Announcement

Collapse
No announcement yet.

Configure DNS to reroute clients to default web page

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure DNS to reroute clients to default web page

    I have server 2003 set up as Dns and clients are DHCP'd with the server DNS IP. I would like for new users on the network to be routed to a welcome screen. Im not sure how to do it but I think it would work like this.

    1) User Connects to DHCP'd network (Wired or Wireless)
    2) DHCP server gives IP-GW & DNS ip's
    3) User attempts to http:www.anywhere.com (Ex)
    4) DNS Gets Request and returns our Ip of our welcomepage.

    So if i am right step 4 is where i would configure a dns setting with this info... Not quite sure where to put it.

  • #2
    I don't believe that DNS is the best solution to your problem. You'd be better served doing this either at your router or by using a proxy.
    Andrew

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Put all the new accounts to a separate OU and link a GPO that configures IE's home page with the URL of the welcome message.
      Later just move the account to a regular OU.

      This is definitely not a task for DNS.
      Guy Teverovsky
      http://blogs.technet.com/b/isrpfeplat/
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Originally posted by guyt
        Put all the new accounts to a separate OU and link a GPO that configures IE's home page with the URL of the welcome message.
        Later just move the account to a regular OU.

        This is definitely not a task for DNS.
        No offense but this approach seems like you're creating a lot of work moving users to and from OUs.

        Also, new users might include someone who does't require an AD account because they are wireless and only need an IP and gateway address. This is very common at universities.
        Andrew

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Andrew,
          you are absolutely right about the extra overhead, but this is not something that can be solved at the DNS level.
          The solutions that exist are usually one the following:
          - DHCP issues IP, DNS and GW in a "guest" subnet. All IP addresses on this special DNS are resolved to the welcome web site. User takes some proactive actions (registers the computer) and the MAC address is authorized in the DHCP. User renews IP and recieves IP settings that he can work with. The downside is obvious: DHCP management turns into a nightmare as it's based on MAC reservations (just think of stale reservations, etc..)

          - Access Controllers - hardware devices that do the provisioning of this type. Can work with 802.1x authentication (while guest or unauthenticated users are rerouted to a custom web page or alike) and/or keep a table of allowed MAC addresses.

          In any case, you do not get away only with DNS adjustments.
          Guy Teverovsky
          http://blogs.technet.com/b/isrpfeplat/
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            heres my line of thinking..

            The welcom page could ask for mac address or execute a script that the user would run, This would give us the mac address and we would set up the "Approved" on a different sub net. DCHP'd in this case to that new subnet.

            I dont have an access controller, other than setting up a server as a proxy server.

            Comment


            • #7
              Originally posted by guyt
              Put all the new accounts to a separate OU and link a GPO that configures IE's home page with the URL of the welcome message.
              Later just move the account to a regular OU.

              This is definitely not a task for DNS.
              OU & GPO ???

              Comment


              • #8
                I'm not a web guy, but this is probably best done at the web level.

                I'm assuming that there is a corporate home page, campus intranet or something like it in place. Could not this page use cookies to see if the user has been before? If not, then send them to the welcome page.

                This solution also assumes that roaming profiles are in place or that the users are sationary.

                Comment


                • #9
                  Originally posted by MrCaps
                  I'm not a web guy, but this is probably best done at the web level.

                  I'm assuming that there is a corporate home page, campus intranet or something like it in place. Could not this page use cookies to see if the user has been before? If not, then send them to the welcome page.

                  This solution also assumes that roaming profiles are in place or that the users are sationary.
                  Thats the idea but the idea here is that when a new user plugs his computer in (or wireless) then they are given a welcom page that explains the procedures to activate an account.

                  Comment


                  • #10
                    Are the machines built by a scripted build, ghost or RIS and that's controlled by you?

                    Are the machines in a Windows domain and subject to GPOs?

                    Or are the machines guest machines that come on the network that you have not control off?

                    Comment


                    • #11
                      No it could be anybody. In a couple of cases we have extra bandwith so we put it on Wireless access points so anybody could use the wireless network (Which is fine by us) but we would like to have a page come up that just says "this is brought to your free by us". Its not so much access control just making sure that we get our credit. BTW its also just an issue I wold like to solve for future issues

                      Comment


                      • #12
                        mmm, This makes it really tough.

                        I see why you are trying to use a network level solution to something that is not really a networking solution. Maybe some of the advance hardware fire-walling products have the feature you need, but this is certainly not a standard issue. ie, something to intercept HTML packets and if its a first-time on the network, re-direct to a particular web site. Sounds expensive.

                        I asked all those questions so that everyone else can see the big picture also. (So no mention of GPOs people as that is simply not going to work!)

                        I have no suggestions other than placing notices in strategic areas asking new users to connect to particular URL or maybe something through HR.

                        Comment


                        • #13
                          I had a bit more of a think and I don't like defeat.

                          Assuming ISA here.

                          ISA is set to domain authentication. If authentication can not be supplied then redirected to a web site that will instruct the user on how to set up. When user is set up, they can use the new credentials to pass through ISA.

                          There are couple of things here that need to be in place.

                          No direct access to the Internet for instance. Users must go through a Proxy.

                          Web Proxy Automatic Discovery (WPAD) should be used. WPAD can be enabled on the DHCP server.

                          http://www.microsoft.com/technet/pro...discovery.mspx

                          The proposed solution is for a ISA setup, which I know will work. Not sure about other products.

                          Comment


                          • #14
                            ill investigate...

                            Comment

                            Working...
                            X