Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 4th September 2012, 15:23
Tularis Tularis is offline
Junior Member
 
Join Date: Sep 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Unhappy Web Filtering On Squid 3 Windows Active Directory Integration

Hello.

I have been following the steps provided in the HOWTO: Web Filtering On Squid 3 With QuintoLabs Content Security 1.4 And Windows Active Directory Integration (http://www.howtoforge.com/web-filter...integration-p2)

But I get presented with a login box for access to the proxy.



I type in the details, of any AD account but it just pops up again..
Everything seems to have gone OK and I haven't had any specified errors...
I am a quite a linux noob but have managed to work through this little project.

So any help would be greatly appreciated.

smb.conf
Code:
  [global]
	workgroup = PIT1
	realm = PIT1.LOCAL
	server string = Samba Server Version %v
	security = ADS
	log file = /var/log/samba/log.%m
	max log size = 50
	cups options = raw
	kerberos method = dedicated keytab
	dedicated keytab file = /etc/krb5.keytab

  [homes]
	comment = Home Directories
	read only = No
	browseable = No

  [printers]
	comment = All Printers
	path = /var/spool/samba
	printable = Yes
	browseable = No
squid.conf

Code:
# Setup NEGOTIATE authentication for Active Directory with Kerberos
#

auth_param negotiate program /usr/lib/squid/negotiate_kerb_auth -s HTTP/proxy
auth_param negotiate children 10
auth_param negotiate keep_alive on

#
# to see the negotiator log messages in the /var/log/squid/cache.log uncomment
# debug_options 29,9 and pass additional -d parameter to negotiate_kerb_auth
#

acl auth proxy_auth REQUIRED

#
# Recommended minimum configuration:
#

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.200.0/24	# RFC1918 possible internal network
# acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
# acl localnet src fc00::/7       # RFC 4193 local private network range
# acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# http_access allow localnet

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
# http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

http_access deny !auth
http_access allow auth

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# http_access allow localnet
# http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320
visible_hostname proxy.pit1.local


icap_enable on
icap_preview_enable on
icap_preview_size 4096
icap_persistent_connections on
icap_send_client_ip on
icap_send_client_username on
icap_service qlproxy1 reqmod_precache bypass=0 icap://127.0.0.1:1344/reqmod
icap_service qlproxy2 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod
adaptation_access qlproxy1 allow all
adaptation_access qlproxy2 allow all
I've probably missed something really simple...
Reply With Quote
Sponsored Links
  #2  
Old 10th September 2012, 10:17
Tularis Tularis is offline
Junior Member
 
Join Date: Sep 2012
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Bump?!....
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter warnings esezako General 7 27th September 2011 07:28
Webmin upgrade lishaw1968 Installation/Configuration 15 26th August 2010 15:23
Email problem 'Cannot set my user or group id.' (using ISPConfig 3 + OpenSuSE 11.2) urosm Installation/Configuration 5 19th June 2010 22:41
add web site serr57 Installation/Configuration 18 13th April 2008 11:40
ISP install problems Debian sarge 3.1 lerra Installation/Configuration 1 5th January 2006 16:37


All times are GMT +2. The time now is 14:06.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.