Hi,
I have about 500 users going to internet through a RedHat server running
squid (2.4 STABLE1). I also have a Lotus Notes server with a LDAP tree
containing all the users (some users do not have the right to go to the
internet, so there is a group, named 'internet', containing those users
that can surf).
When a user starts its browser, he got the traditional proxy
authentication window asking his username/password combination. The
authentication occurs on the LDAP server, and I also check if the user
belongs to the 'internet' group. If everything is ok, the user can surf.
To that point everything works great. But...
here are my questions:
- as I do not want to go on all the machines to configure the proxy
settings of all the web browsers (which the user can always modify
later....), I am looking for an automatic redirection of internet
traffic to the proxy. I think the best solution is to use WCCP in the
backbone (I forgot to mention, our active network equipment is all
CISCO). If I do so, will I still be able to authenticate the users with
the proxy ? If not does anybody have a suggestion ? (I have read
proxy_auth does not work with transparent proxying).
- does anybody knows if it possible to replace the classical proxy
authentication window (which can be very little customized, just the
proxy_auth_realm parameter is not enough) ? The idea would be to have
some kind of html, perl, cgi... (or whatever) page appearing when the
browser starts up. This page could be fully customized with the
information of the company (logo, restriction applicable to the
surf...). The authentication could then be done through this page (with
a formulaire or something like that) or (perhaps easier), the
authentication could happen with the standard proxy authentication
window when the user tries to access the internet (again I do not want,
if possible, to go on every machine to configure a particular homepage
on the browser...).
It is a bit difficult to explain... Thanks for the readers who reached
the end of the mail.
More thanks go the ones that can help :-)
Pierre
Received on Thu Nov 21 2002 - 09:46:19 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:28 MST