+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast
Results 16 to 30 of 71
Internet Related/Filtering/Firewall Thread, Need a Dansguardian / Squid configuration expert in Technical; have you got a similar statement in sqid.conf...
  1. #16
    Mcshammer_dj's Avatar
    Join Date
    Feb 2007
    Location
    Portsmouth
    Posts
    928
    Thank Post
    35
    Thanked 160 Times in 129 Posts
    Rep Power
    93
    have you got a similar statement in sqid.conf

  2. #17
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    12
    Quote Originally Posted by Mcshammer_dj View Post
    have you got a similar statement in sqid.conf
    Yes, I put an entry in the dns_nameservers section of squid.conf. Still no result.

  3. #18

    Join Date
    Dec 2005
    Posts
    524
    Thank Post
    34
    Thanked 87 Times in 77 Posts
    Rep Power
    39
    SQUID Frequently Asked Questions: Troubleshooting

    10.22 FATAL: ipcache_init: DNS name lookup tests failed

    Squid normally tests your system's DNS configuration before it starts server requests. Squit tries to resolve some common DNS names, as defined in the dns_testnames configuration directive. If Squid cannot resolve these names, it could mean that your DNS nameserver is unreachable or not running, or your /etc/resolv.conf file may contain incorrect information.

    To disable this feature, use the -D command line option.

    Note, Squid does NOT use the dnsservers to test the DNS. The test is performed internally, before the dnsservers start.

  4. #19
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    12
    I have given up for today. Spent two solid days on it so far and I think I'm just going round in circles.

    I think tomorrow I'll start completely afresh, even down to reinstalling the OS.

    What think you all about the OS, is Ubuntu a problem and should I simply go with a Debian build? Or should Ubuntu server be OK?

  5. #20


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,462
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Ubuntu server should be fine. I'd get squid going on its own first. May be worth investing in the o'reilly "squid book", it's the dogs.

  6. #21

    Join Date
    Dec 2005
    Posts
    524
    Thank Post
    34
    Thanked 87 Times in 77 Posts
    Rep Power
    39
    I am running 2 Squid/DG proxies at the school I work at.

    They are both running on Ubuntu 8.04 Server. They work great.

    But I am no expert at ubuntu or linux and it takes me AAAAAAAAGES (about a week if I'm not busy) to configure them to fully work with AD and NTLM. It mainly takes me so long as I just collect info from google searches and slowly make things operational... and forget to write down what I've done as that slows me down even more hahaha

    I will help all I can with any questions you have (and give any config files you might need etc) - if I can remember from when I did it

  7. #22
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    12
    Quote Originally Posted by siuko View Post
    I am running 2 Squid/DG proxies at the school I work at.

    They are both running on Ubuntu 8.04 Server. They work great.

    But I am no expert at ubuntu or linux and it takes me AAAAAAAAGES (about a week if I'm not busy) to configure them to fully work with AD and NTLM. It mainly takes me so long as I just collect info from google searches and slowly make things operational... and forget to write down what I've done as that slows me down even more hahaha

    I will help all I can with any questions you have (and give any config files you might need etc) - if I can remember from when I did it
    You sound like me!

    Your offer is very kind and I may make use of it.

    I've just reinstalled Ubuntu and I'm about to start a reinstall of Squid and DG. If you have working Squid and DG config files I'd welcome having copies if only to look at to see what I need to do. PM me and I'll give you my email address.

    Thanks again.

  8. #23
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    12
    I'm now a whole heap further on than I was yesterday - squid is running, I haven't yet installed DG as I was concentrating on squid first. However - having joined the server to the domain and setting up squid with ntlm auth I have a problem - a password dialogue pops up in all browsers and none of our usernames / passwords are being recognized. All kinit and wbinfo responses are as expected and are OK. Any ideas?

