RE: [squid-users] Auto Detect Proxy in Browser, visiting users.

Also, you could do it the way I am running it..Or attempting to..
If you are on a windows domain (assuming you are as you're using LDAP or NTLM)..Use a Group policy object to push out the proxy. So long as all of your boxes are at least WIN2K you can do it in 4 minutes.. If you're not sure on how to do so, feel free to email me here or directly..
The rest is correct about LDAP and NTLM..

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Wednesday, April 22, 2009 11:25 PM
To: Chris Robertson
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Auto Detect Proxy in Browser, visiting users.

> gavguinness wrote:
>> Hi
>>
>> I'm new to Squid. New in the sense that this time yesterday, I didn't
>> know
>> what Squid was. I knew what I wanted to achieve though, and I've
>> achieved
>> most of this today using Squid and a few helpful online guides...
>>
>> To have users promted to authenticate when they start their browser
>> (Check)
>> To log their activity in a log file (Check)
>> Not to have to install any software on the PC (Check)
>> Specifically not to use any server based DB lookup authentication
>> (check)
>>
>> The only problem is that I want all users to go through Squid, even
>> visiting
>> users. A lot of our guys are not going to want to manually enter Proxy
>> settings each time they visit a site - I want it to be automatic.
>>
>> Similarly, not every user logs into our server(s), so I can't deploy a
>> scrips or setting to the visiting computer as they simply connect to the
>> WiFi, or Cabled network point.
>>
>> So basically, just connect up to the network, go on line and BAM, they
>> have
>> to authenticate. Just like in Starbucks! (But without the coffee or
>> wifi
>> charges!)
>>
>> I looked at transparent settings, but I gather this doesn't work with
>> Authentication, so that's a no.
>>
>> Now i'm focussing on how to get the clients to auto detect the squid
>> box.
>> But I can't fathom how that's going to work. If the machines don't know
>> it's there, how can squid make itself known to them?
>>
>> Ideally (and bear in mind my lack of knowledge at this stage) I would
>> like
>> to just have my DCHP tell the clients that the squid box is the default
>> gateway and solve it that way, but again, I'm learning that the proxy
>> doesn't work that way - it's not a router, right?
>>
>> Hope that makes sense, any help appreciated. But in the meantime, I'll
>> get
>> my head back in the manual!
>>
>> Cheers
>>
>
> Look into WPAD
> (http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) or a
> captive portal like WiFiDog
> (http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal) or the Squid
> session helper (check the archives).
>

And definitely the relevant Squid FAQ entries:

http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers?highlight=%28WPAD%29
http://wiki.squid-cache.org/Technology/WPAD/DNS
http://wiki.squid-cache.org/Technology/WPAD

> Here's the condensed version of what I have experienced with WPAD. It
> all assumes that the proxy settings have not been changed from the
> shipping default in the browsers.
>
> Using a Windows (98/2000/XP) machine and Internet Explorer, the DHCP
> option 252 is honored. DNS (wpad.domainname.com) is used in the absence
> of the DHCP option 252. Firefox (2 or 3) on a Windows (98/2000/XP)
> machine or OS X (10.4 for sure) the DHCP option 252 is ignored, DNS is
> used exclusively . Safari on Windows (98/2000/XP) or OS X ignores both
> DHCP and DNS and must be explicitly configured to use a statically
> defined PAC (http://en.wikipedia.org/wiki/Proxy_auto-config) file.
>
> My suggestion is to have a webserver assigned to
> http://wpad.yourdomain.tld that serves a PAC file when
> http://wpad.yourdomain.tld/wpad.dat OR
> http://wpad.yourdomain.tld/wpad.da is requested. This will
> (transparently) catch the majority of web browsers. For the rest, you
> should intercept outbound port 80 traffic and redirect it to a page that
> describes how to set their browser back to defaults (or how to set their
> browser to explicitly grab the PAC file).
>
> Chris
>
Received on Thu Apr 23 2009 - 19:35:58 MDT