> gavguinness wrote: >> Hi >> >> I'm new to Squid. New in the sense that this time yesterday, I didn't >> know >> what Squid was. I knew what I wanted to achieve though, and I've >> achieved >> most of this today using Squid and a few helpful online guides... >> >> To have users promted to authenticate when they start their browser >> (Check) >> To log their activity in a log file (Check) >> Not to have to install any software on the PC (Check) >> Specifically not to use any server based DB lookup authentication >> (check) >> >> The only problem is that I want all users to go through Squid, even >> visiting >> users. A lot of our guys are not going to want to manually enter Proxy >> settings each time they visit a site - I want it to be automatic. >> >> Similarly, not every user logs into our server(s), so I can't deploy a >> scrips or setting to the visiting computer as they simply connect to the >> WiFi, or Cabled network point. >> >> So basically, just connect up to the network, go on line and BAM, they >> have >> to authenticate. Just like in Starbucks! (But without the coffee or >> wifi >> charges!) >> >> I looked at transparent settings, but I gather this doesn't work with >> Authentication, so that's a no. >> >> Now i'm focussing on how to get the clients to auto detect the squid >> box. >> But I can't fathom how that's going to work. If the machines don't know >> it's there, how can squid make itself known to them? >> >> Ideally (and bear in mind my lack of knowledge at this stage) I would >> like >> to just have my DCHP tell the clients that the squid box is the default >> gateway and solve it that way, but again, I'm learning that the proxy >> doesn't work that way - it's not a router, right? >> >> Hope that makes sense, any help appreciated. But in the meantime, I'll >> get >> my head back in the manual! >> >> Cheers >> > > Look into WPAD > (http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) or a > captive portal like WiFiDog > (http://en.wikipedia.org/wiki/WiFiDog_Captive_Portal) or the Squid > session helper (check the archives). > And definitely the relevant Squid FAQ entries: http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers?highlight=%28WPAD%29 http://wiki.squid-cache.org/Technology/WPAD/DNS http://wiki.squid-cache.org/Technology/WPAD > Here's the condensed version of what I have experienced with WPAD. It > all assumes that the proxy settings have not been changed from the > shipping default in the browsers. > > Using a Windows (98/2000/XP) machine and Internet Explorer, the DHCP > option 252 is honored. DNS (wpad.domainname.com) is used in the absence > of the DHCP option 252. Firefox (2 or 3) on a Windows (98/2000/XP) > machine or OS X (10.4 for sure) the DHCP option 252 is ignored, DNS is > used exclusively . Safari on Windows (98/2000/XP) or OS X ignores both > DHCP and DNS and must be explicitly configured to use a statically > defined PAC (http://en.wikipedia.org/wiki/Proxy_auto-config) file. > > My suggestion is to have a webserver assigned to > http://wpad.yourdomain.tld that serves a PAC file when > http://wpad.yourdomain.tld/wpad.dat OR > http://wpad.yourdomain.tld/wpad.da is requested. This will > (transparently) catch the majority of web browsers. For the rest, you > should intercept outbound port 80 traffic and redirect it to a page that > describes how to set their browser back to defaults (or how to set their > browser to explicitly grab the PAC file). > > Chris >
