-   Linux - Networking (
-   -   Lan authontication-(win client, linux server) (

sixth_sense 03-25-2004 12:47 AM

Lan authontication-(win client, linux server)

I have a LAN of 10 pc running on windows 2k and 3 pc on win-98. I want those client PC to access internet through a centralized LAN authorization system. I want to deploy a linux box (redhat 9.0) for this purpose, and as if all pc need to put there username and password to this server to use internet.

How can I work it out ? I need total idea to implement it.

The best will be, if I can assign user with a time limit on (like, 30 minute a slab)

Thnx in advance.

maxut 03-25-2004 01:47 AM

squid proxy . read it config file /etc/squid/squid.conf

maxut 03-25-2004 01:53 AM

hmm..i think u also ill need NAT. squid doesnt support pop3 and smtp protols. if your client will acces email servers, u need to use NAT. iptables is used for NAT. u can find some how-to at
also u can use both NAT and squid with transparent proxy.

sixth_sense 03-25-2004 02:23 AM

Thnx for the reply. well, squid proxy ; can you share me some idea? when user will attempt to access internet, how it will ask for the username and password ?

or before use internet .. user need to enter proxy server address to browser..then able to browse and mail..etc. ?


maxut 03-25-2004 04:30 AM

i use squid and iptables together. i prefer transparent proxy. my squid allow every client. we want freedom :) i prefer squid because it has a cache and a log fie. i use iptables (SNAT) for other ports access (pop3 smtp ftp https ssh etc..).

if u dont want to configure browser of clients, u have to use transparent proxy. iptables can redirect incoming http requests from LAN to squid port. u must also add some lines into squid.conf for transparent proxy. but i dont know if transparent proxy will work with http auth.. i didnt try it b4. check

if u want transparent proxy, do the followings
redirect port 80 to port 3128 (squid default port) if it comes from LAN (

iptables -t nat -A PREROUTING -s -p tcp --dport 80 -j REDIRECT --to-port 3128

these lines must be added in squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

sixth_sense 03-26-2004 06:11 AM

what i actually wanted to provide my user with a dialup like authontication.
user will prompted for entering for user name and password, thus, allowed to use those service.

what to do?


maxut 03-26-2004 07:42 AM

sorry, i dont know any software that u exactly want.
i will ask my friends if they know a software like that..

u can search linux softwares at

All times are GMT -5. The time now is 08:46 PM.