Squid + SquidGuard + AD

lgcosta

Try use de Catalog Global port from AD:

Referrall: http://www.squidguard.org/Doc/ldap-ad-tips.html

hans2k6

Hi,,
thx for your answer.

AD is not working. But anyway.

@nislink: you have to use squidguard for whitelisting. It is working fine.

lgcosta

First of all, I want to report that I found a bug in the squidguard
binary, which generates error in queries.

To do this, update the package failover by typing in console pfsense
or Diagnostics> command prompt, these two commands in sequence:

pkg_delete squidGuard-1.4_4
pkg_add -r http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz

Pay attention only to architecture cpu you use and select the package
corrected as the architecture:

http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz
http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-i386/All/squidGuard-1.4_4.tbz

Thus, the queries will not have more problems.

hans2k6

Hi man!

Thx! I will test it!

rgds

michlsuser

@hans2k6:

Hi all,

after one week of configuration and googling and reading n tutorials I decided to annoy you :P.

What do I want?
A proxy with different access groups managed by Active Directory.

Where is my problem?
As long as I'm letting LDAP off in SquidGuard it's working fine.
My groups are filtered by ip (just for testing to see if squidGuard is working).

I also tested squid alone - to check AD. And it's working.
When the user is the AD group he get's unrestricted access. When not, he doesn't get any access.

The problem occurred after turning on AD in squid guard. After that any user (after authentication against squid) gets full access and it seems like squid guard is ignoring all ACLs. Even the common default one.

Even when I setup everything to deny anything it is completely open.

can you maybe help me?

my ldap search string in squid guard for group acl is:

ldapusersearch ldap://192.168.0.1:389/DC=mydomain,DC=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=mydomain%2cDC=local))

on general tab it's:
cn=administrator,cn=Users,dc=mydomain,dc=local
Strip Kerberos Realm - enabled
Strip NT domain - enabled

Common ACL is:
whitelist !all

Now I have squid 2 and squid guard throw the packages menu installed.

I also reinstalled pfsense and tried the virtual alliance as well as squid3.

Maybe you can help me.

Many thanks + sorry for my englisch

Having the same problem. Is there already a working solution?

michlsuser

@michlsuser:

@hans2k6:

Hi all,

after one week of configuration and googling and reading n tutorials I decided to annoy you :P.

What do I want?
A proxy with different access groups managed by Active Directory.

Where is my problem?
As long as I'm letting LDAP off in SquidGuard it's working fine.
My groups are filtered by ip (just for testing to see if squidGuard is working).

I also tested squid alone - to check AD. And it's working.
When the user is the AD group he get's unrestricted access. When not, he doesn't get any access.

The problem occurred after turning on AD in squid guard. After that any user (after authentication against squid) gets full access and it seems like squid guard is ignoring all ACLs. Even the common default one.

Even when I setup everything to deny anything it is completely open.

can you maybe help me?

my ldap search string in squid guard for group acl is:

ldapusersearch ldap://192.168.0.1:389/DC=mydomain,DC=local?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=CN=it%2cCN=Users%2cDC=mydomain%2cDC=local))

on general tab it's:
cn=administrator,cn=Users,dc=mydomain,dc=local
Strip Kerberos Realm - enabled
Strip NT domain - enabled

Common ACL is:
whitelist !all

Now I have squid 2 and squid guard throw the packages menu installed.

I also reinstalled pfsense and tried the virtual alliance as well as squid3.

Maybe you can help me.

Many thanks + sorry for my englisch

Having the same problem. Is there already a working solution?

Sorry, my fault, now it works. thank you

michlsuser

@Luiz:

First of all, I want to report that I found a bug in the squidguard
binary, which generates error in queries.

To do this, update the package failover by typing in console pfsense
or Diagnostics> command prompt, these two commands in sequence:

pkg_delete squidGuard-1.4_4
pkg_add -r http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz

Pay attention only to architecture cpu you use and select the package
corrected as the architecture:

http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz
http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-i386/All/squidGuard-1.4_4.tbz

Thus, the queries will not have more problems.

I just tried to use your updated package. Unfortunatelly I was told, that there are some files missing on the server… (pkg_add -r http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz)

Could you upload the missing files?

akha666

plz help
after executing command```
pkg_add -r http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz

I got```
pkg_add: Command not found.

try with
pkg add  http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz
Fetching squidGuard-1.4_4.tbz: 100%  47 KiB  47.9kB/s    00:01   
pkg: /tmp/squidGuard-1.4_4.tbz.XXXXX is not a valid package: no manifest found

I download this package and copy pfsense , enter shell command and run

pkg add squidGuard-1.4_4.tbz
pkg: squidGuard-1.4_4.tbz is not a valid package: no manifest found

I'm on pfs 2.2, can you help me ???
I spend 3 weeks looking for best workaround to get squidGaurd apply filter with AD Groups

akha666

I give another try with pfs 2.0.3 , the pkg_add -r working but got another issue

[2.0.3-RELEASE][root@pfSense.localdomain]/usr/local/bin(24): pkg_add -r http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz
Fetching http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/squidGuard-1.4_4.tbz... Done.
Error: Unable to get http://www.mundounix.com.br/~gugabsd/pfsense/ports-8.1/packages-amd64/All/db41-4.1.25_4.tbz: Not Found
pkg_add: can't open dependency file '/var/db/pkg/db41-4.1.25_4/+REQUIRED_BY'!
dependency registration is incomplete

===================================================================
= In order to activate squidGuard you have to edit squid.conf
= To the contain "url_rewrite_program /usr/local/bin/squidGuard"
= and create a configuration file for squidGuard.
=
= On disinstallation if you want to completely remove the blacklists
= you will have to manually remove what remains in /var/db/squidGuard.
=
= To activate the changes do a /usr/local/sbin/squid -k reconfigure
===================================================================

akha666

@Luiz Gustavo , there is now other repositories working ???????