I got this working with help of Mat.
This link has the patch, all you need to do is apply it and recompile
squidguard.
http://www.shalla.de/mailman/private/squidguard/2010-December/001896.html
Thanks for help people.
2011/3/23 Jorge Armando Medina <jmedina_at_e-compugraf.com>:
> On 03/21/2011 01:17 PM, Go Wow wrote:
>> Hi,
>>
>> I have a setup of squid3 with ntlm authen and I use squidGuard 1.5 to
>> filter my web traffic. I know this is not a right place to post it, I
>> guess squidguard dev team is busy enhancing the product. Looking for
>> help from you guys.
>>
>> My squid3 is authenticating users properly and parsing all rules. The
>> problem is with squidguard which doesn't seem to filter out users.
>> below is my squidguard config.
>>
>>
>> dbhome /usr/local/squidGuard/db
>> logdir /usr/local/squidGuard/log
>> ldapbinddn "cn=Ldap,cn=Users,dc=domain,dc=com"
>> ldapbindpass secretpass
>> ldapcachetime 300
>> ldapprotover 3
>>
>>
>> src Allowed_Top_Mgmt {
>> ldapusersearch
>> "ldap://host.domain.com:3268/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Allowed_Full_Proxy_Users%2cou=Group%20Accounts%2cdc=domain%2cdc=com))"
>> }
>>
>> dest ads {
>> domainlist ads/domains
>> urllist ads/urls
>> redirect http://192.168.100.195/blocked.html
>> }
>> acl {
>> Allowed-Top-Mgmt {
>> pass !ads all
>> redirect http://192.168.100.195/blocked.html
>> }
>> default {
>> pass none
>> redirect http://192.168.100.195/blocked.html
>> }
>> }
>>
>> My squidguard logs have these messages.
>>
>>
>> [30393] (squidGuard): ldap_search_ext_s failed: Bad search filter
>> (params: dc=domain,dc=com, 2,
>> (&(sAMAccountName=domain\peter.hank)(memberOf=cn=Allowed_Full_Proxy_Users,ou=Group
>> Accounts,dc=domain,dc=com)), sAMAccountName)
>> [30393] Added LDAP source: domain%5cpeter.hank
>> [30393] DEBUG: sgFindUser called with: domain%5cpeter.hank
>>
>> peter.hank user is unable to access anything or any other user from
>> other group is not able to access anything. Peter.hank is a member of
>> the above defined group, I have cross checked it.
>
> I think the problem is with the filter, squid is passing the user as
> domain\username which
> is not recognized by squidguard as a valid user, you need to apply the
> patch suggested by
> Mathieu Parent , search the squidguard list archive for the topic:
> [Squidguard] Fwd: Stripping NT domain name or Kerberos Realm from user name
>
> For more info ask in the squidguard mailling list.
>
> Best regards.
>>
>> Please do give me some ways to test ldapuser. Some pointers would even work.
>>
>> Thanks
>
>
> --
> Jorge Armando Medina
> Computación Gráfica de México
> Web: http://www.e-compugraf.com
> Tel: 55 51 40 72, Ext: 124
> Email: jmedina_at_e-compugraf.com
> GPG Key: 1024D/28E40632 2007-07-26
> GPG Fingerprint: 59E2 0C7C F128 B550 B3A6 D3AF C574 8422 28E4 0632
>
>
>
Received on Wed Mar 23 2011 - 19:14:39 MDT
This archive was generated by hypermail 2.2.0 : Thu Mar 24 2011 - 12:00:04 MDT