Squid ,two subnets, domain login



  • Hello All,

    The setup:

    pfSense 1.2.3-RELEASE
    squid
    squiGuard
    LightSquid
    ,,X 2 ( one each two different buildings.)

    ,,Two school building connected via IPSEC vpn with the two pfSense boxes.
    Building A subnet 172.28.8.x
    Building B subnet 192.168.1.x

    Findings.
    This is not exactly pfSense specific,but more so Squid issue.  After several minutes of fumbling with squid trying to figure out why users * at Building B only*,that does an WIN2k3 domain login was getting "access denied" when opening their web browser,this is what I found. Just by accident i tried this( below) and made web browsing work.

    Documentation possibly:
    Simply had to enter the opposite subnet in each of the pfSense box's of the listed ACL  available in squid.
    There was no problem web browsing if logged into the same workstation as a local user.  
    The master domain controller resides in Building A, although there is a domain controller(replicating to Building A) residing at Building B as well. Each building uses its DC as the dns server.

    I can not for the life of me figure out why doing the domain login causes the squid running proxy server to have this behavior.

    Anyone?
    I am guessing possibly someone has this documented but I was unable to find this scenario on the site here.

    Edit:
    Showing my own stupidity here.:) After typing this up,,got to thinking I may have made up in GPO to force the proxy server (of Building A) in Active Directory,to a domain login. Sure ,enough, this was the case. Makes perfect sense after It hit me,that this is why the Building A subnet had to be allowed in ACL of Building B. Albeit that the Building B workstations do show up in LightSquid report of Building B pfSense box.
    Hope this makes sense.

    Thanks,
    Barry


Log in to reply