Hi, Here my configuration. What seems to be the link between SQUID and dansguardian is this line cache_peer 127.0.0.1 parent 8080 7 no-query no-digest no-netdb-exchange Wich squid 3.3 reject (among other thing) /home/sysres01>more /etc/squid/squid.conf http_port 3128 cache_peer 127.0.0.1 parent 8080 7 no-query no-digest no-netdb-exchange acl NOBELAMBRA url_regex -i "/etc/squid3/nocache.url" cache deny NOBELAMBRA cache_mem 512 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 32 MB minimum_object_size 0 KB maximum_object_size_in_memory 256 KB # 256 KB ipcache_size 4096 ipcache_low 90 ipcache_high 95 fqdncache_size 4096 cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA cache_dir ufs /var/spool/squid3 3120 16 256 cache_access_log /var/log/squid3/access.log cache_log /var/log/squid3/cache.log cache_store_log none emulate_httpd_log off log_mime_hdrs off debug_options ALL,1 33,0 29,1 log_fqdn on client_netmask 255.255.255.255 #ftp_user proxy@xxxxxxxxxxxxxxxx #ftp_list_width 128 #ftp_passive on #ftp_sanitycheck on dns_retransmit_interval 2 seconds #JV 18/10/2011 pour corsica dns_timeout 20 secondes #AUTHENFICATION: get user/passwd auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 8 auth_param basic realm AD2003.INTRA auth_param basic credentialsttl 4 hours auth_param basic casesensitive off #Appertenance aux groupes AD2003 external_acl_type ad_group %LOGIN /usr/lib/squid3/wbinfo_group.pl authenticate_cache_garbage_interval 1 hour authenticate_ttl 1 hour authenticate_ip_ttl 3600 seconds request_header_max_size 200 KB refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 quick_abort_min -1 KB quick_abort_max 128 KB quick_abort_pct 95 negative_ttl 1 minutes positive_dns_ttl 6 hours negative_dns_ttl 2 minute range_offset_limit 0 KB connect_timeout 4 minute request_timeout 5 minutes persistent_request_timeout 60 second shutdown_lifetime 10 seconds #acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl SSL_ports port 8000 # https acl SSL_ports port 8080 # https acl SSL_ports port 873 # rsync acl Safe_ports port 80 4280 # http acl Safe_ports port 8000 8080 # http acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny CONNECT !SSL_ports http_access allow CONNECT SSL_ports acl proxy dst 192.168.1.5/32 http_access allow proxy http_access deny to_localhost acl Authenticated proxy_auth REQUIRED #acces non filtré pour www-directaccees: ne passe pas par DANSGUARDIAN acl directaccess external ad_group www-directaccess #accès filtré passe par DANSGUARDIAN acl activefilter external ad_group www-activefilter #Pas d'authentification ni de DANSGUARDIAN pour ces domaines acl directurls dstdomain "/etc/squid3/directurls" http_access allow directurls always_direct allow directurls http_access allow localhost acl restrictedfilter01 external ad_group www-restricted01 acl restrictedfilter02 external ad_group www-restricted02 acl goodsites01 url_regex "/etc/squid3/contentlist01" acl goodsites02 url_regex "/etc/squid3/contentlist02" http_access deny !Safe_ports activefilter http_access deny !Safe_ports restrictedfilter01 http_access deny !Safe_ports restrictedfilter02 http_access allow goodsites01 restrictedfilter01 http_access allow goodsites02 restrictedfilter02 http_access allow directaccess always_direct allow directaccess http_access allow activefilter http_access allow directaccess SSL_ports http_access allow activefilter SSL_ports http_access deny restrictedfilter01 http_access deny restrictedfilter02 http_access deny !Authenticated !localhost http_access deny all http_reply_access allow all icp_access allow all #cache_peer_access puck allow activefilter #cache_peer_access puck deny all reply_header_max_size 20 KB cache_mgr exploitation_dsi@xxxxxxxxxxx cache_effective_user proxy cache_effective_group proxy visible_hostname belambra cachemgr_passwd proxy all always_direct allow localhost always_direct allow directurls never_direct allow activefilter forwarded_for off never_direct deny all error_directory /var/hera/squiderrors coredump_dir /var/spool/squid3 client_persistent_connections on server_persistent_connections on detect_broken_pconn on pipeline_prefetch on -----Message d'origine----- De : Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Envoyé : jeudi 4 avril 2013 13:28 À : squid-users@xxxxxxxxxxxxxxx Objet : Re: RE: Upgrading SQUID from 3.1.6 to 3.1.23 -working now- On 4/04/2013 9:56 p.m., Vernet Jerome wrote: >>> Now, I will try 3.3. Lot of change have to be made in my squid.conf. > Managed to have a build OK, but with my squid.conf, it do not work at > all with >>> dansguardian and ntlm_auth. >> What do you mean? what is the new problem? > Well, ntlm_auth (or) and AD2003 group access ACL do not work anymore > like it was done in my 3.1 config. Removed. > Then, the way the configuration was done (not by me) to make work > Dansguardian and SQUID do not work anymore (see my previous squid.conf > message). You said you had them together, but I see no details in this thread about how they were connected. Squid and DG are completely separate proxies, so there are a few ways to set them up and several ways to do auth through each of those setups. Erm. "SQUID" is an electonic curcuit type. ;-) > For the moment, I cannot figure how I can make it work again with > SQUID 3.3. There should be no difference. But if you can share the config details I'm happy to have a look at it for you. Amos
