Navigation
CoovaAP with Squid-Proxy (Squid_radius_auth)
Mon, 05/21/2007 - 14:50 — taucher4000
Hello,
I will install a Hotspot with CoovaAP. On my Radius-Server I will install a Squid-Proxy with a Radius-Authdentifecation. The Proxy works fine. I should like the CoovaAP give the authentification to my Squid. I have installed the tinyproxy-plugin on my CoovaAP an configured it with 'Post-Auth Proxy'. When a user logged on in CoovaAP forward to my Squid-Proxy. But the Squid blocked this, because no authendification is present.
Can CoovaAP give the Authendification with tiyproxy to a 2th Proxy?
Sorry for my bad english
Taucher4000
- Login to post comments
Re: CoovaAP with Squid-Proxy (Squid_radius_auth)
still does someone have one hint for me?
Re: CoovaAP with Squid-Proxy (Squid_radius_auth)
But this protocol or a tool for ident-requests is not implemtened in CoovaAP at the moment? Is there another way? I do not know openWRT yet so well.
Re: CoovaAP with Squid-Proxy (Squid_radius_auth)
Hmm... Squid has nice support, it seems, for the Ident protocol. It might be an interesting feature for chilli to respond to Ident request to identify the owner of connections. I will give it some thought.
Re: CoovaAP with Squid-Proxy (Squid_radius_auth)
Hello David,
thanks for your replay. I will use the Squid authdendefication to follow that the users make over HTTP Traffic. Because this is a hotspot for underage student in a residential school. A VPN is not required, because the Proxy server is in my local network. It is not possible to give the Authentification to another server? Or is it possible to log the http Traffic directly from the CoovaAP to a syslog-Server like Squid?
greeting Taucher4000
Re: CoovaAP with Squid-Proxy (Squid_radius_auth)
You can use the connup/down scripts to tell other systems of a user's login state, but don't think it will help in this case -- since the squid_radius_proxy only works with HTTP authentication (I believe). Probably a better way is to use OpenVPN to tunnel traffic back to your proxy server where you then allow that entire subnet access (without authentication).