[KLUG Members] Using Linux to conrol internet access for WinX boxen.

[Adam Williams]

>> Hmmm... there is a very strong desire for this to be invisible to the
>> users...
>> Considering that windows passwords are stored in each user's .pwl file...
>> perhaps that might be do-able... inasmuch as I hate relying on the
>> known risk of relying on a .pwl being secure.
>You can do this several ways.
>You can use your firewall (which can be Linux) to redirect all port 80,
>443 and other select port requests to the proxy.  You can also setup an
>autoconfiguration page for most browsers (O'Reilly detailed this
>recently) and then add the single registry mod in their login script.

For IE 5.0 and greater you can configure your DHCP server to respond to
it's configuration inquiries (returns a URL to a configuration
javascript),  then you don't really have to setup anything.

Put

option wpad-url code 252 = text;
option wpad-url "http://wpad.yourdomain.org/wpad.dat"

at the start of dhcpd.conf outside of any subnet or host declarations.

Both netscape and IE use the same file format only one wants to call it
wpad.dat and the other proxy.pac.  You can create one or the other  and
link to it with the other name.  Only you need to tell Netscape to use it
as far as I can tell,  it doesn't seem to do inquiries.

A proxy file looks like

function FindProxyForURL(URL, host) {
  if (url.substring(0,5) == "http:") {
    return "PROXY proxy.yourdomain.org:3128; DIRECT";
   } else {
       return "DIRECT";
      }
 }

it can of course be much more elaborate, but this is the basic.

Of course all this assume you use DHCP.


>As far as authentication, you can compile Squid with CIFS/AD
>authentication.  And there are countless other ways as well.

Is it in the stock squid these days?

-- 
-----------------------------------------------------------
Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS
-----------------------------------------------------------