listitem> + <para> + The Supervisor cannot override any proxy server based + restrictions set by the IPCop Admin. + </para> + </listitem> + </itemizedlist> + <para> + Flexible configuration + </para> + <itemizedlist> + <listitem> + <para> + The IPCop Admin can define client groups with MAC addresses, + single IP addresses, IP ranges, subnets or even all of them. + </para> + </listitem> + </itemizedlist> + <para> + The CRE creates a new role, between that of Admin and Users: + the Supervisor. + </para> + <para> + The Supervisor can turn on and off web access for predefined + groups (e.g. specific computers in a classroom) + without the need to have administrative access rights, + or knowledge of, the IPCop GUI. + </para> + <para> + The Web Access Management Interface can be started from any + client computer. + Open a web browser and enter the URL + <ulink url="https://192.168.1.1:8443/cgi-bin/webaccess.cgi">https://192.168.1.1:8443/cgi-bin/webaccess.cgi</ulink> + (replacing the 192.168.1.1 with the IP Address of your IPCop). + </para> + <para> + If the Web Access Management Interface has not yet been enabled + by the Admin, you'll see this text: + <quote>The management interface has been disabled by the + Administrator</quote>. + </para> + <para> + If the Web Access Management Interface has been enabled, + but the Admin has not defined any groups, you will see this + text: <quote>There are no access groups available</quote>. + </para> + + <sect3 id="proxy-cre-configuration"> + <title>Classroom extensions configuration</title> + <para> + The classroom extensions are enabled/disabled and configured on the + <link linkend="services-webproxy">proxy server</link> + web page. + </para> + <para> + After making any changes, remember to press the + <guibutton>Save</guibutton> button to apply them. + </para> + <para> + <mediaobject> + <imageobject role="fo"> + <imagedata fileref="&imagepath;proxy-cre.&imageext;" + format="PNG" + contentwidth="14cm"/> + </imageobject> + <imageobject role="html"> + <imagedata fileref="&imagepath;proxy-cre.&imageext;" format="PNG" align="center"/> + </imageobject> + <textobject> + <phrase>Classroom extensions configuration</phrase> + </textobject> + </mediaobject> + </para> + <formalpara> + <title><guilabel>Enabled</guilabel></title> + <para> + Check this box to enable the Supervisor Web Access + Management Interface. + </para> + </formalpara> + <formalpara> + <title><guilabel>Supervisor password</guilabel> (optional)</title> + <para> + When this password is set, all Supervisor users must enter + the password to manage web access. + This is optional, but for security reasons, either set a + Supervisor password, or define Supervisor IP addresses. + </para> + </formalpara> + <formalpara> + <title><guilabel>Supervisor IP addresses (one per line)</guilabel> (optional)</title> + <para> + This field allows you to define the IP addresses that will + be able to manage web access. + This is an optional configuration item which can be used to + increase security, or to simplify management, + if you don't want to configure a Supervisor password. + </para> + </formalpara> + <para> + For example, add these IP addresses, if you want to + allow them Supervisor access: + </para> + <screen><computeroutput>192.168.1.20 +192.168.1.30</computeroutput></screen> + <para> + The highest level of security is achieved when both a Supervisor + password is set, and IP restrictions are applied. + </para> + <formalpara> + <title><guilabel>Classroom group definitions</guilabel></title> + <para> + Your classroom group definitions are entered in this field. + A classroom group definition takes this format: + </para> + </formalpara> + <screen><computeroutput>[groupname] +client MAC address or client IP address or IP range or IP subnet +client MAC address or client IP address or IP range or IP subnet +client MAC address or client IP address or IP range or IP subnet</computeroutput></screen> + <para> + So, for example, you might have a pair of group definitions + like this: + </para> + <screen><computeroutput>[Example group 1] +192.168.1.11 +192.168.1.12 +192.168.1.13 +[Example group 2] +192.168.1.21-192.168.1.25</computeroutput></screen> + <para> + Each group has a 'groupname', which must be unique. + The groupname is the part of the group definition between the + square brackets. + The name will appear in the web access management interface. + </para> + <para> + Each group can have an unlimited number of client definitions. + You can use mixed client definitions within a group, + but each definition must be in a single line. + Here are some examples: + </para> + <para> + Single host - MAC Address + </para> + <screen><computeroutput>01:23:45:67:89:0A</computeroutput></screen> + <para> + Single host - IP Address + </para> + <screen><computeroutput>192.168.1.11</computeroutput></screen> + <para> + Host range + </para> + <screen><computeroutput>192.168.1.21-192.168.1.25</computeroutput></screen> + <para> + Subnet (netmask notation) + </para> + <screen><computeroutput>192.168.1.32/255.255.255.240</computeroutput></screen> + <para> + Subnet (CIDR notation) + </para> + <screen><computeroutput>192.168.1.32/28</computeroutput></screen> + </sect3> + + <sect3 id="proxy-cre-security"> + <title>CRE security levels</title> + <para> + Content to follow... + </para> + </sect3> + + </sect2> + </sect1> Modified: IPCopDoc/trunk/en/admin/xml/services.xml =================================================================== --- IPCopDoc/trunk/en/admin/xml/services.xml 2011-11-27 15:31:41 UTC (rev 6134) +++ IPCopDoc/trunk/en/admin/xml/services.xml 2011-11-27 17:56:34 UTC (rev 6135) @@ -504,146 +504,9 @@ </para> <para> See the -<!