• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1893
  • Last Modified:

Customize dd-wrt or linux script to auto-login to linux open-ldap proxy login on boot.

I need to find a way to have a custom script auto-login to an open-ldap authenticated proxy. If a user tries to use the proxy, it asks for login info. I need a way for a dd-wrt flashed linksys router to pass the login info from a script  or other means to the proxy.

I'm using iptables to route the data, just that it will be blocked unless it is logged in at proxy.

Currently working on getting the ldap up for testing, proxy is already up.

Anyone have any ideas?

Please help.

Concept of Entire Project:
 - Have an inexpensive device to route all traffic transparent to external (off network) proxy.
 - Router needs to login with pre-configured password
 - All routing needs to be done transparent (current method is to use iptables with dd-wrt flashed router and route all traffic on Ethernet to external router (currently work).
 - external router (stronger machine) will handle many functions (already working).

Problem:
 - How to authenticate connection
    Possible 1: Have users login each time
    Possible 2: Allow only specific IP Addresses (issue is with dynamic IPs)
    Possible 3: Have router provide authentication method, either by passing login info or other means

Note: Proxy can authenticate by IP, Hostname, MAC, open-ldap server, or active directory.

Issues with each authentication:

 - Hostname -- Requires IE and Registry import to use
 - MAC -- As far as I know MAC shown is not actual source computer but sever used from ISP or other source that is directly connecting to proxy.
 - IP -- Dynamic IP addresses will of course have issues
 - Active Directory -- Requires IE to pass ntldm login and cost of setting up win2003 server (linux is better price wise)
 - Open-ldap server -- requires manual login each time if firefox used (not sure if proxy being used will allow ntldm authentication and if so would also require manual login for IE too)

GOAL: ability to use any browser on a network and not have to login manually to access internet using proxy.

Everything is outlined above, I cannot install IPCOP at each location. Need something cheap and light to redirect to a shared proxy that is way off network in another state.

Considered VPN but that is still open for discussion. Question title of having router passing authentication seems the best so far.

Any ideas is highly recommended even if they are completely different to the specific question but just how this project can be done.

Thank you.
0
pioneertechs
Asked:
pioneertechs
2 Solutions
 
ezatonCommented:
Just a comment - Squid will support ntlm.
I don't really get your flow - you want your users to authenticate to the proxy, but what do the routers have to do with it? What will happen if you redirect all (port 80?) traffic to the proxy and authenticate there? Why do you need any more out of the little routers?
0
 
Duncan RoeSoftware DeveloperCommented:
To log in, a classic way is to use expect http://expect.nist.gov/
I think logging in (waiting for password prompt) is given as an example - or I can help you with that if you're interested in pursuing it
0
 
pioneertechsAuthor Commented:
Yes, waiting for password was an example. I mentioned VPN and as I was thinking about it more I think that might be a good option.

Maybe I'll just change the authentication from proxy to vpn. I would also block out external access to the proxy port and once the vpn session is established the proxy would be accessible (internally).

That might be a good option, less reinventing of the wheel. What do you all think ?
0
 
ezatonCommented:
It sounds good. You can force all internet traffic through your proxy for your VPN clients.
0
 
onlyamir007Commented:

hi guys,


 
I really dont wanna hack your thread but I didnt any response so I find experts
 
 
please if u  guys can help me?? how can i route my internet traffic via VPN ???
 
http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_24220326.html 

 
please answer me .... thankx
 
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now