Hi,
I have a setup of squid3 with ntlm authen and I use squidGuard 1.5 to
filter my web traffic. I know this is not a right place to post it, I
guess squidguard dev team is busy enhancing the product. Looking for
help from you guys.
My squid3 is authenticating users properly and parsing all rules. The
problem is with squidguard which doesn't seem to filter out users.
below is my squidguard config.
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
ldapbinddn "cn=Ldap,cn=Users,dc=domain,dc=com"
ldapbindpass secretpass
ldapcachetime 300
ldapprotover 3
src Allowed_Top_Mgmt {
ldapusersearch
"ldap://host.domain.com:3268/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Allowed_Full_Proxy_Users%2cou=Group%20Accounts%2cdc=domain%2cdc=com))"
}
dest ads {
domainlist ads/domains
urllist ads/urls
redirect http://192.168.100.195/blocked.html
}
acl {
Allowed-Top-Mgmt {
pass !ads all
redirect http://192.168.100.195/blocked.html
}
default {
pass none
redirect http://192.168.100.195/blocked.html
}
}
My squidguard logs have these messages.
[30393] (squidGuard): ldap_search_ext_s failed: Bad search filter
(params: dc=domain,dc=com, 2,
(&(sAMAccountName=domain\peter.hank)(memberOf=cn=Allowed_Full_Proxy_Users,ou=Group
Accounts,dc=domain,dc=com)), sAMAccountName)
[30393] Added LDAP source: domain%5cpeter.hank
[30393] DEBUG: sgFindUser called with: domain%5cpeter.hank
peter.hank user is unable to access anything or any other user from
other group is not able to access anything. Peter.hank is a member of
the above defined group, I have cross checked it.
Please do give me some ways to test ldapuser. Some pointers would even work.
Thanks
