Internet Related/Filtering/Firewall Thread, Need a Dansguardian / Squid configuration expert in Technical; It means it's blocking the default group 1 as expected, but I'm in group 5 which has (or should have!) ...
9th August 2010, 03:16 PM #61
It means it's blocking the default group 1 as expected, but I'm in group 5 which has (or should have!) unrestricted access
9th August 2010, 03:22 PM #62
It must be reading your username correctly though to be able to say its going to ban you...
Are your filter groups reading everything right?
You can change the dansguardian access denied page to show which username is being banned - if that helps...
9th August 2010, 03:30 PM #63
I understood it was banning me as it's using group 1 as the 'deny all' as it hasn't picked my userID up in the group it should be in. I know very little about Squid/DG but when hitting DG first and looking at the Squid logs I would expect to see DG passing my IP and userID to squid, but it's not I only see 127.0.0.1. If this is correct then I'm wasting my time on the toubleshooting I'm trying. I've done all the tests (winbind, ntlm_auth command line, etc) I can find to verify that squid is picking up the user IDs from AD correctly (and it is, or seems to be)
I'll take a look at editing the denied page to see what that throws up- cheers!
10th August 2010, 11:42 AM #64
I've amended the block page to show the group that's being blocked and it is group1 no_web_access, howEver, as above I'm in group 5!
10th August 2010, 11:51 AM #65
Can you also get it to show username so that you can find out exactly who it thinks you are?
10th August 2010, 12:08 PM #66
The -USER- option is set in the template, but only "-" shows on the block page. It shows the PC that the request came from and the group though. It's as if it's not authenticating, but I can't work out why! There's some talk of kerberos issues between Squid 3 and DG, just trying to find out which exact version of Squid I'm running. Webmin shows 3.0
Originally Posted by siuko
edit: running Squid 3.0 stable 19
Last edited by joe90bass; 10th August 2010 at 12:14 PM.
10th August 2010, 12:11 PM #67
Yeah its definitely not picking up your username in DG so it dumps you in the default group.
In your squid logs is it showing the username at all? (I think you mentioned earlier that it was)
10th August 2010, 12:15 PM #68
It does show the name if I use 3128 in the proxy address (i.e squid direct) if I got to 8080 (DG) then no it just shows 127.0.0.1 in the log no user name
10th August 2010, 12:15 PM #69
My Dansguardian access log shows this :
2010.8.10 12:13:06 (username here) 10.25.74.1 Google GET 221 0 1 302 - normalgroup -
The username here was my username - I checked my squid logs and they dont seem to contain any usernames?
10th August 2010, 12:22 PM #70
Okay, so I'm barking up the wrong tree with that as an issue, or at least symptom of it
Just so frustrating as I'm so close to getting it working.......
10th August 2010, 12:31 PM #71
Can you disable username/password pass thru on IE so that it has to request your username and password to browse sites?
If you do this so you can check that it is requesting the details correctly and that it is also reading the username and password correctly from your DC.
Last Post: 11th May 2010, 10:13 AM
By lionsl2005 in forum AV and Multimedia Related
Last Post: 14th December 2009, 02:53 PM
By Cragzman in forum *nix
Last Post: 22nd October 2008, 02:59 PM
Last Post: 24th July 2008, 07:24 PM
By NetworkGeezer in forum *nix
Last Post: 13th February 2007, 02:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)