Squid Proxy + NTLM + squidguard problem!

Proxx · 12-03-2008, 05:39 AM

Hi there, i have a Squid proxy server 2.7 with NTLM verification

before i had the same setup but then with ldap but every time i open a page it is keep asking for passwords.

the NTLM thing kick ass. i never need to logon with password but still i am authenticated!

My Setup:

Ubuntu intrepid
P4 3.2Ghz
2GB Ram
40GB HDD

my Domain is KOBENL

the squid + NTLM Part is working

but i want to exclude people van accessing the Internet.
so in my access.log from squid is the line

Code:

1228303179.455     54 172.16.1.42 TCP_MISS/200 3396 GET http://www.google.nl/ KOBENL\marco DIRECT/74.125.79.103 text/html

before with ldap there was

Code:

1228303179.455     54 172.16.1.42 TCP_MISS/200 3396 GET http://www.google.nl/ marco DIRECT/74.125.79.103 text/html

this was my old squidGuard.conf files administrator part:

Code:

source admin {
        user            marco
        user            administrator
        user            chris
}

with NTLM the usersname that is displayed in the log is

KOBENL\marco so i thought is must change the name in the squidGuard.conf

Code:

source admin {
        user            KOBENL\marco
        user            KOBENL\administrator
        user            KOBENL\chris
}

the squidGuard crashes! apparently squidguard cant use a \ in the name.
on the regular expressions list on the squidguard web page they say the if you need the \ you need to type 2 slashes like: \\

but when i change the KOBENL\marco to KOBENL\\marco

the Pipe is still broken
(squidguard crashes)

there needs to be someway that i can block DOMAIN\users1 from internet but let DOMAIN\users2 visit the web?

OR maybe theres a way to change the output of the users name bat back to normal as i did see in a post from 2006

Quote:

Originally Posted by rowellb

Here's the access.log file, the first line is before NTLM authentication the second line is after.

Code:

1152863042.283 1 127.0.0.1 TCP_DENIED/407 1848 GET http://welcome.hp-ww.com/country/us/.../but_right.gif - NONE/- text/html
1152863110.079 274 127.0.0.1 TCP_MISS/200 1513 GET http://welcome.hp-ww.com/country/us/.../but_right.gif rowellb DIRECT/213.200.97.62 image/gif

Thanks.

[EDIT]------------------------------------------------------------

if you know an other linux based solution with Squid + NTLM + ContentFilter!

Like squid + NTLM + dansguarian
or an other content filter program it is also oke!

the main thing that we would like to do is block specific usernames from internet
block webpages with xx content and some social networking pages.

any help is appreciated !!!!

thanks in advance!