-- <link linkend="proxy-cre">Classroom extensions</link> ---> Classroom extensions [<emphasis>link to follow...</emphasis>] + <link linkend="proxy-cre">Classroom extensions</link> section for further information. </para> -<!-- section to be moved to proxy chapter - <para> - The CRE creates a new role, between that of Admin and Users: - the Supervisor. - </para> - <para> - The Supervisor can turn on and off web access for predefined - groups (e.g. specific computers in a classroom) - without the need to have administrative access rights, - or knowledge of, the IPCop GUI. - </para> - <para> - The Web Access Management Interface can be started from any - client computer. - Open a web browser and enter the URL - <ulink url="https://192.168.1.1:8443/cgi-bin/webaccess.cgi">https://192.168.1.1:8443/cgi-bin/webaccess.cgi</ulink> - (replacing the 192.168.1.1 with the IP Address of your IPCop). - </para> - <para> - If the Web Access Management Interface has not been yet enabled - by the Admin, you'll see this text: - <quote>The management interface has been disabled by the - Administrator</quote>. - </para> - <para> - If the Web Access Management Interface has been enabled, - but the Admin has not defined any groups, you will see this - text: <quote>There are no access groups available</quote>. - </para> - <para> - <figure id="v2.services.013"> - <title>Web proxy - Classroom extensions configuration Section</title> - <mediaobject> - <imageobject role="fo"> - <imagedata fileref="&imagepath;proxy-cre.&imageext;" - format="PNG" - contentwidth="14cm"/> - </imageobject> - <imageobject role="html"> - <imagedata fileref="&imagepath;proxy-cre.&imageext;" format="PNG" align="center"/> - </imageobject> - <textobject> - <phrase>Classroom extensions configuration</phrase> - </textobject> - </mediaobject> - </figure> - </para> - <formalpara> - <title><guilabel>Enabled</guilabel></title> - <para> - Check this box to enable the Supervisor management interface. - </para> - </formalpara> - <formalpara> - <title><guilabel>Supervisor password</guilabel> (optional)</title> - <para> - When this password is set, all Supervisor users must enter - the password to manage web access. - This is optional, but for security reasons, either set a - Supervisor password, or define Supervisor IP addresses. - </para> - </formalpara> - <formalpara> - <title><guilabel>Supervisor IP addresses (one per line)</guilabel> (optional)</title> - <para> - This field allows you to define the IP addresses that will - be able to manage web access. - This is an optional configuration item which can be used to - increase security, or to simplify management, - if you don't want to configure a Supervisor password. - </para> - </formalpara> - <para> - For example, add these IP addresses, if you want to - allow them Supervisor access: - </para> - <screen><computeroutput>192.168.1.20 -192.168.1.30</computeroutput></screen> - <para> - The highest level of security is achieved when both a Supervisor - password is set, and IP restrictions are applied. - </para> - <formalpara> - <title><guilabel>Classroom group definitions</guilabel></title> - <para> - Your classroom group definitions are entered in this field. - A classroom group definition takes this format: - </para> - </formalpara> - <screen><computeroutput>[groupname] -client MAC address or client IP address or IP range or IP subnet -client MAC address or client IP address or IP range or IP subnet -client MAC address or client IP address or IP range or IP subnet</computeroutput></screen> - <para> - So, for example, you might have a pair of group definitions - like this: - </para> - <screen><computeroutput>[Example group 1] -192.168.1.11 -192.168.1.12 -192.168.1.13 -[Example group 2] -192.168.1.21-192.168.1.25</computeroutput></screen> - <para> - Each group has a 'groupname', which must be unique. - The groupname is the part of the group definition between the - square brackets. - The name will appear in the web access management interface. - </para> - <para> - Each group can have an unlimited number of client definitions. - You can use mixed client definitions within a group, - but each definition must be in a single line. - Here are some examples: - </para> - <para> - Single host - MAC Address - </para> - <screen><computeroutput>01:23:45:67:89:0A</computeroutput></screen> - <para> - Single host - IP Address - </para> - <screen><computeroutput>192.168.1.11</computeroutput></screen> - <para> - Host range - </para> - <screen><computeroutput>192.168.1.21-192.168.1.25</computeroutput></screen> - <para> - Subnet (netmask notation) - </para> - <screen><computeroutput>192.168.1.32/255.255.255.240</computeroutput></screen> - <para> - Subnet (CIDR notation) - </para> - <screen><computeroutput>192.168.1.32/28</computeroutput></screen> - --> </sect3> <sect3 id="services-webproxy-time"> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |