+ Post New Thread
Page 1 of 5 12345 LastLast
Results 1 to 15 of 69
*nix Thread, Dansguardian on windows 2003 domain in Technical; I managed to get a Suse 10.2 server installed with Squid and Dansguardian fully operational Has anyone found a good ...
  1. #1

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Dansguardian on windows 2003 domain

    I managed to get a Suse 10.2 server installed with Squid and Dansguardian fully operational

    Has anyone found a good method for automatically authenticating logged in domain users?

    I want the users to login to the Windows domain (with XP Pro), like they currently do and for Dansguardian (or Squid) to silently and automatically retrieve their username, so I can better track user internet activity.

    Thanks for any ideas.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    If you add the Linux Server to the Windows domain as a Domain member (you need to configure Kerberos, Samba and Winbind for this) you can use the ntlm_auth Squid authentication helper to make this work. However this only works for clients with IE or Firefox. It's best to configure the basic_auth too for fallback.

  3. #3

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    Thank you.

    I found in Suse 10.2's Yast control panel there is an option for Windows Domain Membership and Samba server. When I clicked on Domain membership, it downloaded files for samba and winbind. (I don't remember about Kerberos, I don't think it downloaded anything). I entered my domain name in Windows Domain Membership. Do I need to do anything else?

    (Right now, the linux pc is at my house, and not connected to the school network. I will connect it to the network when get everything mostly ready to go, so I hopefully only have small config changes to do).

    Anyway, is anyone familiar with this step? I'll admit, I am very new to linux, and still have a lot to learn. Thanks!

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    You need to verify what sort of membership it's decided to use. Open up /etc/samba/smb.conf in a text editor. You absolutely must use 'security = ADS'. If Yast has decided to do something else, you'll have to ignore it and configure samba and friends manually.

  5. #5

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    It does not even list a security line. I'm guessing this means I need to manually configure it?

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    yes

  7. #7

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    Quote Originally Posted by Geoff
    You need to verify what sort of membership it's decided to use. Open up /etc/samba/smb.conf in a text editor. You absolutely must use 'security = ADS'. If Yast has decided to do something else, you'll have to ignore it and configure samba and friends manually.
    I did some clicking around today and it turns out I had forgotten to actually join the domain. smb.conf now lists security = ADS. The linux machine is also now listed in Active Directory.

    Any tips on next steps, or additional tests I need to run?

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    Check winbind is installed and works. You do this by running the 'wbinfo -t' command.

  9. #9

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    OK. Below is the response after I ran the command.
    Code:
    checking the trust secret via RPC calls succeeded

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    Looks good. You can continue by configuring squid. Once squid is working, configure NTLM and basic authentication in squid. Then you can move on to dansguardian.

  11. #11

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    On one of the Squid documentation pages I just found, it recommended testing the NTLM authentication. I tried this and got an error message and was wondering if you have any ideas what might be wrong (if anything).

    It said to enter
    Code:
    /usr/bin/ntlm_auth --username=[username]
    at the console. I did this, and then it prompts for the password, like the documentation says.
    However, the documentation says it should then say NT_STATUS_OK, and if not, to recheck your config (nothing more specific, though). It actually says NT_STATUS_NO_SUCH_USER on an account that is part of the domain (the admin account).

    Thanks for any ideas. I GREATLY appreciate it and am learning a lot about linux.

  12. #12

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    try specifying the domain name too.

  13. #13

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    OK. I tried entering the username (the second one on the command) as DOMAIN\administrator (with domain the actual domain name, of course) and got the same error message.

    Something else interesting, I noticed on the logon screen there is an option to logon to Suse with your Windows domain username/password. I tried this, it started to login, then said
    Code:
    could not start kstartupconfig. Check your installation.
    and then goes back to the login screen.

    Could this be related?

  14. #14

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Dansguardian on windows 2003 domain

    You misunderstand.

    Code:
    /usr/bin/ntlm_auth --username=USERNAME --domain=DOMAIN

  15. #15

    Join Date
    Dec 2006
    Location
    US
    Posts
    300
    Thank Post
    64
    Thanked 17 Times in 16 Posts
    Rep Power
    18

    Re: Dansguardian on windows 2003 domain

    Sorry about that.

    Trying that revised code worked perfectly.
    It now says
    Code:
    NT_STATUS_OK: Success (0x0)


    Thanks! I'll try to configure Squid later today.

SHARE:
+ Post New Thread
Page 1 of 5 12345 LastLast

Similar Threads

  1. Blocking .EXE and COM etc on a new Windows 2003 Domain Help!
    By bigb3n in forum Network and Classroom Management
    Replies: 11
    Last Post: 22nd February 2013, 03:30 PM
  2. Upgrading 2003 SP1 domain controller to 2003 R2
    By Andi in forum Wireless Networks
    Replies: 4
    Last Post: 27th June 2007, 01:22 PM
  3. Replies: 10
    Last Post: 31st March 2007, 05:40 PM
  4. Replies: 3
    Last Post: 2nd February 2007, 10:09 AM
  5. Replies: 11
    Last Post: 10th November 2006, 06:42 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •