Re: user based IP address assginment

[Cliff Skolnick <cliff () steam com>]

How about using VPN technology (even RAS will do the trick).  You get
assigned a private IP address via DHCP, then when you authenticate to the
VPN solution you get your real IP address and access to the real network?  
The downside to this that comes to mind is performance loss.  Run some tests
to make sure the performance loss is acceptable for you before rolling this
out.

Sure this will use a few more CPU cycles so it may require some more
hardware, but you will get something that is less hackish and you can even
call for support.  VPN solutions can also keep good logs, so you may get
report generation capability as a bonus.

Cliff

On Thu, 2 Nov 2000, daN. wrote:

> There is a way to do this but its kind of a pain.
> 1. Machine gets turned on.
> 2. gets assigned a non addressable IP via DHCP (different subnet if you are 
> already behind a nat)
> 3. user goes to a webserver also on the non addressable network and enters 
> username/password
> 4. executes a php script to take the MAC address out of the communications 
> and modify dhcpd.conf to add a reservation for the newly logged in machine.
> 5. user runs winipcfg and hits release all/renew all. gets assigned the 
> reserved IP now on the local network.
>
> This doesn't add any security to your network because a user can always set 
> their IP address manually .
>
> mutated
>
>
> At 10:16 AM 10/31/00 -0800, David Lang wrote:
> > the problem is that the machine needs to be up on the network before a
> > user logs into it.
> >
> > the metaIP product can change the name (wins and DNS) of the machine based
> > on who logs into it, but the IP address gets assigned when the machine
> > boots so by the time someone logs in it is to late.
> >
> > David Lang
> >
> >  On Mon, 30 Oct 2000,
> > GS wrote:
> >
> > > Date: Mon, 30 Oct 2000 19:42:46 +0100
> > > From: GS <eor () gmx net>
> > > To: firewall-wizards () nfr com
> > > Subject: [fw-wiz] user based IP address assginment
> > >
> > > Hi,
> > >
> > >
> > > is there any Tool or any way to assgin an IP address depending on the 
> > UserID?
> > > The only thing i found on my research is META IP (by CheckPoint).
> > > But as far is i understand the concept of META IP, a firewall, or a 
> > service
> > > must
> > > use the UAM service to auth. a user, so only the other checkpoint products
> > > will work?
> > > And, a user gets a "random" ip out of his subnet ip pool.
> > > What i want to do is to "hard-wire" an IP to an User! (_not_ to a machine).
> > > The platform can be WinNT 4/5 or Netware 4/5.
> > >
> > >
> > > Thank you in advance,
> > >
> > > Gregor Stefka
> > > edv-anwendungsberatung gmbh
> > >
> > >
> > > _______________________________________________
> > > firewall-wizards mailing list
> > > firewall-wizards () nfr com
> > > http://www.nfr.com/mailman/listinfo/firewall-wizards
> >
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards () nfr com
> > http://www.nfr.com/mailman/listinfo/firewall-wizards
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards

--
   | Cliff Skolnick          | "They that can give up essential liberty to |
   | Steam Tunnel Operations |  obtain a little temporary safety deserve   |
   | cliff () steam com         |  neither liberty nor safety."               |
   | http://www.steam.com/   |                  -- Benjamin Franklin, 1759 |


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards