+ Post New Thread
Page 5 of 5 FirstFirst 12345
Results 61 to 71 of 71
Internet Related/Filtering/Firewall Thread, Need a Dansguardian / Squid configuration expert in Technical; It means it's blocking the default group 1 as expected, but I'm in group 5 which has (or should have!) ...
  1. #61
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    It means it's blocking the default group 1 as expected, but I'm in group 5 which has (or should have!) unrestricted access

  2. #62

    Join Date
    Dec 2005
    Posts
    521
    Thank Post
    34
    Thanked 86 Times in 76 Posts
    Rep Power
    39
    It must be reading your username correctly though to be able to say its going to ban you...

    Are your filter groups reading everything right?

    You can change the dansguardian access denied page to show which username is being banned - if that helps...

  3. #63
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    I understood it was banning me as it's using group 1 as the 'deny all' as it hasn't picked my userID up in the group it should be in. I know very little about Squid/DG but when hitting DG first and looking at the Squid logs I would expect to see DG passing my IP and userID to squid, but it's not I only see 127.0.0.1. If this is correct then I'm wasting my time on the toubleshooting I'm trying. I've done all the tests (winbind, ntlm_auth command line, etc) I can find to verify that squid is picking up the user IDs from AD correctly (and it is, or seems to be)

    I'll take a look at editing the denied page to see what that throws up- cheers!

  4. #64
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    I've amended the block page to show the group that's being blocked and it is group1 no_web_access, howEver, as above I'm in group 5!

  5. #65

    Join Date
    Dec 2005
    Posts
    521
    Thank Post
    34
    Thanked 86 Times in 76 Posts
    Rep Power
    39
    Can you also get it to show username so that you can find out exactly who it thinks you are?

  6. #66
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    Quote Originally Posted by siuko View Post
    Can you also get it to show username so that you can find out exactly who it thinks you are?
    The -USER- option is set in the template, but only "-" shows on the block page. It shows the PC that the request came from and the group though. It's as if it's not authenticating, but I can't work out why! There's some talk of kerberos issues between Squid 3 and DG, just trying to find out which exact version of Squid I'm running. Webmin shows 3.0

    edit: running Squid 3.0 stable 19
    Last edited by joe90bass; 10th August 2010 at 12:14 PM.

  7. #67

    Join Date
    Dec 2005
    Posts
    521
    Thank Post
    34
    Thanked 86 Times in 76 Posts
    Rep Power
    39
    Yeah its definitely not picking up your username in DG so it dumps you in the default group.

    In your squid logs is it showing the username at all? (I think you mentioned earlier that it was)

  8. #68
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    It does show the name if I use 3128 in the proxy address (i.e squid direct) if I got to 8080 (DG) then no it just shows 127.0.0.1 in the log no user name

  9. #69

    Join Date
    Dec 2005
    Posts
    521
    Thank Post
    34
    Thanked 86 Times in 76 Posts
    Rep Power
    39
    My Dansguardian access log shows this :

    2010.8.10 12:13:06 (username here) 10.25.74.1 Google GET 221 0 1 302 - normalgroup -

    The username here was my username - I checked my squid logs and they dont seem to contain any usernames?

  10. #70
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    Okay, so I'm barking up the wrong tree with that as an issue, or at least symptom of it

    Just so frustrating as I'm so close to getting it working.......

  11. #71

    Join Date
    Dec 2005
    Posts
    521
    Thank Post
    34
    Thanked 86 Times in 76 Posts
    Rep Power
    39
    Can you disable username/password pass thru on IE so that it has to request your username and password to browse sites?

    If you do this so you can check that it is requesting the details correctly and that it is also reading the username and password correctly from your DC.

SHARE:
+ Post New Thread
Page 5 of 5 FirstFirst 12345

Similar Threads

  1. Replies: 10
    Last Post: 11th May 2010, 10:13 AM
  2. need your expert opinion
    By lionsl2005 in forum AV and Multimedia Related
    Replies: 11
    Last Post: 14th December 2009, 02:53 PM
  3. Squid configuration problem
    By Cragzman in forum *nix
    Replies: 3
    Last Post: 22nd October 2008, 02:59 PM
  4. ntlm_auth | Dansguardian | Squid
    By ahuxham in forum *nix
    Replies: 11
    Last Post: 24th July 2008, 07:24 PM
  5. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •