>>> On 10/18/2010 at 5:33 PM, in message
> On Mon, 18 Oct 2010 11:26:21 -0400, "Jim Moseby"
> <JMoseby_at_elasticfabrics.com> wrote:
>> I'm setting up squid, and I have auth working against Novell NDS. I'd
>> like to be able to have users authenticate via a form on a page that
>> displays our usage policy, etc rather than the simple username/password
> box
>> that currently pops up. Is this do-able? Any hints?
>>
>> jm
<2f3b80e3d0fb7e45ebb239aa47891ff1_at_mail.treenet.co.nz>, Amos Jeffries
<squid3_at_treenet.co.nz> wrote:
>
> This is better known as splash pages in captive portals.
>
> Squid will happily send a custom error page along with the auth challenge.
> The way browsers work these days prevents the page being displayed unless
> the auth popup fails. To get real auth the easy way is to create a two-step
> process with the AUP page available without auth. Then the acceptance link
> going to a place with auth challenge.
>
> Amos
Thanks for that information.
A little more information on how I have this going.
All XP Pro workstations. Novell servers.
In the Novell login script, I check NDS to see if the user is in an 'AllowInternet' group. If so, I set the workstations' registry entries for the proxy server, and to hide the 'Connections' tab so the user can't find an obvious way to change them back. (Even if they do, outgoing http/s is blocked at the firewall :)
Currently, when the user opens his web browser, he is immediately presented with the auth challenge from squid.
For your scenario to work, the only way I can think of to make it happen is to force the users 'home page' to a non-auth page on a local web server in each user's subnet, and to set 'Bypass proxy server for local addresses' in the proxy settings.
Am I on the right track?
Thanks again!
jm
Received on Tue Oct 19 2010 - 13:07:51 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 20 2010 - 12:00:03 MDT