On 16/02/2012 9:31 a.m., Mr J Potter wrote:
> Hi Alex,
>
> I've got it working fine on domain members. I should have explained
> better - I'm setting up a guest wireless network in a school, so all
> devices that attach will be personal, non domain, and as a rule I
> won't get the chance to configure them before they connect.
>
> The devices that I want to connect will be mostly student laptops,
> smartphones and visitors' devices.
>
> The plan is to set up proxy DHCP autoconfig and/or transparent port
> forwarding trick to point people towards the proxy (https is likely
> not to like this I know), but I want a way of getting people to say
> who they are and give them internet access accordingly. I;m using
> squid/squidguard to great effect for the domain machines, and I'd like
> to use the same set of rules for folks connecting their own devices.
>
> How has anyone else done this? the options I've found are basic,
> digest or NTLM all of which have major issues in terms of security,
> configuration or usability respectively.
Ah. "Transparent" interception proxy is not able to do HTTP authentication.
You can use WPAD "transparent" configuration, to make them actually
configured after which authenticatino can be used.
Or you can use external_acl_type helper to try and determine whether the
request is legit or not and allow/deny it.
Amos
Received on Thu Feb 16 2012 - 21:49:43 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 17 2012 - 12:00:03 MST