Squid authentication + Dansguardian (not NTLM)
-
Trying to set up some sort of authentication with squid and Dansguardian (to have different Dansguardian filter levels based on user). I know I could probably do it by IP address, but I'd prefer to have some sort of login mechanism. I don't want to do Active Directory (NTLM), since I don't have a server for that. I've tried implementing squid's "local" authentication mechanism, but even after enabling the appropriate Dansguardian auth plugins (Auth-Basic and/or Auth-Digest, I believe) it doesn't work. I've also tried implementing LDAP (I do have a server with that) and it didn't seem to work either, but I may not have done it correctly.
Does anybody been successful with the "local" squid authentication combined with Dansguardian? Or, less ideally, LDAP? Or maybe I could do it with Captive Portal somehow. Suggestions are welcome.
-
Local auth with Squid should just work although remember that you may have a different port to proxy through when using authentication. This may be your issue. Its also important to note that if you use authentication you've got to configure proxy settings; authentication doesn't work with interception (ie: transparent) proxying.
-
Local auth does "just work" if I configure my browser to point to squid, but then traffic doesn't get filtered by Dansguardian. Reading documentation and forum posts has given me the impression that enabling an auth plugin in Dansguardian will make it pass the auth attempt through to squid to allow it to work, but that hasn't been the case for me so far.
-
Figured it out. You have to configure the proxy settings to point directly to dansguardian (port 8080) instead of port forwarding from 80 to 8080. Still working on trying to get WPAD configured, but at least I know how to make it work.
-
You have to configure the proxy settings to point directly to dansguardian (port 8080) instead of port forwarding from 80 to 8080.
Sorry for the thread resurrection. I'm not clear how to do this. Is the setting changed in squid? Or is it a firewall/NAT rule that I have to write. Any chance you (or anyone) can post more detailed steps.
Thanks!