Re: [squid-users] redirection?

From: Rick Whitley <rickwh@dont-contact.us>
Date: Thu, 15 Jul 2004 16:47:48 -0500

Mostly Windows/IE along with a few Macs. We might end up with a couple
of renegade Linux machines. If I change the proxy setting in the browser
the gateway is still set to be the 1st proxy server. Is there something
that I can test in that server to indicate that this request belongs to
the 2nd proxy? I thought that I would end up in a loop since the 1st
proxy sends all traffic to the disclaimer page.

rick...
Rom.5:8

>>> Tim Neto <tneto@komatsu.ca> 7/15/2004 2:16:29 PM >>>

Hello Rick,

Are the students all using Microsoft Windows desktops? Or is there a
mixture of Linux, BSD, Mac, and Microsoft?

If only Microsoft and IE browser, you can use a policy on the network
to
set the proxy settings.

If Linux/BSD with Mozilla, I have seen notes about a deployment tool
for
Mozilla (Netscape 6+) that would preset the prefernces like the proxy
pac file.

For Mac's? I do not know, but I'd suspect a central or network
configuration tool is available.

Lastly, your sign up web site could have instructions on how to set the

proxy config file in the sutdent's browser of choice. Once done,
external web access could be possible, but not permissible until
validated.

Hope this helps (HTH).

Tim

-----------------------------------------------------------
Timothy E. Neto
 Computer Systems Engineer Komatsu Canada Limited
 Ph#: 905-625-6292 x265 1725B Sismet Road
 Fax: 905-625-6348 Mississauga, Canada
 E-Mail: tneto@komatsu.ca L4W 1P9
-----------------------------------------------------------

Rick Whitley wrote:

>When the user boots they get network through dhcp but nothing else.
>Squid is supposed to control access to the internet and we want to
limit
>their network access to just the disclaimer/login site. The login at
>this site will go to (probably a 2nd proxy) to do ldap_auth. That
part
>works. I can get authenticated/authorized but I want to be able to go
to
>this site because new students will not have a valid id yet.
>
>
>
>rick...
>Rom.5:8
>
>
>
>>>>Chris Perreault <Chris.Perreault@Wiremold.com> 7/15/2004 1:45:57
PM
>>>>
>>>>
>>>>
>Determine what means you have for authenticating those users. You
>previously
>mentioned LDAP which is one method.
>
>Step 3 is where things get tricky. Squid authenticates and doesn't
>know,
>unless using a helper, that the user is logged in elsewhere already.
>Just
>logging in, on the webserver, is not in itself to let authenticated
>users
>get to the web in your scenario. Squid will let squid-authenticated
>users
>pass, but needs help in knowing if they are members of some other
>database
>of users. Squid does not have a "logon" webpage. It will display a
>basic
>auth box to authenticate, which tells squid OK or ERR. Based on that
>simple
>yes/no the ACLs then determine what happens next.
>
>The next important item might be knowing what type of user database
>are
>these users being activated within? Novell, AD, UNIX, Windows Domain,
>etc.
>
>When you ask about modifying the basic auth box....you can change the
>name
>of the Realm, from within the squid.conf file, but that's pretty much
>it. It
>is not a webpage, it's a simple box. Squid is not a webserver and a
>webserver is not a gateway/proxy.
>
>I think the best you can do is prompt everyone for a username and
>password
>and if they fail out they get redirected to a helpdesk type page
which
>outlines what to do if they lost their password, how to sign up for
>access
>if they have not done so yet, etc.
>
>Are you having these users configure their proxy server, or are you
>running
>it in transparent mode?
>
>Chris Perreault
>
>-----Original Message-----
>From: Rick Whitley [mailto:rickwh@dbu.edu]
>Sent: Thursday, July 15, 2004 2:30 PM
>To: squid-users@squid-cache.org; Chris Perreault
>Subject: RE: [squid-users] redirection?
>
>
>Here is the process we are trying to create.
>
>1. User boots computer
>2. opens browser (attempts to go to url)
>3. Initial website displays
> Gives user option to Activate account or Login
>4. New user activates account
> returns to initial page and logs in
>5. Activated user logs in
>6. They browse the net.
>
>Is it possible (using more than 1 proxy server if necessary)?
>
>When I turn on auth I get a dialog box requesting userid and passwd.
>Can
>that page be modified to display disclaimer/login activation or is
that
>more
>work than its worth?
>
>As you said Chris, just knowing that it is possible is half the
>battle.
>Right now I'm looking for possibilities. I need to know I'm on the
>right
>track or find out where the track is.
>
>rick...
>Rom.5:8
>
>
>
>>>>Chris Perreault <Chris.Perreault@Wiremold.com> 7/15/2004 1:09:08
>>>>
>>>>
>PM
>
>
>Rick,
>
>Logically map out what you'd like to have happen. I get stuck on this
>one.
>Define "initial", map all the steps out that you need to have occur.
>
>I'm a user, and I input www.google.com into my browser. As an admin,
do
>you
>want me to "initially" go to google or to this disclaimer page?
>
>If the disclaimer page...ok, you can redirect www.google.com (or all
>traffic) to go to the disclaimer page, but...it always will go there.
>There
>isn't a counter type thing that knows you already attempted google
>once, so
>the next time it should let really go to google.
>
>I suppose, using the ACL's you could check against a userlist. If
they
>are
>not in the list, then they get redirected to the signup/disclaimer
>page.
>This signup page/application needs to populate the "ok" userlist
>quickly and
>on the fly though. You need this site to always be accessable too.
>Otherwise
>if a user tried to reach a subpage within the disclaimer site, squid
>would
>again redirect them to the homepage of the disclaimer site.
>
>I'm new at squid too, only been using it a month or so, and not in
the
>way
>you want to use it either. Knowing something is possible is half the
>battle
>though, the rest is just figuring it out and making it go.
>
>Chris Perreault
>Webmaster/MCSE
>The Wiremold Company
>West Hartford, CT 06010
>860-233-6251 ext 3426
>
>
>-----Original Message-----
>From: Rick Whitley [mailto:rickwh@dbu.edu]
>Sent: Thursday, July 15, 2004 1:51 PM
>To: squid-users@squid-cache.org
>Subject: [squid-users] redirection?
>
>
>I need to have all traffic on our student network display an initial
>website
>for disclaimers and info. Would this be done through a redirector or
>is
>there an acl I am unaware of?
>
>I am using squid 2.5.stable5.
>
>thanks
>
>rick...
>Rom.5:8
>
>
>
Received on Thu Jul 15 2004 - 15:48:03 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT