Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problemas com SQUID e SQUIDGUARD autenticando no AD

    Scheduled Pinned Locked Moved Portuguese
    69 Posts 10 Posters 21.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      davidjrsp
      last edited by

      Bom dia Lucas

      Tentei fazer as configurações que falou e também não ta bloqueando
      Vc falou General Settings vc deixa como deny no General Setting nao achei a opção Deny

      estou te mandando uns prints.


      Henrique Deixei o b minusculo e também não foi :(

      pfsenselucas01.jpg
      pfsenselucas01.jpg_thumb
      pfsenseluca02.jpg
      pfsenseluca02.jpg_thumb
      pfsenselucas03.jpg
      pfsenselucas03.jpg_thumb
      pfsenselucas04.jpg
      pfsenselucas04.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • D Offline
        davidjrsp
        last edited by

        Estou dando o Apply e ainda vou em status e coloco para recarregar filtro
        fecho o browser do usuario e logo novamente, e limpo o cache também do browser

        1 Reply Last reply Reply Quote 0
        • L Offline
          lucaspolli
          last edited by

          @davidjrsp:

          Vc falou General Settings vc deixa como deny no General Setting nao achei a opção Deny

          Desculpe, errei o local é em Common ACL, na blacklist

          1 Reply Last reply Reply Quote 0
          • D Offline
            davidjrsp
            last edited by

            Lucas também não funcionou vc acredita !!!!!

            pfsenselucas05.jpg
            pfsenselucas05.jpg_thumb

            1 Reply Last reply Reply Quote 0
            • L Offline
              lucaspolli
              last edited by

              deixe a Bloqueia Sites como –- nessa pagina vc nao altera nada, somente se for colocar um whitelist

              1 Reply Last reply Reply Quote 0
              • D Offline
                davidjrsp
                last edited by

                Coloquei o –----- e também não funcionou

                pfsense06.jpg
                pfsense06.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • L Offline
                  lucaspolli
                  last edited by

                  limpou o cache do squid?

                  1 Reply Last reply Reply Quote 0
                  • D Offline
                    davidjrsp
                    last edited by

                    Não Limpei, é via Shell Console ? ou da pra fazer com a interface WEB

                    1 Reply Last reply Reply Quote 0
                    • L Offline
                      lucaspolli
                      last edited by

                      prefiro via shell, va no diretorio do cache, pare o squid, remova todos os arquivos (rm -R *), mais antes verifique se esta no local correto, depois de remover digite squid -z para recriar o cache e inicie novamente o squid, limpe o cache do navegador tb

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        davidjrsp
                        last edited by

                        Olá Lucas

                        fiz os seguintes comados via console e limpei o cache do browser

                        E também não rolo ate parei o serviço do squidguard e subi novamente e nada

                        /usr/local/etc/rc.d/squid.sh stop

                        rm -rf /var/squid/cache/

                        mkdir -p /var/squid/cache/

                        chown proxy:proxy /var/squid/cache/

                        chmod 750 /var/squid/cache/
                        squid -z

                        /usr/local/etc/rc.d/squid.sh start

                        1 Reply Last reply Reply Quote 0
                        • L Offline
                          lucaspolli
                          last edited by

                          a porta esta aberta no seu firewall?

                          1 Reply Last reply Reply Quote 0
                          • D Offline
                            davidjrsp
                            last edited by

                            Eu desabilitei o Firewall do Windows Server 2012 r2

                            1 Reply Last reply Reply Quote 0
                            • L Offline
                              lucaspolli
                              last edited by

                              firewall do pfsense..

