Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 3rd July 2008, 06:38
hjk_ym hjk_ym is offline
Junior Member
 
Join Date: Jul 2008
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default How to Install and configure Dansguardian with NTLM auth and multi-group Filtering on

Hi,

I have followed this guide to the best of my ability and can't seem to get over a hurdle. In squid.conf we set it it listen on ports 3128 and 8080. We set dansguardian.conf with a filter port of 3130 and proxy port of 3128.

So it goes browser 8080 --> squid 8080 ?

How does it get to dansguardian's filter port 3130? Mine seems to work fine authenticating and all, but I can't block anything.


Thanks if you can help.
btw, 8.04
Reply With Quote
Sponsored Links
  #2  
Old 6th August 2008, 01:45
ColonelPanic ColonelPanic is offline
Junior Member
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default ...I second that!

I would like an answer to this too if anyone knows. I'm hard at work trying to figure it out for myself, but I'm a bit thick so this could take a while.

shawn
Reply With Quote
  #3  
Old 6th August 2008, 02:22
ColonelPanic ColonelPanic is offline
Junior Member
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default ports

Oh, and from my understanding the ports involved are 8081(DG) 3128(DGtoSquid) 8080(Proxy Port) Am I wrong? Thanks,

Shawn
Reply With Quote
  #4  
Old 6th August 2008, 02:23
ColonelPanic ColonelPanic is offline
Junior Member
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default one more thing

Sorry for all the replies, but I need to get my post count above three so I can ask the author himself. Thanks,

Shawn
Reply With Quote
  #5  
Old 7th August 2008, 18:51
debiandabbler debiandabbler is offline
Junior Member
 
Join Date: Aug 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I too am trying this solution, but I cannot get DG to connect to Squid.... "Error connecting to parent proxy"

Reply With Quote
  #6  
Old 7th August 2008, 19:02
ColonelPanic ColonelPanic is offline
Junior Member
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

How closely did you follow the howto? I'm finding that the latest version of Debian with base system only doesn't even have the right repos for an apt-get installation of DG. Can you confirm that DG is running, and how many nics do you have in the computer?

shawn
Reply With Quote
  #7  
Old 7th August 2008, 19:14
debiandabbler debiandabbler is offline
Junior Member
 
Join Date: Aug 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Silly me!!!! Squid wasn't running.... Fixed now, but everything is blocked.. How do the filter groups tie up with Active directory groups?

Squid is set to 3128 localhost. DG Filter IP ***.***.***.****:8081 and Proxy IP 127.0.0.1:3128

Cheers

Last edited by debiandabbler; 7th August 2008 at 19:16.
Reply With Quote
  #8  
Old 7th August 2008, 19:18
ColonelPanic ColonelPanic is offline
Junior Member
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ha! we're having exactly the opposite problem. I'm able to get squid to check AD and NTLM to authenticate, but DG wont work right. Try this:


server:~# wbinfo -g
server:~# wbinfo -u

These two commands should check whether or not you're cool with Active Directory. You did join your domain already, right? Oh, and if you were able to install DG from apt-get, please send me a copy of your /etc/apt/sources.list file. Thanks!


Shawn
Reply With Quote
  #9  
Old 7th August 2008, 19:31
debiandabbler debiandabbler is offline
Junior Member
 
Join Date: Aug 2008
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

My AD lookup is working just fine, i can resolve users and groups easy, but i don't seem to be able to attribute an ad group to a filter group in dg....

DG is a stable package for etch....

deb http://ftp.uk.debian.org/debian/ etch main
deb-src http://ftp.debian.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

deb http://download.webmin.com/download/repository sarge contrib
Reply With Quote
  #10  
Old 7th August 2008, 19:44
ColonelPanic ColonelPanic is offline
Junior Member
 
Join Date: Aug 2008
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

cool, thank you for that file.

So as I understand it, NTLM is a user-level authentication. You'll still need to add AD usernames to the usergroupslist file under /etc/dansguardian. I don't know how to get squid to look so far into AD as to be able to determine group membership of the user. Another authentication method is IDENT, but I have no idea how that works or what it does. you should be able to simplify the addition of usernames to the config file by using the wbinfo command and piping it to a text file, but I haven't gotten quite that far yet. BTW, I'm starting over from scratch to try and get a handle on how exactly this thing is put together. I have been corresponding with the original author (and I'll post the transcript here once the questions are answered for other users to see) but I'm still a bit confused as to how the process works. I think I need a flowchart.


I do have a few questions for you to see how your experience has differed from mine:

Did all the line numbers that the howto told you to change match up to the line numbers in your config files? (dansguardian.conf, squid.conf, etc)

Were you able to install DG from the repository, and did you get the spelling error for resolvEconf (notice the "E") when installing things in the beginning?

When you did get DG installed, then installed the webmin module, was it compatible with your version of DG? Mine wasn't, but I got DG from another source since it wasn't in my repositories.

Thanks for collaborating, let me know if you have any more questions and I'll try to answer them with my meager linux knowledge.

Shawn

P.S.

Here's my default sources.list file from a base install of etch:

deb cdrom:[Debian GNU/Linux 4.0 r4 _Etch_ - Official i386 DVD Binary-1 20080726$

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

Last edited by ColonelPanic; 7th August 2008 at 19:46.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 14:23.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.