Squid-reverse
-
I'm trying to get the dansguardian package and the squid-reverse package to work together using ntlm single sign on. In the guides I have it says this:
As Samba-3.x has it's own authentication helper there is no need to build any of the Squid
authentication helpers for use with Samba-3.x (and the helpers provided by Squid won't work if you
do). You do however need to enable support for the NTLM scheme if you plan on using this. Also
you may want to use the wbinfo_group helper for group lookups
–enable-auth="ntlm,basic"
--enable-external-acl-helpers="wbinfo_group"I'm not that familiar with how pfsense packages are compiled. Is the squid-reverse package compiled with these options? Or is that even the right question to ask? (trying to muddle my way though this to help)
-
i can't speak for the developer but here is the output of squid -v
Squid Cache: Version 3.1.19 configure options: '--with-default-user=squid' '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid/squid.pid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--disable-translation' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB squid_radius_auth LDAP SASL YP' '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' '--enable-ntlm-auth-helpers=smb_lm' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-storeio=ufs diskd aufs' '--enable-disk-io=AIO Blocking DiskDaemon DiskThreads' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-ssl-crtd' '--enable-icmp' '--enable-cache-digests' '--enable-wccpv2' '--enable-referer-log' '--enable-useragent-log' '--enable-arp-acl' '--enable-ipfw-transparent' '--enable-pf-transparent' '--enable-ipf-transparent' '--enable-follow-x-forwarded-for' '--disable-ecap' '--disable-loadable-modules' '--disable-kqueue' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1' 'build_alias=i386-portbld-freebsd8.1' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -rpath=/usr/lib:/usr/local/lib -L/usr/lib' 'CPPFLAGS=-I/usr/local/include' 'CXX=c++' 'CXXFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'CPP=cpp' --with-squid=/usr/ports/www/squid31/work/squid-3.1.19 --enable-ltdl-convenience
from what i can tell, the options are enabled
-
Oh… heh... still learning some commands. :) thx
-
I think It's build with all options except experimental.
-
I noticed when I start it manually that the package puts a parameter into squid.conf that squid doesn't know about. I get this when I restart the service:
2012/04/04 11:34:08| parseConfigFile: squid.conf:18 unrecognized: 'sslcrtd_children'
I looked up that parameter (http://www.squid-cache.org/Doc/config/sslcrtd_children/) and it shows it is available in 3.1 3.2 3.HEAD… so I did a /usr/local/sbin/squid -v and got this:
Squid Cache: Version 2.7.STABLE9
??? I installed it from the packages through the GUI... Why does Cino's show 3.1.19 and mine older? Is that the right version?
-
It is.
what packages do you have installed?
-
Just the following:
squid-reverse
dansguardian
sargAlso as you know I installed samba to try to get the ntlm working.
-
try reinstalling the "squid-reverse" package, maybe dansguardian installed the squid package as a dependency and overwrote your squid-reverse installed version.
-
Thanks! It is Dansguardian package that is causing it. I'll post what I found there.
-
Thanks! It is Dansguardian package that is causing it. I'll post what I found there.
Dansguardian force squid2 install by itself.
It's not on pfsense package instalation process.
I'm working on a squid3 as dependence for dansguardian, but it's not done yet.
-
Hi !
we'll have to have a look why the pbi's are not built :-(
sorry…Any news on the problem? I'd really like to try squid-reverse.
-
Thanks! It is Dansguardian package that is causing it. I'll post what I found there.
Dansguardian force squid2 install by itself.
It's not on pfsense package instalation process.
I'm working on a squid3 as dependence for dansguardian, but it's not done yet.
I just tested unloading both packages, then loading dansguardian first and squid-reverse second. This seems to be working on my setup now with the newer squid version (however still not able to filter based on ntlm user).
-
Hi all,
I've merged squid-rever and squid3 in only one package for pfsense 2.0 with reverse options in a brand new service-> reverse proxy menu.
Check screen shots on it's thread
http://forum.pfsense.org/index.php/topic,48347.0.htmlatt,
Marcello Coutinho