Hey Ian, My client is indeed running ident; it's a winbox with an ident service installed on it. However, if I telnet to it from my firewall (telnet 192.168.0.2 auth) and enter "1 1 [enter]", I always get this as a respons: "0 , 0 : ERROR : UNKNOWN-ERROR" no matter what I enter upon connection. Slap me silly if I understand. No username or whatever info I might fine usefull.
As ident seems to be not-an-option at the moment, I think I'll skip it for the moment. Some background info: my firewall is a smoothwall corporate server version 2.0, for those whose bells are now ringing. I have absolutely no way of tuning the build-in squid, and am quite pleased with its performance in coop with squidguard as is. My thanks to all who have contributed to this discussion. Regards, Jaap. At 10:39 09/27/2002 +0200, Ian Spare wrote: >No, you're being confused I think. You can forget SquidGuard at this point, >your squid log isn't showing any ident so there's nothing to pass to the >redirector at all. Right after the IP address the first "-" ought to have >been the use rid returned by indent and it isn't, ergo there's no point >messing around with Squidguard right now. > >I'd check the client was running indent to start with, something like this >would work : > ># telnet slash-and-burn.domain.com auth >Trying 1.1.1.1 ... >Connected to slash-and-burn.eur.sas.com. >Escape character is '^]'. >1 1 >1 1 : USERID : UNIX : the-real-thing >Connection closed by foreign host. > >There's some useful stuff in the Squid FAQ. It's little strange it's not >working for you, SquidGuard is only a redirector so it's not really very >complex and ident in squid ought not to hard, from a distance I really would >suspect the obvious things like the client not running ident or squid >running in interception/transparent mode. > >Ian > >-----Original Message----- >From: Jaap Lelie [mailto:[EMAIL PROTECTED]] >Sent: Thursday, September 26, 2002 18:25 >To: Ian Spare; 'Neil Watson'; [EMAIL PROTECTED] >Subject: RE: ident > > >Shoot... >My squidguard isn't identing as well. I've followed your tips below, and >inserted a logentry to access.log. This is wat struck me as odd: > >192.168.0.2 - - [26/Sep/2002:18:16:37 +0200] "GET >http://msimg.com/m/r/footer_logo-md.gif HTTP/1.0" 200 1413 >TCP_CLIENT_REFRESH_MISS:DIRECT > >Does this :DIRECT somehow mean that things are bypassed? I also noted that >my all.log (where all dst rules are loggin to) isn't filled at all. >Permissions are set correctly; the log is filled as soon as I remove all >ident stuff. > >Cheers! >Jaap. > >At 09:20 09/25/2002 +0200, Ian Spare wrote: > > > >You say that squid never looks up the id of the user? Is that true? If it >is > >then you're quite obviously wasting your time messing around with > >SquidGuard. If ident is working then you should be getting stuff in the > >access.log for squid, the squid FAQ has plenty of stuff on this but very > >briefly: > > > >make sure squid isn't built with "disable-ident-lookups" > >have lines like this in the squid.conf > >acl all_ident ident src 0.0.0.0/0.0.0.0 > >ident_lookup_access allow all_ident > >cache_access_log /var/log/squid/access.log > > > >Then if you're not seeing lines like this in the access.log then I fail to > >see to how SquidGuard will work either: > > > >1032938238.110 703 1.1.1.1 TCP_CLIENT_REFRESH_MISS/200 1492 GET > >http://windowsupdate.microsoft.com/ident.cab username > >ROUNDROBIN_PARENT/aproxy.somewhere.com application/octet-stream > > > >-----Original Message----- > >From: Neil Watson [mailto:[EMAIL PROTECTED]] > >Sent: Wednesday, September 25, 2002 00:59 > >To: [EMAIL PROTECTED] > >Subject: ident > > > > > >Rick, > > > >Thanks for your help. Alas no luck. The ads.log and the porn.log are >never > >written to. I gather that squid and squidguard never look up the id of the > >user at the browser. Any suggestions. > > > >Neil Watson wrote: > > > I've been trying to make squid and squiguard play nice for hours. > > > Squid works fine on its own. I've installed squidguard to filter > > > adult content. Squidguard never idents the user and therefore uses > > > the default rule of deny. > > > > > >Rick Mathews wrote: > >I can help you get there. Make the changes to your config file > > > >that are marked below: > > > > > logdir /usr/local/squidGuard/log > > > dbhome /usr/local/squidGuard/db > > > > > > > > src neil { > > > ip 10.0.0.10 > > > user neil > > > } > > > > > > > > dest porn { > > > domainlist porn/domains > > > urllist porn/urls > > > > > > > >add> logfile porn.log > >add> redirect > >http://webserver/images/title.php?size=15&text=denied > > > > > > > } > > > > > > > > dest ads { > > > domainlist ads/domains > > > urllist ads/urls > > > > > > > >add> expressionlist ads.expressions # see attached > >add> logfile ads.log > >add> redirect http://webserver/images/1x1.gif # see > >attached > > > > > > > } > > > acl { > > > neil { > > > pass !ads !porn all > > > } > > > > > > > > default { > > > pass none > > > redirect http://webserver/images/title.php?size=15&text=denied > > > } > > > } > > > > > > > >Create: > >/usr/local/squidGuard/log/porn.log > >/usr/local/squidGuard/log/ads.log > >Give them the same ownership and permissions as squidGuard.log. > > > > > >- Make the config changes above and issue 'squid -k reconfigure'. > >- Check the messages in squidGuard.log for errors. > >- Enter a known-blocked porn url in your browser and hit enter. > >- The last (or one of the last) entries in squid's access.log will show > >the request, along with squid's understanding of your ip and ident. > >- The last entry in /usr/local/squidGuard/log/porn.log will show how > >squidGuard handled the request, including the ip and ident received > >from squid, and the source group and destination group from your > >squidGuard.conf file. > > > > > >-- > >Neil Watson > >Network Administrator > >watson-wilson.ca > > > > > >--- > >Incoming mail is certified Virus Free. > >Checked by AVG anti-virus system (http://www.grisoft.com). > >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002 > > > >--- >Incoming mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
--- Outgoing mail is certified Virus Free. http://www.lelie.net/notice.html Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
