+ Post New Thread
Results 1 to 12 of 12
Mac Thread, Creating Login Hook for new EXA internet connection in Technical; ...
  1. #1
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6

    Creating Login Hook for new EXA internet connection

    We've just changed ISP from EMBC (nightmare) to EXA. EXA's proxy uses the user's network login details to authenticate who they are and what level of access they have to the internet. Now, since the macs don't use the same type of authentication, they need to have a login hook which sends the user's Windows login details to the EXA proxy when they logon. I've followed the instructions provided by EXA to create a login hook (pasted below), but they don't seem to write anything to the com.apple file it's supposed to.
    Any input would be great if any one else has switched to them!
    Also, does anyone know what URL the App Store connects to? It's also being blocked by EXA and I can't download our update to ML.
    Cheers!
    Code:
    Running sendLogon automatically on Mac OSX
    You need to take the following steps:
     
    1) Download the Send Logon program from http://www.bloxx.com/downloads/sendLogon_osx_10.4.universal.tar.gz to the desktop.
    2) Browse to ‘Applications->Utilities’ and run the ‘Terminal’ application.
    3) Type ‘cd ~/Desktop’.
    4) Type 'tar zxvf sendLogon_osx_10.4.universal.tar.gz'.
    5) Type ‘sudo cp sendLogon /usr/bin’ and enter your password when prompted.
    6) Type ‘sudo nano /usr/bin/login.sh’.
    7) Enter the following lines: 
     
    #!/bin/tcsh
     
    /usr/bin/sendLogon <IP address of server> 3898 $1
     
    8) When finished, press ctrl-o followed by return, to save the file.
    9) Press ctrl-x to exit.
    10) Run the following commands to set the correct permissions on the utility and login script: 
     
    sudo chmod 755 /usr/bin/login.sh
    sudo chmod 755 /usr/bin/sendLogon
     
    11) Run the following command: 
     
    sudo defaults write com.apple.loginwindow LoginHook /usr/bin/login.sh
     
    The sendLogon utility should now run for every user that logs on.

  2. #2

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    What OS are you running??

  3. #3
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    A combination of Lion and Snow Leopard atm. I can't update the SLs to Lion untill I get the sodding hook done :P.

  4. #4

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595
    Are you running on Exa's transparent proxy or do you have another device as well that might be limiting access (is port access control via the router which is being used as a firewall)?

  5. #5
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    We've got the transparent proxy, yes. We've also got web filtering from Bloxx, which what I belive is blocking the Macs from talking to the app store. However, if I can get the loginhook working, when logged in as my network admin account, I *should* have unfiltered access to the net, thus be able to access the app store. If I can't get that working, I was going to add the app store's URL to our allow list to try and bypass it that way.

  6. #6
    chilli6971's Avatar
    Join Date
    Aug 2012
    Location
    York
    Posts
    5
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Hi Kirchie, Exa are a very friendly ISP and should be able to help discuss this further directly.

    In the meantime please be aware that the sendlogon executable mentioned expects to talk to a Bloxx Proxy - the port that is mentioned 3898 in the documentation is a custom port - not an Active Directory server port.

    Exa have the ability to use your internal IP addresses and Active Directory usernames and groups to apply filtering rules with SurfProtect as long as an ICAP compatible appliance is present on the network to make the request to Exa's proxies.

    Please call Exa Support on 0845 1451234 and ask to speak to Mark in Technical who can discuss this further :-)

  7. Thanks to chilli6971 from:

    kirchie (30th August 2012)

  8. #7

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595
    Have you tried connecting without using the Bloxx filtering?

  9. #8
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    Quote Originally Posted by chilli6971 View Post
    Hi Kirchie, Exa are a very friendly ISP and should be able to help discuss this further directly.

    In the meantime please be aware that the sendlogon executable mentioned expects to talk to a Bloxx Proxy - the port that is mentioned 3898 in the documentation is a custom port - not an Active Directory server port.

    Exa have the ability to use your internal IP addresses and Active Directory usernames and groups to apply filtering rules with SurfProtect as long as an ICAP compatible appliance is present on the network to make the request to Exa's proxies.

    Please call Exa Support on 0845 1451234 and ask to speak to Mark in Technical who can discuss this further :-)
    I will try that, thanks a lot!
    Unfortunatly, the proverbial has hit the fan with our imaging (WDS/PXE not responding ¬.¬), so the macs are going to have to wait till next week.

    Quote Originally Posted by GrumbleDook View Post
    Have you tried connecting without using the Bloxx filtering?
    No, but I want to. Network Manager doesn't want to turn the Bloxx off, says we need to fix it.

