On 23/03/11 22:25, Go Wow wrote:
Hi,
I have observed that squid3 when used with ntlm, passes the AD
usersname to squidguard in the below format
DOMAIN%5cUSERNAME
%5c represents " \ ". How do we overcome this, because squidguard is
trying to find username with the above format and off course its
failing.
Yes, usernames are URL-encoded to avoid binary and other reserved
characters like escape-\ which people seem to like putting in there.
You need to contact the squidGuard people.
Amos
Any workaround for this. I tried adding winbind seperator = \ in
smb.conf but still no luck,
On 21 March 2011 23:17, Go Wow<gowows@xxxxxxxxx> wrote:
Hi,
I have a setup of squid3 with ntlm authen and I use squidGuard 1.5 to
filter my web traffic. I know this is not a right place to post it, I
guess squidguard dev team is busy enhancing the product. Looking for
help from you guys.
My squid3 is authenticating users properly and parsing all rules. The
problem is with squidguard which doesn't seem to filter out users.
below is my squidguard config.
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log
ldapbinddn "cn=Ldap,cn=Users,dc=domain,dc=com"
ldapbindpass secretpass
ldapcachetime 300
ldapprotover 3
src Allowed_Top_Mgmt {
ldapusersearch
"ldap://host.domain.com:3268/dc=domain,dc=com?sAMAccountName?sub?(&(sAMAccountName=%s)(memberOf=cn=Allowed_Full_Proxy_Users%2cou=Group%20Accounts%2cdc=domain%2cdc=com))"
}
dest ads {
domainlist ads/domains
urllist ads/urls
redirect http://192.168.100.195/blocked.html
}
acl {
Allowed-Top-Mgmt {
pass !ads all
redirect http://192.168.100.195/blocked.html
}
default {
pass none
redirect http://192.168.100.195/blocked.html
}
}
My squidguard logs have these messages.
[30393] (squidGuard): ldap_search_ext_s failed: Bad search filter
(params: dc=domain,dc=com, 2,
(&(sAMAccountName=domain\peter.hank)(memberOf=cn=Allowed_Full_Proxy_Users,ou=Group
Accounts,dc=domain,dc=com)), sAMAccountName)
[30393] Added LDAP source: domain%5cpeter.hank
[30393] DEBUG: sgFindUser called with: domain%5cpeter.hank
peter.hank user is unable to access anything or any other user from
other group is not able to access anything. Peter.hank is a member of
the above defined group, I have cross checked it.
Please do give me some ways to test ldapuser. Some pointers would even work.
Thanks
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.11
Beta testers wanted for 3.2.0.5