How to dansguardian auth with ldap
-
Try user@ domain instead of cn=user,CN=domain
-
hi,glad to see your reply
I change dansguardian ldap like this
hostname:jian.com
domain:dc=jian,dc=com
username:squid@jian.com
password:Admin@8888
mask:Userrun again
/usr/local/etc/dasr/local/www/dansguardian_ldap.php
it return
Content-type: text/html
Group : users
User list from LDAP is already the same as current group, no changes made1:what does it mean?and how to correct
2:what is use for option "mask"? -
if I delete all group in dansguardian,just left default
it return the sameContent-type: text/html
User list from LDAP is already the same as current group, no changes made
if I create a dansguardian group name "cccc",that's a group not in AD.
and check the ldap what I create before in group "cccc"
run the dansguardian_ldap.php again.
but is still said "same as current group"
I seem's a bug? -
when I update the ldap like
hostname:jian.com
domain:dc=jian,dc=com
username:squid@jian.com
password:Admin@8888
mask:Userand then I create a global group name "g1" instead of use build in group "users" in AD
then create group "g1" in dansguardian
it work!
the user list is update.thanks marcelloc!
-
I still get a problem
if i access the squid port it will prompt login and password,if correct pass
if I access the dansguardian,explorer direct prompt "cache access deny,until you have authenticated yourself. "who know how to correct this?
-
who know how to correct this?
Configure dansguardian auth to pass to squid on general tab -> auth plugin.
-
I found the problem
infact my test should be1:if i access the squid port3128 it will prompt login and password,if correct pass
2:if i access the dansguardian port8080 it will prompt login and password,if correct pass
3:if I make a nat redirect any port to 8080 in pfsense, the in explorer access default port 80. It will direct prompt deny access.
I am trying correct this.
and other thing.
1:I direct input username in dansguardian user's tab, dansguardian also work.so if just have few user,we can direct input instead of add a ldap. Right?
2:I add the ldap and run dansguardian_ldap.php success. and then delete the username in user's tab, after 2 minute it will not update automatic.Dear marcelloc, are you here? ;D
-
if I make a nat redirect any port to 8080 in pfsense, the in explorer access default port 80. It will direct prompt deny access.
I am trying correct this.
Authentication does not work with transparent proxy. Use proxy pac/wpad to configure client browsers.
1:I direct input username in dansguardian user's tab, dansguardian also work.so if just have few user,we can direct input instead of add a ldap. Right?
Yes
2:I add the ldap and run dansguardian_ldap.php success. and then delete the username in user's tab, after 2 minute it will not update automatic.
what update frequency did you configured for ldap fetch?
-
if I make a nat redirect any port to 8080 in pfsense, the in explorer access default port 80. It will direct prompt deny access.
I am trying correct this.
Authentication does not work with transparent proxy. Use proxy pac/wpad to configure client browsers.
In that case,the topology is: web request –> nat(80 redirect to 8080) --> dansguardian(8080) -->squid(3128) --> pfsense nat --> internet
so I have not set the transparent proxy in squid.
I make this config is want to zero config in client. -
web request –> nat(80 redirect to 8080) = transparent proxy