I need to find a way to have a custom script auto-login to an open-ldap authenticated proxy. If a user tries to use the proxy, it asks for login info. I need a way for a dd-wrt flashed linksys router to pass the login info from a script or other means to the proxy.
I'm using iptables to route the data, just that it will be blocked unless it is logged in at proxy.
Currently working on getting the ldap up for testing, proxy is already up.
Anyone have any ideas?
Concept of Entire Project:
- Have an inexpensive device to route all traffic transparent to external (off network) proxy.
- Router needs to login with pre-configured password
- All routing needs to be done transparent (current method is to use iptables with dd-wrt flashed router and route all traffic on Ethernet to external router (currently work).
- external router (stronger machine) will handle many functions (already working).
- How to authenticate connection
Possible 1: Have users login each time
Possible 2: Allow only specific IP Addresses (issue is with dynamic IPs)
Possible 3: Have router provide authentication method, either by passing login info or other means
Note: Proxy can authenticate by IP, Hostname, MAC, open-ldap server, or active directory.
Issues with each authentication:
- Hostname -- Requires IE and Registry import to use
- MAC -- As far as I know MAC shown is not actual source computer but sever used from ISP or other source that is directly connecting to proxy.
- IP -- Dynamic IP addresses will of course have issues
- Active Directory -- Requires IE to pass ntldm login and cost of setting up win2003 server (linux is better price wise)
- Open-ldap server -- requires manual login each time if firefox used (not sure if proxy being used will allow ntldm authentication and if so would also require manual login for IE too)
GOAL: ability to use any browser on a network and not have to login manually to access internet using proxy.
Everything is outlined above, I cannot install IPCOP at each location. Need something cheap and light to redirect to a shared proxy that is way off network in another state.
Considered VPN but that is still open for discussion. Question title of having router passing authentication seems the best so far.
Any ideas is highly recommended even if they are completely different to the specific question but just how this project can be done.