What OS are you running??
We've just changed ISP from EMBC (nightmare) to EXA. EXA's proxy uses the user's network login details to authenticate who they are and what level of access they have to the internet. Now, since the macs don't use the same type of authentication, they need to have a login hook which sends the user's Windows login details to the EXA proxy when they logon. I've followed the instructions provided by EXA to create a login hook (pasted below), but they don't seem to write anything to the com.apple file it's supposed to.
Any input would be great if any one else has switched to them!
Also, does anyone know what URL the App Store connects to? It's also being blocked by EXA and I can't download our update to ML.
Code:Running sendLogon automatically on Mac OSX You need to take the following steps: 1) Download the Send Logon program from http://www.bloxx.com/downloads/sendLogon_osx_10.4.universal.tar.gz to the desktop. 2) Browse to ‘Applications->Utilities’ and run the ‘Terminal’ application. 3) Type ‘cd ~/Desktop’. 4) Type 'tar zxvf sendLogon_osx_10.4.universal.tar.gz'. 5) Type ‘sudo cp sendLogon /usr/bin’ and enter your password when prompted. 6) Type ‘sudo nano /usr/bin/login.sh’. 7) Enter the following lines: #!/bin/tcsh /usr/bin/sendLogon <IP address of server> 3898 $1 8) When finished, press ctrl-o followed by return, to save the file. 9) Press ctrl-x to exit. 10) Run the following commands to set the correct permissions on the utility and login script: sudo chmod 755 /usr/bin/login.sh sudo chmod 755 /usr/bin/sendLogon 11) Run the following command: sudo defaults write com.apple.loginwindow LoginHook /usr/bin/login.sh The sendLogon utility should now run for every user that logs on.
What OS are you running??
A combination of Lion and Snow Leopard atm. I can't update the SLs to Lion untill I get the sodding hook done :P.
Are you running on Exa's transparent proxy or do you have another device as well that might be limiting access (is port access control via the router which is being used as a firewall)?
We've got the transparent proxy, yes. We've also got web filtering from Bloxx, which what I belive is blocking the Macs from talking to the app store. However, if I can get the loginhook working, when logged in as my network admin account, I *should* have unfiltered access to the net, thus be able to access the app store. If I can't get that working, I was going to add the app store's URL to our allow list to try and bypass it that way.
Hi Kirchie, Exa are a very friendly ISP and should be able to help discuss this further directly.
In the meantime please be aware that the sendlogon executable mentioned expects to talk to a Bloxx Proxy - the port that is mentioned 3898 in the documentation is a custom port - not an Active Directory server port.
Exa have the ability to use your internal IP addresses and Active Directory usernames and groups to apply filtering rules with SurfProtect as long as an ICAP compatible appliance is present on the network to make the request to Exa's proxies.
Please call Exa Support on 0845 1451234 and ask to speak to Mark in Technical who can discuss this further :-)
kirchie (30th August 2012)
Have you tried connecting without using the Bloxx filtering?
Unfortunatly, the proverbial has hit the fan with our imaging (WDS/PXE not responding ¬.¬), so the macs are going to have to wait till next week.
The Bloxx sendLogon utility sends a message to the Bloxx server to tell it that $User has logged on from $IP - all requests are then filtered and logged against $User.
Hi Grant! (Jack from MCS)
I spoke to one of your colleagues yesterday to update the job, the Macs are now working fine with SendLogon, but HTTPS isn't displaying pages properley. We had the same problem with our Windows machines, but someone remoted on and fixed that.
I'm off this week, one of the guys will be able to pick it up. If you have HTTPS decryption enabled you'll need to make sure the certificate is installed on the OS X machines. We have scripts that can automate it in to the keychain otherwise if you have an OS X server it will do the trick.
There are currently 1 users browsing this thread. (0 members and 1 guests)