Hi !
Thanks for the reply.
No! I've managed to sort it out.
I've downloaded the source rpm for squid 3.1.0.16, of Fedora Core 14, and build
an RPM from it. Installed, along with dansguardian 2.10.1.1, compiled from
source with this options:
--enable-email --with-proxygroup=squid --with-proxyuser=squid
--with-logdir=/var/log/ --enable-pcre (without the --original-ip: i guess this
one only matters if squid is going to be transparent)
Next, i've enabled the following options in squid.conf (along with others, but
i think this ones are the important here):
acl_uses_indirect_client on
follow_x_forwarded_for allow localhost
In dansguardian, i guess the important ones are:
forwardedfor = on
usexforwardedfor = on
After this, everything went ok and i have now dansguardian with squid and LDAP
authentication!
Cheers,
Bruno Santos
----- Original Message -----
From: "Jose Ildefonso Camargo Tolosa" <ildefonso.cama...@gmail.com>
To: "Bruno Santos" <bvsan...@hal.min-saude.pt>
Sent: Saturday, February 27, 2010 12:11:24 AM GMT +00:00 GMT Britain, Ireland,
Portugal
Subject: Re: [squid-users] squid + dansguardian + auth
Hi!
Sorry about the delay, do you still have the problem?
Ildefonso
On Wed, Feb 17, 2010 at 5:19 AM, Bruno Santos <bvsan...@hal.min-saude.pt> wrote:
> X-Copyrighted-Material
>
> Hi !
>
> No, i don't have those enabled. I'm using LDAP auth in squid (although i've
> enabled proxy-digest.conf in dansguardian)
>
> The problem here is the following:
>
> When the request reaches dansguardian, the machine IP who made the request is
> correct.
> When dansguardian passes the request to squid, it goes with the local machine
> IP (127.0.0.1) and squid denies the request....
> I've been messing around with the following dansguardian options:
> forwardedfor, usexforwardedfor and originalip
>
> Any hints ?
>
> I have another squid + dansguardian installation with transparent proxy and
> everything is working just fine...
>
> Cheers,
>
> Bruno Santos
>
>
> ----- Mensagem original -----
> De: "Jose Ildefonso Camargo Tolosa" <ildefonso.cama...@gmail.com>
> Para: "squid-users" <squid-users@squid-cache.org>
> Enviadas: Segunda-feira, 15 de Fevereiro de 2010 17:45:35 GMT +00:00 Hora de
> Greenwich, Irlanda, Portugal
> Assunto: Re: [squid-users] squid + dansguardian + auth
>
> Hi!
>
> I really don't understand why are you, people, so insistent on the
> "x-forwarded-for" thing..... it has nothing to do with authentication,
> unless you use IP as part of your ACLs, off course.
>
> Now, I repeat:
>
> authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
> authplugin = '/etc/dansguardian/authplugins/proxy-digest.conf'
> authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'
>
> That's and excerpt from the dansguardian.conf file. Do you have these
> enabled?
>
> I hope this helps,
>
> Ildefonso Camargo
>
> On Mon, Feb 15, 2010 at 5:47 AM, Bruno Santos <bvsan...@hal.min-saude.pt>
> wrote:
>> X-Copyrighted-Material
>>
>> Hi !
>>
>> Yes, i was careful to check in the SPEC file to see if there was such option
>> and it is present:
>> --enable-follow-x-forwarded-for
>>
>> The problem i guess is when dansguardian forwards the IP to squid, instead
>> of giving the orinal IP, it goes with the local IP.
>> But, with other options enabled, i get an html response - 400 bad request..
>
> --
>
> Use OpenSource Software
> Human knowledge belongs to the world
> Bruno Santos
> bvsan...@hal.min-saude.pt
> Tel: +351 962 753 053
> Divisão de Informática
> informat...@hal.min-saude.pt
> Tel: +351 272 000 155
> Fax: +351 272 000 257
> Unidade Local de Saúde de Castelo Branco, E.P.E.
> ge...@hal.min-saude.pt
> Tel: +351 272 000 272
> Fax: +351 272 000 257
>
> Linux registered user #349448
>
> LPIC-1 Certification
> -------------------------------------------------------------------------------------------
> Esta mensagem e ficheiros em anexo são confidenciais e destinados somente ao
> conhecimento e utilização da(s) pessoa(s) ou entidade(s) a quem foram
> endereçados.
> Cabe ao destinatário verificar a existência de vírus ou erros, uma vez que a
> informação contida pode ser interceptada e/ou modificada.
> Se recebeu este e-mail por engano, ou a eles teve acesso não sendo o
> destinatário, por favor informe de imediato o seu administrador de sistemas
> e elimine-o sem o utilizar, divulgar ou reproduzir.
>
> Proteja o ambiente. Antes de imprimir este e-mail, verifique se realmente
> necessita.
>
>
--
Use Open Source Software
Human knowledge belongs to the world
Bruno Santos
bvsan...@hal.min-saude.pt
Tel: +351 962 753 053
Divisão de Informática
informat...@hal.min-saude.pt
Tel: +351 272 000 155
Fax: +351 272 000 257
Unidade Local de Saúde de Castelo Branco, E.P.E.
ge...@hal.min-saude.pt
Tel: +351 272 000 272
Fax: +351 272 000 257
Linux registered user #349448
LPIC-1 Certification
