Determine what means you have for authenticating those users. You previously
mentioned LDAP which is one method.
Step 3 is where things get tricky. Squid authenticates and doesn't know,
unless using a helper, that the user is logged in elsewhere already. Just
logging in, on the webserver, is not in itself to let authenticated users
get to the web in your scenario. Squid will let squid-authenticated users
pass, but needs help in knowing if they are members of some other database
of users. Squid does not have a "logon" webpage. It will display a basic
auth box to authenticate, which tells squid OK or ERR. Based on that simple
yes/no the ACLs then determine what happens next.
The next important item might be knowing what type of user database are
these users being activated within? Novell, AD, UNIX, Windows Domain, etc.
When you ask about modifying the basic auth box....you can change the name
of the Realm, from within the squid.conf file, but that's pretty much it. It
is not a webpage, it's a simple box. Squid is not a webserver and a
webserver is not a gateway/proxy.
I think the best you can do is prompt everyone for a username and password
and if they fail out they get redirected to a helpdesk type page which
outlines what to do if they lost their password, how to sign up for access
if they have not done so yet, etc.
Are you having these users configure their proxy server, or are you running
it in transparent mode?
Chris Perreault
-----Original Message-----
From: Rick Whitley [mailto:rickwh@dbu.edu]
Sent: Thursday, July 15, 2004 2:30 PM
To: squid-users@squid-cache.org; Chris Perreault
Subject: RE: [squid-users] redirection?
Here is the process we are trying to create.
1. User boots computer
2. opens browser (attempts to go to url)
3. Initial website displays
Gives user option to Activate account or Login
4. New user activates account
returns to initial page and logs in
5. Activated user logs in
6. They browse the net.
Is it possible (using more than 1 proxy server if necessary)?
When I turn on auth I get a dialog box requesting userid and passwd. Can
that page be modified to display disclaimer/login activation or is that more
work than its worth?
As you said Chris, just knowing that it is possible is half the battle.
Right now I'm looking for possibilities. I need to know I'm on the right
track or find out where the track is.
rick...
Rom.5:8
>>> Chris Perreault <Chris.Perreault@Wiremold.com> 7/15/2004 1:09:08 PM
>>>
Rick,
Logically map out what you'd like to have happen. I get stuck on this one.
Define "initial", map all the steps out that you need to have occur.
I'm a user, and I input www.google.com into my browser. As an admin, do you
want me to "initially" go to google or to this disclaimer page?
If the disclaimer page...ok, you can redirect www.google.com (or all
traffic) to go to the disclaimer page, but...it always will go there. There
isn't a counter type thing that knows you already attempted google once, so
the next time it should let really go to google.
I suppose, using the ACL's you could check against a userlist. If they are
not in the list, then they get redirected to the signup/disclaimer page.
This signup page/application needs to populate the "ok" userlist quickly and
on the fly though. You need this site to always be accessable too. Otherwise
if a user tried to reach a subpage within the disclaimer site, squid would
again redirect them to the homepage of the disclaimer site.
I'm new at squid too, only been using it a month or so, and not in the way
you want to use it either. Knowing something is possible is half the battle
though, the rest is just figuring it out and making it go.
Chris Perreault
Webmaster/MCSE
The Wiremold Company
West Hartford, CT 06010
860-233-6251 ext 3426
-----Original Message-----
From: Rick Whitley [mailto:rickwh@dbu.edu]
Sent: Thursday, July 15, 2004 1:51 PM
To: squid-users@squid-cache.org
Subject: [squid-users] redirection?
I need to have all traffic on our student network display an initial website
for disclaimers and info. Would this be done through a redirector or is
there an acl I am unaware of?
I am using squid 2.5.stable5.
thanks
rick...
Rom.5:8
Received on Thu Jul 15 2004 - 12:46:55 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:02 MDT