How to Install and configure Dansguardian with NTLM auth and multi-group Filtering on

Discussion in 'HOWTO-Related Questions' started by hjk_ym, Jul 3, 2008.

  1. hjk_ym

    hjk_ym New Member


    I have followed this guide to the best of my ability and can't seem to get over a hurdle. In squid.conf we set it it listen on ports 3128 and 8080. We set dansguardian.conf with a filter port of 3130 and proxy port of 3128.

    So it goes browser 8080 --> squid 8080 ?

    How does it get to dansguardian's filter port 3130? Mine seems to work fine authenticating and all, but I can't block anything.

    Thanks if you can help. :)
    btw, 8.04
  2. ColonelPanic

    ColonelPanic New Member

    ...I second that!

    I would like an answer to this too if anyone knows. I'm hard at work trying to figure it out for myself, but I'm a bit thick so this could take a while.

  3. ColonelPanic

    ColonelPanic New Member


    Oh, and from my understanding the ports involved are 8081(DG) 3128(DGtoSquid) 8080(Proxy Port) Am I wrong? Thanks,

  4. ColonelPanic

    ColonelPanic New Member

    one more thing

    Sorry for all the replies, but I need to get my post count above three so I can ask the author himself. Thanks,

  5. debiandabbler

    debiandabbler New Member

    I too am trying this solution, but I cannot get DG to connect to Squid.... "Error connecting to parent proxy"

  6. ColonelPanic

    ColonelPanic New Member

    How closely did you follow the howto? I'm finding that the latest version of Debian with base system only doesn't even have the right repos for an apt-get installation of DG. Can you confirm that DG is running, and how many nics do you have in the computer?

  7. debiandabbler

    debiandabbler New Member

    Silly me!!!! Squid wasn't running.... Fixed now, but everything is blocked.. How do the filter groups tie up with Active directory groups?

    Squid is set to 3128 localhost. DG Filter IP ***.***.***.****:8081 and Proxy IP

    Last edited: Aug 7, 2008
  8. ColonelPanic

    ColonelPanic New Member

    Ha! we're having exactly the opposite problem. I'm able to get squid to check AD and NTLM to authenticate, but DG wont work right. Try this:

    server:~# wbinfo -g
    server:~# wbinfo -u

    These two commands should check whether or not you're cool with Active Directory. You did join your domain already, right? Oh, and if you were able to install DG from apt-get, please send me a copy of your /etc/apt/sources.list file. Thanks!

  9. debiandabbler

    debiandabbler New Member

  10. ColonelPanic

    ColonelPanic New Member

    cool, thank you for that file.

    So as I understand it, NTLM is a user-level authentication. You'll still need to add AD usernames to the usergroupslist file under /etc/dansguardian. I don't know how to get squid to look so far into AD as to be able to determine group membership of the user. Another authentication method is IDENT, but I have no idea how that works or what it does. you should be able to simplify the addition of usernames to the config file by using the wbinfo command and piping it to a text file, but I haven't gotten quite that far yet. BTW, I'm starting over from scratch to try and get a handle on how exactly this thing is put together. I have been corresponding with the original author (and I'll post the transcript here once the questions are answered for other users to see) but I'm still a bit confused as to how the process works. I think I need a flowchart.

    I do have a few questions for you to see how your experience has differed from mine:

    Did all the line numbers that the howto told you to change match up to the line numbers in your config files? (dansguardian.conf, squid.conf, etc)

    Were you able to install DG from the repository, and did you get the spelling error for resolvEconf (notice the "E") when installing things in the beginning?

    When you did get DG installed, then installed the webmin module, was it compatible with your version of DG? Mine wasn't, but I got DG from another source since it wasn't in my repositories.

    Thanks for collaborating, let me know if you have any more questions and I'll try to answer them with my meager linux knowledge. :D



    Here's my default sources.list file from a base install of etch:

    deb cdrom:[Debian GNU/Linux 4.0 r4 _Etch_ - Official i386 DVD Binary-1 20080726$

    deb etch/updates main contrib
    deb-src etch/updates main contrib
    Last edited: Aug 7, 2008
  11. debiandabbler

    debiandabbler New Member

    Not all the line numbers matched in the squid conf, especially for "lines 1791 through 1783" in the how-to, so i just changed everything for ntlm and basic, lines 1792 - 1794 and 1801 to 1803, as it seemed logical.

    resolv.conf was already installed and since my nameserver is also a domain controller i didn't neeed to alter the entries.

    "apt-get install dansguardian" worked for me.

    I can't remember where I got my dg webmin module, sorry...

    Thanks for the tip with usergrouplist...

  12. andrewm659

    andrewm659 New Member

    I'm having a hard time following some of the Howto. Not all of the lines match up in all the config files, llike the smb.conf, what exactly am i looking for? What specific lines do I need to change? Can someone who ahs set this please help me out?

Share This Page