+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
Wired Networks Thread, WPAD.DAT with IIS and DNS in Technical; Originally Posted by Tallwood_6 Has anyone else got it working from the zonedirector yet? Just downloaded the new firmware. Going ...
  1. #16
    IrritableTech's Avatar
    Join Date
    Nov 2007
    Location
    West Yorkshire
    Posts
    824
    Thank Post
    93
    Thanked 186 Times in 151 Posts
    Rep Power
    67
    Quote Originally Posted by Tallwood_6 View Post
    Has anyone else got it working from the zonedirector yet?
    Just downloaded the new firmware. Going to install it this weekend and give this feature a try.
    We've already got wpad working on our domain, but I like the thought of it being on the controller, and a different file for each wlan.

  2. #17

    Join Date
    May 2008
    Location
    Kent
    Posts
    541
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    I've setup wpad to be delivered via DNS to test and this works fine for firefox and and internet explorer via a wired connection however it only seems to work for firefox via wireless which i'm slightly baffled by. The wireless WLAN i'm testing with has no ACL configured, no Enable captive portal/Web authentication or Client Isolation so i cant workout whats teh cause. The ZoneDirector auto config i still cant get to work for firefox or IE though.

  3. #18
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Isn't DHCP the preferred choice these days? I believe most things support this. The DNS method was not preferred as someone could easily bring their own machine named WPAD into a domain and cause some interesting problems with your network!!!

  4. #19

    Join Date
    May 2008
    Location
    Kent
    Posts
    541
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    The DNS method is more widely supported across browsers apparently. You would have to have a machine joined to the domain called wpad, have removed the DNS exclusion for wpad and not have an existing record wpad in DNS for that exploit to work surely?

  5. #20
    Jamo's Avatar
    Join Date
    Jan 2009
    Posts
    1,354
    Thank Post
    66
    Thanked 175 Times in 147 Posts
    Rep Power
    60
    Web Proxy Autodiscovery Protocol - Wikipedia, the free encyclopedia

    You are correct on that DHCP only really supported by IE and Chrome! Looks like the DNS method is still insecure though.

    DNS lookup removes the first part of the domain name (presumably the client identifier) and replaces it with wpad. Then, it "moves up" in the hierarchy by removing more parts of the domain name, until it finds a WPAD PAC file or leaves the current organisation.

  6. #21

    Join Date
    May 2008
    Location
    Kent
    Posts
    541
    Thank Post
    26
    Thanked 73 Times in 64 Posts
    Rep Power
    28
    Well i've ascertained that there is nothing up with either of my two wpad.dat files anyway so the problem looks to be with the ruckus delivery to the clients.

  7. #22
    januttall's Avatar
    Join Date
    Sep 2010
    Posts
    225
    Thank Post
    17
    Thanked 28 Times in 28 Posts
    Blog Entries
    1
    Rep Power
    14
    i know this isnt useful but i used a transparent proxy between the clients and the NGFL proxy wich works nicely. uthenticated users use one vlan (Enterprise security) and unathenticated (WPA-PSK) is vlaned to the transparent proxy wich ports them directly to NGFL so they cant see our internal anything, and get fully filterd. As unauthenticated users they will need to get information from dhcp as they need corect ip addresses to function so not allowing them access to some form of dhcp is a desatrous idea.

  8. #23

    Join Date
    Nov 2011
    Location
    Birmingham
    Posts
    124
    Thank Post
    30
    Thanked 25 Times in 21 Posts
    Rep Power
    10
    Quote Originally Posted by PatRamsden View Post

    They have only just got a wireless network so they now want to be able to use smartphones and the likes so this means that setting the proxy through GPO wont work.
    From my experience only Ipones/Ipads can pick WPAD settings and apply them. If you using an Android (unless rooted) or blackberry you cannot set a proxy into them and your WPAD will be ignored. I ended up setting up a transparent proxy to allow basic access for smartphones.

    If I'm wrong then I apologies.

  9. #24

    Join Date
    Jan 2012
    Location
    Kent
    Posts
    8
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    I havent had a chance to try this yet, will be trying tomorrow when I am on site.

    I have a feeling some people will have Android devices, I know some have Blackberrys. How would I go about setting up a transparent proxy?

  10. #25
    phillip_croxford's Avatar
    Join Date
    Feb 2012
    Location
    Doncaster
    Posts
    105
    Thank Post
    27
    Thanked 2 Times in 2 Posts
    Rep Power
    6
    hi if it helps i have the same setup @PatRamsden

    I am using the latest 9.6.1.0 build 15, i have hosted the wpad.dat file on the ZoneDirector,
    created a DHCP entry for 252 and in the string value i entered the zonedirector ip and dat file i.e. "http://x.x.x.x/wpad.dat"

    then unblcked the wpad from DNS, created a cname entry for the server hosting this wpad with WPAD and the server ip addresss

    i have just try this and works fine on windows laptops!

    just having trouble with android now, somehow need them to authenticate with the zone director so they can get the wpad file.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Setting up home wireless network with MAC and PC..?
    By tosca925 in forum General Chat
    Replies: 6
    Last Post: 21st November 2011, 04:39 PM
  2. LTSP Problems with TFTP and PXE boot
    By Joedetic in forum Thin Client and Virtual Machines
    Replies: 3
    Last Post: 18th May 2006, 04:40 PM
  3. Internal/External Email with ISA and Exchange 2000
    By Ueline in forum Wireless Networks
    Replies: 5
    Last Post: 7th December 2005, 11:00 AM
  4. Network Specialist (E-mail and DNS)- Bristol Uni
    By tosca925 in forum Educational IT Jobs
    Replies: 7
    Last Post: 11th November 2005, 01:15 PM
  5. Replies: 4
    Last Post: 10th October 2005, 10:12 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •