• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Squid authentication + Dansguardian (not NTLM)

Scheduled Pinned Locked Moved pfSense Packages
5 Posts 3 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    ZGruk
    last edited by Dec 30, 2013, 5:02 PM

    Trying to set up some sort of authentication with squid and Dansguardian (to have different Dansguardian filter levels based on user). I know I could probably do it by IP address, but I'd prefer to have some sort of login mechanism. I don't want to do Active Directory (NTLM), since I don't have a server for that. I've tried implementing squid's "local" authentication mechanism, but even after enabling the appropriate Dansguardian auth plugins (Auth-Basic and/or Auth-Digest, I believe) it doesn't work. I've also tried implementing LDAP (I do have a server with that) and it didn't seem to work either, but I may not have done it correctly.

    Does anybody been successful with the "local" squid authentication combined with Dansguardian? Or, less ideally, LDAP? Or maybe I could do it with Captive Portal somehow. Suggestions are welcome.

    1 Reply Last reply Reply Quote 0
    • ?
      Guest
      last edited by Dec 31, 2013, 11:31 AM

      Local auth with Squid should just work although remember that you may have a different port to proxy through when using authentication.  This may be your issue.  Its also important to note that if you use authentication you've got to configure proxy settings; authentication doesn't work with interception (ie: transparent) proxying.

      1 Reply Last reply Reply Quote 0
      • Z
        ZGruk
        last edited by Dec 31, 2013, 3:06 PM

        Local auth does "just work" if I configure my browser to point to squid, but then traffic doesn't get filtered by Dansguardian. Reading documentation and forum posts has given me the impression that enabling an auth plugin in Dansguardian will make it pass the auth attempt through to squid to allow it to work, but that hasn't been the case for me so far.

        1 Reply Last reply Reply Quote 0
        • Z
          ZGruk
          last edited by Dec 31, 2013, 5:21 PM

          Figured it out. You have to configure the proxy settings to point directly to dansguardian (port 8080) instead of port forwarding from 80 to 8080. Still working on trying to get WPAD configured, but at least I know how to make it work.

          1 Reply Last reply Reply Quote 0
          • R
            ryanpg
            last edited by Jul 14, 2014, 3:43 PM

            @ZGruk:

            You have to configure the proxy settings to point directly to dansguardian (port 8080) instead of port forwarding from 80 to 8080.

            Sorry for the thread resurrection. I'm not clear how to do this. Is the setting changed in squid? Or is it a firewall/NAT rule that I have to write. Any chance you (or anyone) can post more detailed steps.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              [[user:consent.lead]]
              [[user:consent.not_received]]