  9. #24
    Number6's Avatar
    Join Date
    Feb 2009
    Location
    Worcester, UK
    Posts
    457
    Thank Post
    2
    Thanked 9 Times in 8 Posts
    Rep Power
    12
    This is my squid.conf file:

    [auth_param]

    auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
    auth_param ntlm children 24
    auth_param ntlm keep_alive on

    auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
    auth_param basic children 24
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours

    [Access Controls]

    acl all src all
    acl manager proto cache_object
    acl localhost src 127.0.0.1/32
    acl to_localhost dst 127.0.0.0/8
    #
    # Example rule allowing access from your local networks.
    # Adapt to list your (internal) IP networks from where browsing
    # should be allowed
    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    #
    acl SSL_ports port 443 # https
    acl SSL_ports port 563 # snews
    acl SSL_ports port 873 # rsync
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl Safe_ports port 631 # cups
    acl Safe_ports port 873 # rsync
    acl Safe_ports port 901 # SWAT
    acl purge method PURGE
    acl CONNECT method CONNECT

    acl ntlm_auth proxy_auth REQUIRED

    http_access allow ntlm_auth
    Is there anything wrong with this?

  10. #25

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,621
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235
    Quote Originally Posted by Number6 View Post
    I've just reinstalled Ubuntu and I'm about to start a reinstall of Squid and DG.
    I've got a similar task to do over this Easter break - we need a VM to combine two ADSL connections in to one somehow. I'll be using Debian rather than Ubunut as that seems to work better with Xen. I seem to remember from last time I set up a Squid machine that I had to install Squid from source, making sure I enabled support for transparent proxying when compiling.

    --
    David Hicks

  11. #26


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    PM sent

  12. #27


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    148
    Quote Originally Posted by dhicks View Post
    I've got a similar task to do over this Easter break - we need a VM to combine two ADSL connections in to one somehow. I'll be using Debian rather than Ubunut as that seems to work better with Xen. I seem to remember from last time I set up a Squid machine that I had to install Squid from source, making sure I enabled support for transparent proxying when compiling.

    --
    David Hicks
    Na, deffo dont need to do that now, not with debian anyway

  13. Thanks to j17sparky from:

    dhicks (9th April 2010)

  14. #28


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,462
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Quote Originally Posted by dhicks View Post
    I've got a similar task to do over this Easter break - we need a VM to combine two ADSL connections in to one somehow. I'll be using Debian rather than Ubunut as that seems to work better with Xen. I seem to remember from last time I set up a Squid machine that I had to install Squid from source, making sure I enabled support for transparent proxying when compiling.
    David, wil one of your SmoothWalls not do that for ye?

  15. #29

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,621
    Thank Post
    1,240
    Thanked 777 Times in 674 Posts
    Rep Power
    235
    Quote Originally Posted by tom_newton View Post
    David, wil one of your SmoothWalls not do that for ye?
    I was told SchoolGuardian can’t handle multiple internet connections, we would need Advanced Firewall to do that.

    --
    David Hicks

  16. #30
    ind1ekid's Avatar
    Join Date
    Jul 2008
    Location
    Nottinghamshire
    Posts
    82
    Thank Post
    6
    Thanked 16 Times in 13 Posts
    Rep Power
    15
    Quote Originally Posted by Number6 View Post
    This is my squid.conf file:



    Is there anything wrong with this?
    I'd say it looks fine, other than asking why you have 24 childen set for your ntlm helper processes? Seems like a lot to me.

    edit: on second glances, I left the basic authenticators commented out - i just have the 3 lines for NTLM auth ..not 100% what difference that will be making to your setup?
    Last edited by ind1ekid; 9th April 2010 at 01:54 PM.

SHARE:
+ Post New Thread
Page 2 of 5 FirstFirst 12345 LastLast

Similar Threads

  1. Replies: 10
    Last Post: 11th May 2010, 10:13 AM
  2. need your expert opinion
    By lionsl2005 in forum AV and Multimedia Related
    Replies: 11
    Last Post: 14th December 2009, 02:53 PM
  3. Squid configuration problem
    By Cragzman in forum *nix
    Replies: 3
    Last Post: 22nd October 2008, 02:59 PM
  4. ntlm_auth | Dansguardian | Squid
    By ahuxham in forum *nix
    Replies: 11
    Last Post: 24th July 2008, 07:24 PM
  5. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •