gavguinness wrote:
> Hi
>
> I'm new to Squid. New in the sense that this time yesterday, I didn't know
> what Squid was. I knew what I wanted to achieve though, and I've achieved
> most of this today using Squid and a few helpful online guides...
>
> To have users promted to authenticate when they start their browser (Check)
> To log their activity in a log file (Check)
> Not to have to install any software on the PC (Check)
> Specifically not to use any server based DB lookup authentication (check)
>
> The only problem is that I want all users to go through Squid, even visiting
> users. A lot of our guys are not going to want to manually enter Proxy
> settings each time they visit a site - I want it to be automatic.
>
> Similarly, not every user logs into our server(s), so I can't deploy a
> scrips or setting to the visiting computer as they simply connect to the
> WiFi, or Cabled network point.
>
> So basically, just connect up to the network, go on line and BAM, they have
> to authenticate. Just like in Starbucks! (But without the coffee or wifi
> charges!)
>
> I looked at transparent settings, but I gather this doesn't work with
> Authentication, so that's a no.
>
> Now i'm focussing on how to get the clients to auto detect the squid box.
> But I can't fathom how that's going to work. If the machines don't know
> it's there, how can squid make itself known to them?
>
> Ideally (and bear in mind my lack of knowledge at this stage) I would like
> to just have my DCHP tell the clients that the squid box is the default
> gateway and solve it that way, but again, I'm learning that the proxy
> doesn't work that way - it's not a router, right?
>
> Hope that makes sense, any help appreciated. But in the meantime, I'll get
> my head back in the manual!
>
> Cheers
>
Look into WPAD
(http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) or a
captive portal like WiFiDog
(http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal) or the Squid
session helper (check the archives).
Here's the condensed version of what I have experienced with WPAD. It
all assumes that the proxy settings have not been changed from the
shipping default in the browsers.
Using a Windows (98/2000/XP) machine and Internet Explorer, the DHCP
option 252 is honored. DNS (wpad.domainname.com) is used in the absence
of the DHCP option 252. Firefox (2 or 3) on a Windows (98/2000/XP)
machine or OS X (10.4 for sure) the DHCP option 252 is ignored, DNS is
used exclusively . Safari on Windows (98/2000/XP) or OS X ignores both
DHCP and DNS and must be explicitly configured to use a statically
defined PAC (http://en.wikipedia.org/wiki/Proxy_auto-config) file.
My suggestion is to have a webserver assigned to
http://wpad.yourdomain.tld that serves a PAC file when
http://wpad.yourdomain.tld/wpad.dat OR
http://wpad.yourdomain.tld/wpad.da is requested. This will
(transparently) catch the majority of web browsers. For the rest, you
should intercept outbound port 80 traffic and redirect it to a page that
describes how to set their browser back to defaults (or how to set their
browser to explicitly grab the PAC file).
Chris
Received on Wed Apr 22 2009 - 23:44:16 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 23 2009 - 12:00:01 MDT