Our company have distributed net of branch offices. All employees have a account in Active Directory.
We need to restrict Internet access by sites (URLs) for some users (BadGuys). Main idea is to Create 2 AD Groups
“AllowAllInternet” - for most users without any limitations and “RestrictedInternet” for users, that have limited Internet access.
All users before using Internet must authorize in Hotspot. Hotspot do auth. via RADIUS Server.
Now, my question
“How to do intenet limitation beside presens in active directory”
You can’t really block certain users from certain websites in mikrotik.
Well, yes, you can block access to IP addresses based on the user’s IP address… but that could get huge and difficult quickly, as many websites have multiple ip addresses… and some of them dynamic.
You need some 3rd party proxy server that can allow/block based on radius. Look into Squid Proxy Server, it is fairly robust, and it may be able to do this with some customizations.
Our users logon via HotSpot and RADIUS. How i can get information about presense users in one or other Active Directory group?
If users localy added to Mirkoritk Router (no RADIUS authorization) i can run script during user log on and log off, is any such mechanism for RADIUS loged on users?
