No, you're being confused I think. You can forget SquidGuard at this point, your squid log isn't showing any ident so there's nothing to pass to the redirector at all. Right after the IP address the first "-" ought to have been the use rid returned by indent and it isn't, ergo there's no point messing around with Squidguard right now.
I'd check the client was running indent to start with, something like this would work : # telnet slash-and-burn.domain.com auth Trying 1.1.1.1 ... Connected to slash-and-burn.eur.sas.com. Escape character is '^]'. 1 1 1 1 : USERID : UNIX : the-real-thing Connection closed by foreign host. There's some useful stuff in the Squid FAQ. It's little strange it's not working for you, SquidGuard is only a redirector so it's not really very complex and ident in squid ought not to hard, from a distance I really would suspect the obvious things like the client not running ident or squid running in interception/transparent mode. Ian -----Original Message----- From: Jaap Lelie [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 18:25 To: Ian Spare; 'Neil Watson'; [EMAIL PROTECTED] Subject: RE: ident Shoot... My squidguard isn't identing as well. I've followed your tips below, and inserted a logentry to access.log. This is wat struck me as odd: 192.168.0.2 - - [26/Sep/2002:18:16:37 +0200] "GET http://msimg.com/m/r/footer_logo-md.gif HTTP/1.0" 200 1413 TCP_CLIENT_REFRESH_MISS:DIRECT Does this :DIRECT somehow mean that things are bypassed? I also noted that my all.log (where all dst rules are loggin to) isn't filled at all. Permissions are set correctly; the log is filled as soon as I remove all ident stuff. Cheers! Jaap. At 09:20 09/25/2002 +0200, Ian Spare wrote: >You say that squid never looks up the id of the user? Is that true? If it is >then you're quite obviously wasting your time messing around with >SquidGuard. If ident is working then you should be getting stuff in the >access.log for squid, the squid FAQ has plenty of stuff on this but very >briefly: > >make sure squid isn't built with "disable-ident-lookups" >have lines like this in the squid.conf >acl all_ident ident src 0.0.0.0/0.0.0.0 >ident_lookup_access allow all_ident >cache_access_log /var/log/squid/access.log > >Then if you're not seeing lines like this in the access.log then I fail to >see to how SquidGuard will work either: > >1032938238.110 703 1.1.1.1 TCP_CLIENT_REFRESH_MISS/200 1492 GET >http://windowsupdate.microsoft.com/ident.cab username >ROUNDROBIN_PARENT/aproxy.somewhere.com application/octet-stream > >-----Original Message----- >From: Neil Watson [mailto:[EMAIL PROTECTED]] >Sent: Wednesday, September 25, 2002 00:59 >To: [EMAIL PROTECTED] >Subject: ident > > >Rick, > >Thanks for your help. Alas no luck. The ads.log and the porn.log are never >written to. I gather that squid and squidguard never look up the id of the >user at the browser. Any suggestions. > >Neil Watson wrote: > > I've been trying to make squid and squiguard play nice for hours. > > Squid works fine on its own. I've installed squidguard to filter > > adult content. Squidguard never idents the user and therefore uses > > the default rule of deny. > > >Rick Mathews wrote: >I can help you get there. Make the changes to your config file > >that are marked below: > > > logdir /usr/local/squidGuard/log > > dbhome /usr/local/squidGuard/db > > > > > src neil { > > ip 10.0.0.10 > > user neil > > } > > > > > dest porn { > > domainlist porn/domains > > urllist porn/urls > > > >add> logfile porn.log >add> redirect >http://webserver/images/title.php?size=15&text=denied > > > > } > > > > > dest ads { > > domainlist ads/domains > > urllist ads/urls > > > >add> expressionlist ads.expressions # see attached >add> logfile ads.log >add> redirect http://webserver/images/1x1.gif # see >attached > > > > } > > acl { > > neil { > > pass !ads !porn all > > } > > > > > default { > > pass none > > redirect http://webserver/images/title.php?size=15&text=denied > > } > > } > > > >Create: >/usr/local/squidGuard/log/porn.log >/usr/local/squidGuard/log/ads.log >Give them the same ownership and permissions as squidGuard.log. > > >- Make the config changes above and issue 'squid -k reconfigure'. >- Check the messages in squidGuard.log for errors. >- Enter a known-blocked porn url in your browser and hit enter. >- The last (or one of the last) entries in squid's access.log will show >the request, along with squid's understanding of your ip and ident. >- The last entry in /usr/local/squidGuard/log/porn.log will show how >squidGuard handled the request, including the ip and ident received >from squid, and the source group and destination group from your >squidGuard.conf file. > > >-- >Neil Watson >Network Administrator >watson-wilson.ca > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
