Customize dd-wrt or linux script to auto-login to linux open-ldap proxy login on boot.

Posted on 2007-07-22
Last Modified: 2012-06-27
I need to find a way to have a custom script auto-login to an open-ldap authenticated proxy. If a user tries to use the proxy, it asks for login info. I need a way for a dd-wrt flashed linksys router to pass the login info from a script  or other means to the proxy.

I'm using iptables to route the data, just that it will be blocked unless it is logged in at proxy.

Currently working on getting the ldap up for testing, proxy is already up.

Anyone have any ideas?

Please help.

Concept of Entire Project:
 - Have an inexpensive device to route all traffic transparent to external (off network) proxy.
 - Router needs to login with pre-configured password
 - All routing needs to be done transparent (current method is to use iptables with dd-wrt flashed router and route all traffic on Ethernet to external router (currently work).
 - external router (stronger machine) will handle many functions (already working).

 - How to authenticate connection
    Possible 1: Have users login each time
    Possible 2: Allow only specific IP Addresses (issue is with dynamic IPs)
    Possible 3: Have router provide authentication method, either by passing login info or other means

Note: Proxy can authenticate by IP, Hostname, MAC, open-ldap server, or active directory.

Issues with each authentication:

 - Hostname -- Requires IE and Registry import to use
 - MAC -- As far as I know MAC shown is not actual source computer but sever used from ISP or other source that is directly connecting to proxy.
 - IP -- Dynamic IP addresses will of course have issues
 - Active Directory -- Requires IE to pass ntldm login and cost of setting up win2003 server (linux is better price wise)
 - Open-ldap server -- requires manual login each time if firefox used (not sure if proxy being used will allow ntldm authentication and if so would also require manual login for IE too)

GOAL: ability to use any browser on a network and not have to login manually to access internet using proxy.

Everything is outlined above, I cannot install IPCOP at each location. Need something cheap and light to redirect to a shared proxy that is way off network in another state.

Considered VPN but that is still open for discussion. Question title of having router passing authentication seems the best so far.

Any ideas is highly recommended even if they are completely different to the specific question but just how this project can be done.

Thank you.
Question by:pioneertechs
    LVL 7

    Accepted Solution

    Just a comment - Squid will support ntlm.
    I don't really get your flow - you want your users to authenticate to the proxy, but what do the routers have to do with it? What will happen if you redirect all (port 80?) traffic to the proxy and authenticate there? Why do you need any more out of the little routers?
    LVL 34

    Assisted Solution

    by:Duncan Roe
    To log in, a classic way is to use expect
    I think logging in (waiting for password prompt) is given as an example - or I can help you with that if you're interested in pursuing it

    Author Comment

    Yes, waiting for password was an example. I mentioned VPN and as I was thinking about it more I think that might be a good option.

    Maybe I'll just change the authentication from proxy to vpn. I would also block out external access to the proxy port and once the vpn session is established the proxy would be accessible (internally).

    That might be a good option, less reinventing of the wheel. What do you all think ?
    LVL 7

    Expert Comment

    It sounds good. You can force all internet traffic through your proxy for your VPN clients.
    LVL 4

    Expert Comment


    hi guys,

    I really dont wanna hack your thread but I didnt any response so I find experts
    please if u  guys can help me?? how can i route my internet traffic via VPN ???

    please answer me .... thankx

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
    The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now