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                davidjrsp
                                last edited by

                                Como o pfsense nao esta em producao ainda ta tudo liberado
                                Wan e Lan

                                to mandando print

                                pfsenseregrasfirewall.jpg
                                pfsenseregrasfirewall.jpg_thumb
                                pfsenseregrasfirewall2.jpg
                                pfsenseregrasfirewall2.jpg_thumb

                                1 Reply Last reply Reply Quote 0
                                • L Offline
                                  lucaspolli
                                  last edited by

                                  verifica os logs se aparece algum erro ao reiniciar o squid+squidguard

                                  1 Reply Last reply Reply Quote 0
                                  • D Offline
                                    davidjrsp
                                    last edited by

                                    SquidGuard

                                    Show top 50 entries. List from the line: << 0 >>
                                    16.06.2014 15:16:03 [squid_reconfigure] Add new redirector options to Squid config.
                                    16.06.2014 15:16:03 [squid_reconfigure] Remove old redirector options from Squid config.
                                    16.06.2014 15:16:03 [sg_reconfigure] Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                                    16.06.2014 15:16:03 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                                    16.06.2014 15:16:03 [sg_create_config] Add Default
                                    16.06.2014 15:16:03 [sg_create_config] Add ACL's: bloqueado;
                                    16.06.2014 15:16:02 [sg_create_config] Add rewrites: safesearch;
                                    16.06.2014 15:16:02 [sg_create_config] Add destinations: Bloqueia_Sites;
                                    16.06.2014 15:16:02 [sg_create_config] Add sources: bloqueado
                                    16.06.2014 15:16:02 [squidguard_rebuild_db] Start rebuild DB.
                                    16.06.2014 15:15:52 [squidguard_rebuild_db] Create rebuild config '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard__usrdbrebuild.conf'.
                                    16.06.2014 15:15:52 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20404&a=%a&n=%n&;i=%i&s=%s&t=%t&u=%u)
                                    16.06.2014 15:15:52 [sg_create_simple_config] Added item 'Bloqueia_Sites' = '/var/db/squidGuard/Bloqueia_Sites'.
                                    16.06.2014 15:15:52 [sg_create_simple_config] Begin with dbhome='/var/db/squidGuard'.
                                    16.06.2014 15:15:52 [squidguard_rebuild_db] Begin with path '/var/db/squidGuard'.
                                    16.06.2014 15:15:51 [sg_reconfigure_user_db] Add Bloqueia_Sites domains 'terra.com.br globo.com';
                                    16.06.2014 15:15:51 [sg_reconfigure_user_db] Add user entries
                                    16.06.2014 15:15:51 [sg_reconfigure_user_db] Begin with '/var/db/squidGuard'
                                    16.06.2014 15:15:14 [squid_reconfigure] Add new redirector options to Squid config.
                                    16.06.2014 15:15:14 [sg_reconfigure] Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                                    16.06.2014 15:15:14 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                                    16.06.2014 15:15:14 [sg_create_config] Add Default
                                    16.06.2014 15:15:14 [sg_create_config] Add ACL's: bloqueado;
                                    16.06.2014 15:15:14 [sg_create_config] Add rewrites: safesearch;
                                    16.06.2014 15:15:14 [sg_create_config] Add destinations: Bloqueia_Sites;
                                    16.06.2014 15:15:14 [sg_create_config] Add sources: bloqueado
                                    16.06.2014 15:15:14 [squidguard_rebuild_db] Start rebuild DB.
                                    16.06.2014 15:14:51 [squidguard_rebuild_db] Create rebuild config '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard__usrdbrebuild.conf'.
                                    16.06.2014 15:14:51 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20404&a=%a&n=%n&;i=%i&s=%s&t=%t&u=%u)
                                    16.06.2014 15:14:51 [sg_create_simple_config] Added item 'Bloqueia_Sites' = '/var/db/squidGuard/Bloqueia_Sites'.
                                    16.06.2014 15:14:51 [sg_create_simple_config] Begin with dbhome='/var/db/squidGuard'.
                                    16.06.2014 15:14:51 [squidguard_rebuild_db] Begin with path '/var/db/squidGuard'.
                                    16.06.2014 15:14:51 [sg_reconfigure_user_db] Add Bloqueia_Sites domains 'terra.com.br globo.com';
                                    16.06.2014 15:14:51 [sg_reconfigure_user_db] Add user entries
                                    16.06.2014 15:14:51 [sg_reconfigure_user_db] Begin with '/var/db/squidGuard'
                                    16.06.2014 15:13:57 [squid_reconfigure] Remove old redirector options from Squid config.
                                    16.06.2014 15:13:57 [sg_reconfigure] Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                                    16.06.2014 15:13:57 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                                    16.06.2014 15:13:57 [sg_create_config] Add Default
                                    16.06.2014 15:13:57 [sg_create_config] Add ACL's: bloqueado;
                                    16.06.2014 15:13:57 [sg_create_config] Add rewrites: safesearch;
                                    16.06.2014 15:13:57 [sg_create_config] Add destinations: Bloqueia_Sites;
                                    16.06.2014 15:13:57 [sg_create_config] Add sources: bloqueado
                                    16.06.2014 15:13:57 [squidguard_rebuild_db] Start rebuild DB.
                                    16.06.2014 15:13:46 [squidguard_rebuild_db] Create rebuild config '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard__usrdbrebuild.conf'.
                                    16.06.2014 15:13:46 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20404&a=%a&n=%n&;i=%i&s=%s&t=%t&u=%u)
                                    16.06.2014 15:13:46 [sg_create_simple_config] Added item 'Bloqueia_Sites' = '/var/db/squidGuard/Bloqueia_Sites'.
                                    16.06.2014 15:13:46 [sg_create_simple_config] Begin with dbhome='/var/db/squidGuard'.
                                    16.06.2014 15:13:46 [squidguard_rebuild_db] Begin with path '/var/db/squidGuard'.
                                    16.06.2014 15:13:45 [sg_reconfigure_user_db] Add Bloqueia_Sites domains 'terra.com.br globo.com';

                                    1 Reply Last reply Reply Quote 0
                                    • D Offline
                                      davidjrsp
                                      last edited by

                                      eu dei um tail dentro de cd /var/squid/logs tinha o arquivo cache.log

                                      só tinha esse arquivo

                                      [2.1.3-RELEASE][root@pfsense.localdomain]/var/squid/logs(36): tail -f cache.log
                                      2014-06-16 15:16:03 [78648] New setting: ldapbindpass: SENHA
                                      2014-06-16 15:16:03 [78648] syntax error in configfile /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf line 11
                                      2014-06-16 15:16:03 [78648] Going into emergency mode
                                      2014/06/16 15:16:03| Accepting proxy HTTP connections at 192.168.1.240, port 3128, FD 27.
                                      2014/06/16 15:16:03| Accepting proxy HTTP connections at 192.168.21.240, port 3128, FD 28.
                                      2014/06/16 15:16:03| Accepting HTCP messages on port 4827, FD 30.
                                      2014/06/16 15:16:03| Accepting SNMP messages on port 3401, FD 31.
                                      2014/06/16 15:16:03| WCCP Disabled.
                                      2014/06/16 15:16:03| Loaded Icons.
                                      2014/06/16 15:16:03| Ready to serve requests.

                                      1 Reply Last reply Reply Quote 0
                                      • D Offline
                                        davidjrsp
                                        last edited by

                                        Log do SquidGuard

                                        [2.1.3-RELEASE][root@pfsense.localdomain]/var/squidGuard/log(44): tail -f sg_configurator.log
                                        16.06.2014 15:16:02 : [squidguard_rebuild_db]  Start rebuild DB.
                                        16.06.2014 15:16:02 : [sg_create_config]  Add sources:  bloqueado
                                        16.06.2014 15:16:02 : [sg_create_config]  Add destinations:  Bloqueia_Sites;
                                        16.06.2014 15:16:02 : [sg_create_config]  Add rewrites:  safesearch;
                                        16.06.2014 15:16:03 : [sg_create_config]  Add ACL's:  bloqueado;
                                        16.06.2014 15:16:03 : [sg_create_config]  Add Default
                                        16.06.2014 15:16:03 : [sg_redirector_base_url]  Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                                        16.06.2014 15:16:03 : [sg_reconfigure]  Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                                        16.06.2014 15:16:03 : [squid_reconfigure]  Remove old redirector options from Squid config.
                                        16.06.2014 15:16:03 : [squid_reconfigure]  Add new redirector options to Squid config.

                                        1 Reply Last reply Reply Quote 0
                                        • D Offline
                                          davidjrsp
                                          last edited by

                                          Parece que tem um erro na conf do squidguard

                                          vou mandar a conf aqui

                                          logdir /var/squidGuard/log
                                          dbhome /var/db/squidGuard
                                          ldapbinddn cn=administrator,cn=Users,dc=dominio,dc=srv
                                          ldapbindpass senha do administrator
                                          ldapprotover 3

                                          src bloqueado {
                                                  ldapusersearch ldap://192.168.1.208:3268/DC=meudominio,DC=srv?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=bloqueado%2cCN=Users%2cDC=meudominio%2cDC=srv))
                                                  log block.log
                                          }

                                          dest Bloqueia_Sites {
                                                  domainlist Bloqueia_Sites/domains
                                                  log block.log
                                          }

                                          rew safesearch {
                                                  s@(google../search?.q=.)@\1&safe=active@i
                                                  s@(google..
                                          /images.q=.)@\1&safe=active@i
                                                  s@(google../groups.q=.)@\1&safe=active@i
                                                  s@(google..
                                          /news.q=.)@\1&safe=active@i
                                                  s@(yandex../yandsearch?.text=.)@\1&fyandex=1@i
                                                  s@(search.yahoo..
                                          /search.p=.)@\1&vm=r&v=1@i
                                                  s@(search.live../.q=.)@\1&adlt=strict@i
                                                  s@(search.msn..
                                          /.q=.)@\1&adlt=strict@i
                                                  s@(.bing..*/.q=.)@\1&adlt=strict@i
                                                  log block.log
                                          }

                                          acl  {
                                                  #
                                                  bloqueado  {
                                                          pass !Bloqueia_Sites all
                                                          log block.log
                                                  }
                                                  #
                                                  default  {
                                                          pass none
                                                          redirect http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
                                                          log block.log

                                          1 Reply Last reply Reply Quote 0
                                          • D Offline
                                            davidjrsp
                                            last edited by

                                            BOM DIA A TODOS FUNCIONOUUUUUUUUUUUUUU, DEPOIS ALGUNS DIAS DE TEXTES O PROBLEMA ERA A COISA MAIS BESTA DO MUNDO MEU CENARIO WINDOWS SERVER 2012 R2 PFSENSE 2.1.3 SQUID E SQUIDGUARD EU PRECISO BLOQUEAR GRUPOS DE USUARIOS DO ACTIVE DIRECTORY EM ALGUNS SITES E NAO FUNCIONAVA PELO SQUIDGUARD E PELO SQUID FUNCIONA A BLACKLIST NORMAL, O QUE REALMENTE ERA!!!!!!, É QUE A SENHA DO ADMINISTRATOR DO ACTIVE DIRETORY TINHA XXXX@XXXX O SQUID PASSAVA NUMA BOA PEGAVA OS USUARIOS DIREITINHO AGORA O SQUIDGUARD NAO PEGAVA, POR QUE O SQUIDGUARD NAO ACEITA A SENHA DO ADMINISTRADOR COM @ TROQUEI A SENHA NO WINDOWS SERVER E FUNCIONOU PERFEITAMENTE AS ACL DE BLOQUEIO QUERO AGRADECER O HENRIQUE E LUCAS QUE ME AJUDARAM MUITO MAIS MUITO MESMO COM O TEMPO DELES E O CONHECIMENTO DEUS ABENCOE A VCS POIS COMO EU DISSE PARA O HENRIQUE HOJE EM DIA É DIFICIL AS PESSOAS SEREM PRESTATIVOS

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.