Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problemas com SQUID e SQUIDGUARD autenticando no AD

    Scheduled Pinned Locked Moved Portuguese
    69 Posts 10 Posters 21.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      davidjrsp
      last edited by

      Lucas também não funcionou vc acredita !!!!!

      pfsenselucas05.jpg
      pfsenselucas05.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • L Offline
        lucaspolli
        last edited by

        deixe a Bloqueia Sites como –- nessa pagina vc nao altera nada, somente se for colocar um whitelist

        1 Reply Last reply Reply Quote 0
        • D Offline
          davidjrsp
          last edited by

          Coloquei o –----- e também não funcionou

          pfsense06.jpg
          pfsense06.jpg_thumb

          1 Reply Last reply Reply Quote 0
          • L Offline
            lucaspolli
            last edited by

            limpou o cache do squid?

            1 Reply Last reply Reply Quote 0
            • D Offline
              davidjrsp
              last edited by

              Não Limpei, é via Shell Console ? ou da pra fazer com a interface WEB

              1 Reply Last reply Reply Quote 0
              • L Offline
                lucaspolli
                last edited by

                prefiro via shell, va no diretorio do cache, pare o squid, remova todos os arquivos (rm -R *), mais antes verifique se esta no local correto, depois de remover digite squid -z para recriar o cache e inicie novamente o squid, limpe o cache do navegador tb

                1 Reply Last reply Reply Quote 0
                • D Offline
                  davidjrsp
                  last edited by

                  Olá Lucas

                  fiz os seguintes comados via console e limpei o cache do browser

                  E também não rolo ate parei o serviço do squidguard e subi novamente e nada

                  /usr/local/etc/rc.d/squid.sh stop

                  rm -rf /var/squid/cache/

                  mkdir -p /var/squid/cache/

                  chown proxy:proxy /var/squid/cache/

                  chmod 750 /var/squid/cache/
                  squid -z

                  /usr/local/etc/rc.d/squid.sh start

                  1 Reply Last reply Reply Quote 0
                  • L Offline
                    lucaspolli
                    last edited by

                    a porta esta aberta no seu firewall?

                    1 Reply Last reply Reply Quote 0
                    • D Offline
                      davidjrsp
                      last edited by

                      Eu desabilitei o Firewall do Windows Server 2012 r2

                      1 Reply Last reply Reply Quote 0
                      • L Offline
                        lucaspolli
                        last edited by

                        firewall do pfsense..

                        1 Reply Last reply Reply Quote 0
                        • D Offline
                          davidjrsp
                          last edited by

                          Como o pfsense nao esta em producao ainda ta tudo liberado
                          Wan e Lan

                          to mandando print

                          pfsenseregrasfirewall.jpg
                          pfsenseregrasfirewall.jpg_thumb
                          pfsenseregrasfirewall2.jpg
                          pfsenseregrasfirewall2.jpg_thumb

                          1 Reply Last reply Reply Quote 0
                          • L Offline
                            lucaspolli
                            last edited by

                            verifica os logs se aparece algum erro ao reiniciar o squid+squidguard

                            1 Reply Last reply Reply Quote 0
                            • D Offline
                              davidjrsp
                              last edited by

                              SquidGuard

                              Show top 50 entries. List from the line: << 0 >>
                              16.06.2014 15:16:03 [squid_reconfigure] Add new redirector options to Squid config.
                              16.06.2014 15:16:03 [squid_reconfigure] Remove old redirector options from Squid config.
                              16.06.2014 15:16:03 [sg_reconfigure] Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                              16.06.2014 15:16:03 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                              16.06.2014 15:16:03 [sg_create_config] Add Default
                              16.06.2014 15:16:03 [sg_create_config] Add ACL's: bloqueado;
                              16.06.2014 15:16:02 [sg_create_config] Add rewrites: safesearch;
                              16.06.2014 15:16:02 [sg_create_config] Add destinations: Bloqueia_Sites;
                              16.06.2014 15:16:02 [sg_create_config] Add sources: bloqueado
                              16.06.2014 15:16:02 [squidguard_rebuild_db] Start rebuild DB.
                              16.06.2014 15:15:52 [squidguard_rebuild_db] Create rebuild config '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard__usrdbrebuild.conf'.
                              16.06.2014 15:15:52 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20404&a=%a&n=%n&;i=%i&s=%s&t=%t&u=%u)
                              16.06.2014 15:15:52 [sg_create_simple_config] Added item 'Bloqueia_Sites' = '/var/db/squidGuard/Bloqueia_Sites'.
                              16.06.2014 15:15:52 [sg_create_simple_config] Begin with dbhome='/var/db/squidGuard'.
                              16.06.2014 15:15:52 [squidguard_rebuild_db] Begin with path '/var/db/squidGuard'.
                              16.06.2014 15:15:51 [sg_reconfigure_user_db] Add Bloqueia_Sites domains 'terra.com.br globo.com';
                              16.06.2014 15:15:51 [sg_reconfigure_user_db] Add user entries
                              16.06.2014 15:15:51 [sg_reconfigure_user_db] Begin with '/var/db/squidGuard'
                              16.06.2014 15:15:14 [squid_reconfigure] Add new redirector options to Squid config.
                              16.06.2014 15:15:14 [sg_reconfigure] Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                              16.06.2014 15:15:14 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                              16.06.2014 15:15:14 [sg_create_config] Add Default
                              16.06.2014 15:15:14 [sg_create_config] Add ACL's: bloqueado;
                              16.06.2014 15:15:14 [sg_create_config] Add rewrites: safesearch;
                              16.06.2014 15:15:14 [sg_create_config] Add destinations: Bloqueia_Sites;
                              16.06.2014 15:15:14 [sg_create_config] Add sources: bloqueado
                              16.06.2014 15:15:14 [squidguard_rebuild_db] Start rebuild DB.
                              16.06.2014 15:14:51 [squidguard_rebuild_db] Create rebuild config '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard__usrdbrebuild.conf'.
                              16.06.2014 15:14:51 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20404&a=%a&n=%n&;i=%i&s=%s&t=%t&u=%u)
                              16.06.2014 15:14:51 [sg_create_simple_config] Added item 'Bloqueia_Sites' = '/var/db/squidGuard/Bloqueia_Sites'.
                              16.06.2014 15:14:51 [sg_create_simple_config] Begin with dbhome='/var/db/squidGuard'.
                              16.06.2014 15:14:51 [squidguard_rebuild_db] Begin with path '/var/db/squidGuard'.
                              16.06.2014 15:14:51 [sg_reconfigure_user_db] Add Bloqueia_Sites domains 'terra.com.br globo.com';
                              16.06.2014 15:14:51 [sg_reconfigure_user_db] Add user entries
                              16.06.2014 15:14:51 [sg_reconfigure_user_db] Begin with '/var/db/squidGuard'
                              16.06.2014 15:13:57 [squid_reconfigure] Remove old redirector options from Squid config.
                              16.06.2014 15:13:57 [sg_reconfigure] Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                              16.06.2014 15:13:57 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                              16.06.2014 15:13:57 [sg_create_config] Add Default
                              16.06.2014 15:13:57 [sg_create_config] Add ACL's: bloqueado;
                              16.06.2014 15:13:57 [sg_create_config] Add rewrites: safesearch;
                              16.06.2014 15:13:57 [sg_create_config] Add destinations: Bloqueia_Sites;
                              16.06.2014 15:13:57 [sg_create_config] Add sources: bloqueado
                              16.06.2014 15:13:57 [squidguard_rebuild_db] Start rebuild DB.
                              16.06.2014 15:13:46 [squidguard_rebuild_db] Create rebuild config '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard__usrdbrebuild.conf'.
                              16.06.2014 15:13:46 [sg_redirector_base_url] Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20404&a=%a&n=%n&;i=%i&s=%s&t=%t&u=%u)
                              16.06.2014 15:13:46 [sg_create_simple_config] Added item 'Bloqueia_Sites' = '/var/db/squidGuard/Bloqueia_Sites'.
                              16.06.2014 15:13:46 [sg_create_simple_config] Begin with dbhome='/var/db/squidGuard'.
                              16.06.2014 15:13:46 [squidguard_rebuild_db] Begin with path '/var/db/squidGuard'.
                              16.06.2014 15:13:45 [sg_reconfigure_user_db] Add Bloqueia_Sites domains 'terra.com.br globo.com';

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                davidjrsp
                                last edited by

                                eu dei um tail dentro de cd /var/squid/logs tinha o arquivo cache.log

                                só tinha esse arquivo

                                [2.1.3-RELEASE][root@pfsense.localdomain]/var/squid/logs(36): tail -f cache.log
                                2014-06-16 15:16:03 [78648] New setting: ldapbindpass: SENHA
                                2014-06-16 15:16:03 [78648] syntax error in configfile /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf line 11
                                2014-06-16 15:16:03 [78648] Going into emergency mode
                                2014/06/16 15:16:03| Accepting proxy HTTP connections at 192.168.1.240, port 3128, FD 27.
                                2014/06/16 15:16:03| Accepting proxy HTTP connections at 192.168.21.240, port 3128, FD 28.
                                2014/06/16 15:16:03| Accepting HTCP messages on port 4827, FD 30.
                                2014/06/16 15:16:03| Accepting SNMP messages on port 3401, FD 31.
                                2014/06/16 15:16:03| WCCP Disabled.
                                2014/06/16 15:16:03| Loaded Icons.
                                2014/06/16 15:16:03| Ready to serve requests.

                                1 Reply Last reply Reply Quote 0
                                • D Offline
                                  davidjrsp
                                  last edited by

                                  Log do SquidGuard

                                  [2.1.3-RELEASE][root@pfsense.localdomain]/var/squidGuard/log(44): tail -f sg_configurator.log
                                  16.06.2014 15:16:02 : [squidguard_rebuild_db]  Start rebuild DB.
                                  16.06.2014 15:16:02 : [sg_create_config]  Add sources:  bloqueado
                                  16.06.2014 15:16:02 : [sg_create_config]  Add destinations:  Bloqueia_Sites;
                                  16.06.2014 15:16:02 : [sg_create_config]  Add rewrites:  safesearch;
                                  16.06.2014 15:16:03 : [sg_create_config]  Add ACL's:  bloqueado;
                                  16.06.2014 15:16:03 : [sg_create_config]  Add Default
                                  16.06.2014 15:16:03 : [sg_redirector_base_url]  Select redirector base url (http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u)
                                  16.06.2014 15:16:03 : [sg_reconfigure]  Save squidGuard config to '/usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf'.
                                  16.06.2014 15:16:03 : [squid_reconfigure]  Remove old redirector options from Squid config.
                                  16.06.2014 15:16:03 : [squid_reconfigure]  Add new redirector options to Squid config.

                                  1 Reply Last reply Reply Quote 0
                                  • D Offline
                                    davidjrsp
                                    last edited by

                                    Parece que tem um erro na conf do squidguard

                                    vou mandar a conf aqui

                                    logdir /var/squidGuard/log
                                    dbhome /var/db/squidGuard
                                    ldapbinddn cn=administrator,cn=Users,dc=dominio,dc=srv
                                    ldapbindpass senha do administrator
                                    ldapprotover 3

                                    src bloqueado {
                                            ldapusersearch ldap://192.168.1.208:3268/DC=meudominio,DC=srv?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=bloqueado%2cCN=Users%2cDC=meudominio%2cDC=srv))
                                            log block.log
                                    }

                                    dest Bloqueia_Sites {
                                            domainlist Bloqueia_Sites/domains
                                            log block.log
                                    }

                                    rew safesearch {
                                            s@(google../search?.q=.)@\1&safe=active@i
                                            s@(google..
                                    /images.q=.)@\1&safe=active@i
                                            s@(google../groups.q=.)@\1&safe=active@i
                                            s@(google..
                                    /news.q=.)@\1&safe=active@i
                                            s@(yandex../yandsearch?.text=.)@\1&fyandex=1@i
                                            s@(search.yahoo..
                                    /search.p=.)@\1&vm=r&v=1@i
                                            s@(search.live../.q=.)@\1&adlt=strict@i
                                            s@(search.msn..
                                    /.q=.)@\1&adlt=strict@i
                                            s@(.bing..*/.q=.)@\1&adlt=strict@i
                                            log block.log
                                    }

                                    acl  {
                                            #
                                            bloqueado  {
                                                    pass !Bloqueia_Sites all
                                                    log block.log
                                            }
                                            #
                                            default  {
                                                    pass none
                                                    redirect http://192.168.1.240:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
                                                    log block.log

                                    1 Reply Last reply Reply Quote 0
                                    • D Offline
                                      davidjrsp
                                      last edited by

                                      BOM DIA A TODOS FUNCIONOUUUUUUUUUUUUUU, DEPOIS ALGUNS DIAS DE TEXTES O PROBLEMA ERA A COISA MAIS BESTA DO MUNDO MEU CENARIO WINDOWS SERVER 2012 R2 PFSENSE 2.1.3 SQUID E SQUIDGUARD EU PRECISO BLOQUEAR GRUPOS DE USUARIOS DO ACTIVE DIRECTORY EM ALGUNS SITES E NAO FUNCIONAVA PELO SQUIDGUARD E PELO SQUID FUNCIONA A BLACKLIST NORMAL, O QUE REALMENTE ERA!!!!!!, É QUE A SENHA DO ADMINISTRATOR DO ACTIVE DIRETORY TINHA XXXX@XXXX O SQUID PASSAVA NUMA BOA PEGAVA OS USUARIOS DIREITINHO AGORA O SQUIDGUARD NAO PEGAVA, POR QUE O SQUIDGUARD NAO ACEITA A SENHA DO ADMINISTRADOR COM @ TROQUEI A SENHA NO WINDOWS SERVER E FUNCIONOU PERFEITAMENTE AS ACL DE BLOQUEIO QUERO AGRADECER O HENRIQUE E LUCAS QUE ME AJUDARAM MUITO MAIS MUITO MESMO COM O TEMPO DELES E O CONHECIMENTO DEUS ABENCOE A VCS POIS COMO EU DISSE PARA O HENRIQUE HOJE EM DIA É DIFICIL AS PESSOAS SEREM PRESTATIVOS

                                      1 Reply Last reply Reply Quote 0
                                      • B Offline
                                        brf
                                        last edited by

                                        Boa noite pessoal,

                                        Estou com um problema parecido com o apresentado neste post, o Squid está autenticando no meu AD, dentro dos logs consigo ver o usuário. Criei 3 grupos no AD e repliquei eles no Group ACL do SquidGuard, porém nele os logs não aparecem as informações de usuário.

                                        Grupos criados:

                                        • Liberado

                                        • Bloqueado

                                        • Restrito

                                        Configuração do SquidGuard

                                        # ============================================================
                                        # SquidGuard configuration file
                                        # This file generated automaticly with SquidGuard configurator
                                        # (C)2006 Serg Dvoriancev
                                        # email: dv_serg@mail.ru
                                        # ============================================================
                                        
                                        logdir /var/squidGuard/log
                                        dbhome /var/db/squidGuard
                                        ldapbinddn CN=squid,OU=Internet,DC=blumenau,DC=dominio,DC=local
                                        ldapbindpass senha
                                        ldapprotover 3
                                        
                                        # Acesso Bloqueado a Internet
                                        src Bloqueado {
                                        	ldapusersearch ldap://192.168.16.250:389/DC=blumenau,DC=dominio,DC=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=Bloqueado%2cOU=Internet%2cDC=blumenau%2cDC=dominio%2cDC=local))
                                        	log block.log
                                        }
                                        
                                        # Acesso Restrito a Internet
                                        src Restrito {
                                        	ldapusersearch ldap://192.168.16.250:389/DC=blumenau,DC=dominio,DC=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=Restrito%2cOU=Internet%2cOU=MyBusiness%2cDC=blumenau%2cDC=dominio%2cDC=local))
                                        	log block.log
                                        }
                                        
                                        # Acesso Liberado a Internet
                                        src Liberado {
                                        	ldapusersearch ldap://192.168.16.250:389/DC=blumenau,DC=dominio,DC=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=Liberado%2cOU=Internet%2cDC=blumenau%2cDC=dominio%2cDC=local))
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_adv {
                                        	domainlist blk_BL_adv/domains
                                        	urllist blk_BL_adv/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_aggressive {
                                        	domainlist blk_BL_aggressive/domains
                                        	urllist blk_BL_aggressive/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_alcohol {
                                        	domainlist blk_BL_alcohol/domains
                                        	urllist blk_BL_alcohol/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_anonvpn {
                                        	domainlist blk_BL_anonvpn/domains
                                        	urllist blk_BL_anonvpn/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_automobile_bikes {
                                        	domainlist blk_BL_automobile_bikes/domains
                                        	urllist blk_BL_automobile_bikes/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_automobile_boats {
                                        	domainlist blk_BL_automobile_boats/domains
                                        	urllist blk_BL_automobile_boats/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_automobile_cars {
                                        	domainlist blk_BL_automobile_cars/domains
                                        	urllist blk_BL_automobile_cars/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_automobile_planes {
                                        	domainlist blk_BL_automobile_planes/domains
                                        	urllist blk_BL_automobile_planes/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_chat {
                                        	domainlist blk_BL_chat/domains
                                        	urllist blk_BL_chat/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_costtraps {
                                        	domainlist blk_BL_costtraps/domains
                                        	urllist blk_BL_costtraps/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_dating {
                                        	domainlist blk_BL_dating/domains
                                        	urllist blk_BL_dating/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_downloads {
                                        	domainlist blk_BL_downloads/domains
                                        	urllist blk_BL_downloads/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_drugs {
                                        	domainlist blk_BL_drugs/domains
                                        	urllist blk_BL_drugs/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_dynamic {
                                        	domainlist blk_BL_dynamic/domains
                                        	urllist blk_BL_dynamic/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_education_schools {
                                        	domainlist blk_BL_education_schools/domains
                                        	urllist blk_BL_education_schools/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_finance_banking {
                                        	domainlist blk_BL_finance_banking/domains
                                        	urllist blk_BL_finance_banking/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_finance_insurance {
                                        	domainlist blk_BL_finance_insurance/domains
                                        	urllist blk_BL_finance_insurance/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_finance_moneylending {
                                        	domainlist blk_BL_finance_moneylending/domains
                                        	urllist blk_BL_finance_moneylending/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_finance_other {
                                        	domainlist blk_BL_finance_other/domains
                                        	urllist blk_BL_finance_other/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_finance_realestate {
                                        	domainlist blk_BL_finance_realestate/domains
                                        	urllist blk_BL_finance_realestate/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_finance_trading {
                                        	domainlist blk_BL_finance_trading/domains
                                        	urllist blk_BL_finance_trading/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_fortunetelling {
                                        	domainlist blk_BL_fortunetelling/domains
                                        	urllist blk_BL_fortunetelling/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_forum {
                                        	domainlist blk_BL_forum/domains
                                        	urllist blk_BL_forum/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_gamble {
                                        	domainlist blk_BL_gamble/domains
                                        	urllist blk_BL_gamble/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_government {
                                        	domainlist blk_BL_government/domains
                                        	urllist blk_BL_government/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hacking {
                                        	domainlist blk_BL_hacking/domains
                                        	urllist blk_BL_hacking/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hobby_cooking {
                                        	domainlist blk_BL_hobby_cooking/domains
                                        	urllist blk_BL_hobby_cooking/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hobby_games-misc {
                                        	domainlist blk_BL_hobby_games-misc/domains
                                        	urllist blk_BL_hobby_games-misc/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hobby_games-online {
                                        	domainlist blk_BL_hobby_games-online/domains
                                        	urllist blk_BL_hobby_games-online/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hobby_gardening {
                                        	domainlist blk_BL_hobby_gardening/domains
                                        	urllist blk_BL_hobby_gardening/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hobby_pets {
                                        	domainlist blk_BL_hobby_pets/domains
                                        	urllist blk_BL_hobby_pets/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_homestyle {
                                        	domainlist blk_BL_homestyle/domains
                                        	urllist blk_BL_homestyle/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_hospitals {
                                        	domainlist blk_BL_hospitals/domains
                                        	urllist blk_BL_hospitals/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_imagehosting {
                                        	domainlist blk_BL_imagehosting/domains
                                        	urllist blk_BL_imagehosting/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_isp {
                                        	domainlist blk_BL_isp/domains
                                        	urllist blk_BL_isp/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_jobsearch {
                                        	domainlist blk_BL_jobsearch/domains
                                        	urllist blk_BL_jobsearch/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_library {
                                        	domainlist blk_BL_library/domains
                                        	urllist blk_BL_library/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_military {
                                        	domainlist blk_BL_military/domains
                                        	urllist blk_BL_military/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_models {
                                        	domainlist blk_BL_models/domains
                                        	urllist blk_BL_models/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_movies {
                                        	domainlist blk_BL_movies/domains
                                        	urllist blk_BL_movies/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_music {
                                        	domainlist blk_BL_music/domains
                                        	urllist blk_BL_music/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_news {
                                        	domainlist blk_BL_news/domains
                                        	urllist blk_BL_news/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_podcasts {
                                        	domainlist blk_BL_podcasts/domains
                                        	urllist blk_BL_podcasts/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_politics {
                                        	domainlist blk_BL_politics/domains
                                        	urllist blk_BL_politics/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_porn {
                                        	domainlist blk_BL_porn/domains
                                        	urllist blk_BL_porn/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_radiotv {
                                        	domainlist blk_BL_radiotv/domains
                                        	urllist blk_BL_radiotv/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_recreation_humor {
                                        	domainlist blk_BL_recreation_humor/domains
                                        	urllist blk_BL_recreation_humor/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_recreation_martialarts {
                                        	domainlist blk_BL_recreation_martialarts/domains
                                        	urllist blk_BL_recreation_martialarts/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_recreation_restaurants {
                                        	domainlist blk_BL_recreation_restaurants/domains
                                        	urllist blk_BL_recreation_restaurants/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_recreation_sports {
                                        	domainlist blk_BL_recreation_sports/domains
                                        	urllist blk_BL_recreation_sports/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_recreation_travel {
                                        	domainlist blk_BL_recreation_travel/domains
                                        	urllist blk_BL_recreation_travel/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_recreation_wellness {
                                        	domainlist blk_BL_recreation_wellness/domains
                                        	urllist blk_BL_recreation_wellness/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_redirector {
                                        	domainlist blk_BL_redirector/domains
                                        	urllist blk_BL_redirector/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_religion {
                                        	domainlist blk_BL_religion/domains
                                        	urllist blk_BL_religion/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_remotecontrol {
                                        	domainlist blk_BL_remotecontrol/domains
                                        	urllist blk_BL_remotecontrol/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_ringtones {
                                        	domainlist blk_BL_ringtones/domains
                                        	urllist blk_BL_ringtones/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_science_astronomy {
                                        	domainlist blk_BL_science_astronomy/domains
                                        	urllist blk_BL_science_astronomy/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_science_chemistry {
                                        	domainlist blk_BL_science_chemistry/domains
                                        	urllist blk_BL_science_chemistry/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_searchengines {
                                        	domainlist blk_BL_searchengines/domains
                                        	urllist blk_BL_searchengines/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_sex_education {
                                        	domainlist blk_BL_sex_education/domains
                                        	urllist blk_BL_sex_education/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_sex_lingerie {
                                        	domainlist blk_BL_sex_lingerie/domains
                                        	urllist blk_BL_sex_lingerie/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_shopping {
                                        	domainlist blk_BL_shopping/domains
                                        	urllist blk_BL_shopping/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_socialnet {
                                        	domainlist blk_BL_socialnet/domains
                                        	urllist blk_BL_socialnet/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_spyware {
                                        	domainlist blk_BL_spyware/domains
                                        	urllist blk_BL_spyware/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_tracker {
                                        	domainlist blk_BL_tracker/domains
                                        	urllist blk_BL_tracker/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_updatesites {
                                        	domainlist blk_BL_updatesites/domains
                                        	urllist blk_BL_updatesites/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_urlshortener {
                                        	domainlist blk_BL_urlshortener/domains
                                        	urllist blk_BL_urlshortener/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_violence {
                                        	domainlist blk_BL_violence/domains
                                        	urllist blk_BL_violence/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_warez {
                                        	domainlist blk_BL_warez/domains
                                        	urllist blk_BL_warez/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_weapons {
                                        	domainlist blk_BL_weapons/domains
                                        	urllist blk_BL_weapons/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_webmail {
                                        	domainlist blk_BL_webmail/domains
                                        	urllist blk_BL_webmail/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_webphone {
                                        	domainlist blk_BL_webphone/domains
                                        	urllist blk_BL_webphone/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_webradio {
                                        	domainlist blk_BL_webradio/domains
                                        	urllist blk_BL_webradio/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        dest blk_BL_webtv {
                                        	domainlist blk_BL_webtv/domains
                                        	urllist blk_BL_webtv/urls
                                        	log block.log
                                        }
                                        
                                        # 
                                        rew safesearch {
                                        	s@(google..*/search?.*q=.*)@&safe=active@i
                                        	s@(google..*/images.*q=.*)@&safe=active@i
                                        	s@(google..*/groups.*q=.*)@&safe=active@i
                                        	s@(google..*/news.*q=.*)@&safe=active@i
                                        	s@(yandex..*/yandsearch?.*text=.*)@&fyandex=1@i
                                        	s@(search.yahoo..*/search.*p=.*)@&vm=r&v=1@i
                                        	s@(search.live..*/.*q=.*)@&adlt=strict@i
                                        	s@(search.msn..*/.*q=.*)@&adlt=strict@i
                                        	s@(.bing..*/.*q=.*)@&adlt=strict@i
                                        	log block.log
                                        }
                                        
                                        # 
                                        acl  {
                                        	# Acesso Bloqueado a Internet
                                        	Bloqueado  {
                                        		pass none
                                        		log block.log
                                        	}
                                        	# Acesso Restrito a Internet
                                        	Restrito  {
                                        		pass all
                                        		log block.log
                                        	}
                                        	# Acesso Liberado a Internet
                                        	Liberado  {
                                        		pass !blk_BL_socialnet all
                                        		redirect http://192.168.32.254:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
                                        		log block.log
                                        	}
                                        	# 
                                        	default  {
                                        		pass none
                                        		redirect http://192.168.32.254:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u
                                        		log block.log
                                        	}
                                        }
                                        

                                        Configuração do Squid

                                        # This file is automatically generated by pfSense
                                        # Do not edit manually !
                                        http_port 192.168.32.254:3128
                                        icp_port 7
                                        dns_v4_first off
                                        pid_filename /var/run/squid.pid
                                        cache_effective_user proxy
                                        cache_effective_group proxy
                                        error_default_language pt-br
                                        icon_directory /usr/pbi/squid-amd64/etc/squid/icons
                                        visible_hostname srvnas-fw01.blumenau.dominio.local
                                        cache_mgr suporte@dominio.com.br
                                        access_log /var/squid/logs/access.log
                                        cache_log /var/squid/logs/cache.log
                                        cache_store_log none
                                        sslcrtd_children 0
                                        logfile_rotate 0
                                        shutdown_lifetime 3 seconds
                                        # Allow local network(s) on interface(s)
                                        acl localnet src  192.168.32.0/24
                                        httpd_suppress_version_string on
                                        uri_whitespace strip
                                        
                                        acl dynamic urlpath_regex cgi-bin ?
                                        cache deny dynamic
                                        cache_mem 8 MB
                                        maximum_object_size_in_memory 32 KB
                                        memory_replacement_policy heap GDSF
                                        cache_replacement_policy heap LFUDA
                                        cache_dir ufs /var/squid/cache 100 16 256
                                        minimum_object_size 0 KB
                                        maximum_object_size 10 KB
                                        offline_mode off
                                        # No redirector configured
                                        
                                        #Remote proxies
                                        
                                        # Setup some default acls
                                        acl allsrc src all
                                        acl localhost src 127.0.0.1/32
                                        acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
                                        acl sslports port 443 563  
                                        acl manager proto cache_object
                                        acl purge method PURGE
                                        acl connect method CONNECT
                                        
                                        # Define protocols used for redirects
                                        acl HTTP proto HTTP
                                        acl HTTPS proto HTTPS
                                        
                                        http_access allow manager localhost
                                        
                                        http_access deny manager
                                        http_access allow purge localhost
                                        http_access deny purge
                                        http_access deny !safeports
                                        http_access deny CONNECT !sslports
                                        
                                        # Always allow localhost connections
                                        http_access allow localhost
                                        
                                        request_body_max_size 0 KB
                                        delay_pools 1
                                        delay_class 1 2
                                        delay_parameters 1 -1/-1 -1/-1
                                        delay_initial_bucket_level 100
                                        delay_access 1 allow allsrc
                                        
                                        # Reverse Proxy settings
                                        
                                        # Package Integration
                                        redirect_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
                                        redirector_bypass off
                                        url_rewrite_children 5
                                        
                                        # Custom options
                                        
                                        auth_param basic program /usr/pbi/squid-amd64/libexec/squid/squid_ldap_auth -v 3 -b DC=blumenau,DC=dominio,DC=local -D CN=squid,OU=Internet,DC=blumenau,DC=dominio,DC=local -w senha -f '(sAMAccountName=%s)' -u uid -P 192.168.16.250:389
                                        auth_param basic children 5
                                        auth_param basic realm Informe Credencial
                                        auth_param basic credentialsttl 60 minutes
                                        acl password proxy_auth REQUIRED
                                        http_access allow password localnet
                                        # Default block all to be sure
                                        http_access deny allsrc
                                        
                                        

                                        Eu já bati muito a cabeça para tentar descobrir e não achei os erros, alguns erros já filtrei, a minha senha por exemplo está dentro dos padrões, consegui validar a pesquisa LDAP do Squid, mas não sei como validar a pesquisa do SquidGuard. Alguém consegue ver algo que posso estar deixando passar despercebido. Se vocês perceberam existem 2 redes distintas:

                                        192.168.16.0/24 - Rede da Matriz
                                        192.168.32.0/24 - Rede da Filial

                                        As quais interliguei elas com o OpenVPN e as regras do firewall estão 100% liberadas entre elas, tanto é que a autenticação no AD funciona, o que descarta um problema de comunicação.

                                        Obrigado,

                                        Bruno

                                        1 Reply Last reply Reply Quote 0
                                        • B Offline
                                          brunopinheiro
                                          last edited by

                                          @davidjrsp:

                                          É QUE A SENHA DO ADMINISTRATOR DO ACTIVE DIRETORY TINHA XXXX@XXXX O SQUID PASSAVA NUMA BOA PEGAVA OS USUARIOS DIREITINHO AGORA O SQUIDGUARD NAO PEGAVA, POR QUE O SQUIDGUARD NAO ACEITA A SENHA DO ADMINISTRADOR COM @ TROQUEI A SENHA NO WINDOWS SERVER E FUNCIONOU PERFEITAMENTE

                                          Tambem passei por essa dificuldade (muitos dias :D), o pior disso é que está explicito no squidguard informando a respeito :p

                                          (Password must be initialize with letters (Ex: Change123), valid format: [a-zA-Z/][a-zA-Z0-9/_-./:%+?=&] )

                                          abraços.

                                          Bruno Pinheiro.

                                          1 Reply Last reply Reply Quote 0
                                          • B Offline
                                            brunopinheiro
                                            last edited by

                                            @brf:

                                            Estou com um problema parecido com o apresentado neste post, o Squid está autenticando no meu AD, dentro dos logs consigo ver o usuário. Criei 3 grupos no AD e repliquei eles no Group ACL do SquidGuard, porém nele os logs não aparecem as informações de usuário.

                                            Boa tarde Bruno,

                                            Se você validou os usuários no squid, então o problema pode ser pesquisa recursiva no A.D.. Eu tive dois problemas com isso:

                                            1- Como mencionado no meu post anterior, senha com o caractere @
                                            2- A porta 389 não me permitia fazer pesquisa recursiva no A.D., somente a porta 3268, com isso obtive sucesso.

                                            Faça esse teste e report aqui.

                                            att,

                                            Bruno Pinheiro.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.