  10. #9

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,935
    Thank Post
    1,341
    Thanked 1,784 Times in 1,107 Posts
    Blog Entries
    19
    Rep Power
    595
    Quote Originally Posted by kirchie View Post
    No, but I want to. Network Manager doesn't want to turn the Bloxx off, says we need to fix it.
    hehe ... I should have expected that. Tell the NM that you need to double check that it is definitely Bloxx that is the issue and not some ports you need being closed on the firewall ... it just helps rule something out that Bloxx might ask you to check further down the line.

  11. #10
    grant_girdwood's Avatar
    Join Date
    Jun 2012
    Location
    Bloxx HQ
    Posts
    54
    Thank Post
    2
    Thanked 11 Times in 10 Posts
    Rep Power
    6
    Quote Originally Posted by kirchie View Post
    We've just changed ISP from EMBC (nightmare) to EXA. EXA's proxy uses the user's network login details to authenticate who they are and what level of access they have to the internet. Now, since the macs don't use the same type of authentication, they need to have a login hook which sends the user's Windows login details to the EXA proxy when they logon. I've followed the instructions provided by EXA to create a login hook (pasted below), but they don't seem to write anything to the com.apple file it's supposed to.
    Any input would be great if any one else has switched to them!
    Also, does anyone know what URL the App Store connects to? It's also being blocked by EXA and I can't download our update to ML.
    Cheers!
    Code:
    Running sendLogon automatically on Mac OSX
    You need to take the following steps:
     
    1) Download the Send Logon program from http://www.bloxx.com/downloads/sendLogon_osx_10.4.universal.tar.gz to the desktop.
    2) Browse to ‘Applications->Utilities’ and run the ‘Terminal’ application.
    3) Type ‘cd ~/Desktop’.
    4) Type 'tar zxvf sendLogon_osx_10.4.universal.tar.gz'.
    5) Type ‘sudo cp sendLogon /usr/bin’ and enter your password when prompted.
    6) Type ‘sudo nano /usr/bin/login.sh’.
    7) Enter the following lines: 
     
    #!/bin/tcsh
     
    /usr/bin/sendLogon <IP address of server> 3898 $1
     
    8) When finished, press ctrl-o followed by return, to save the file.
    9) Press ctrl-x to exit.
    10) Run the following commands to set the correct permissions on the utility and login script: 
     
    sudo chmod 755 /usr/bin/login.sh
    sudo chmod 755 /usr/bin/sendLogon
     
    11) Run the following command: 
     
    sudo defaults write com.apple.loginwindow LoginHook /usr/bin/login.sh
     
    The sendLogon utility should now run for every user that logs on.
    have you ran a report on the Bloxx appliance to list URLs that are requested from the IP address of the Mac?

    The Bloxx sendLogon utility sends a message to the Bloxx server to tell it that $User has logged on from $IP - all requests are then filtered and logged against $User.

  12. #11
    kirchie's Avatar
    Join Date
    Jul 2012
    Location
    Oxfordshire
    Posts
    83
    Thank Post
    16
    Thanked 6 Times in 6 Posts
    Rep Power
    6
    Hi Grant! (Jack from MCS)
    I spoke to one of your colleagues yesterday to update the job, the Macs are now working fine with SendLogon, but HTTPS isn't displaying pages properley. We had the same problem with our Windows machines, but someone remoted on and fixed that.
    Cheers

  13. #12
    grant_girdwood's Avatar
    Join Date
    Jun 2012
    Location
    Bloxx HQ
    Posts
    54
    Thank Post
    2
    Thanked 11 Times in 10 Posts
    Rep Power
    6
    Hi Jack,

    I'm off this week, one of the guys will be able to pick it up. If you have HTTPS decryption enabled you'll need to make sure the certificate is installed on the OS X machines. We have scripts that can automate it in to the keychain otherwise if you have an OS X server it will do the trick.

    Cheers!

SHARE:
+ Post New Thread

Similar Threads

  1. Setting up router for internet connection
    By nicholab in forum Wired Networks
    Replies: 24
    Last Post: 3rd October 2011, 07:59 PM
  2. How much does your RBC charge for internet connectivity?
    By Dos_Box in forum Budgets and Expenditure
    Replies: 10
    Last Post: 19th April 2011, 08:31 AM
  3. Replies: 1
    Last Post: 13th April 2010, 07:05 AM
  4. Replies: 25
    Last Post: 23rd November 2007, 08:24 AM
  5. Anyone in York looking for an Internet connection?
    By wrights in forum Wireless Networks
    Replies: 11
    Last Post: 10th September 2007, 10:02 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •