Topic: Dansguardian + NCSA-auth + Windows

[bloodshoteye]

Hi, all

When I activate Dansguardian with ncsa-auth on an updated SME 7.2 I wait more than 5 mins for Windows XP to ask for a password and user-name. Occurs with Firefox or ie6.
The XP box is properly joined to the Samba domain, and logged in. I installed Dansguardian according to the wiki, admittedly not the very latest rpm - I used the one prior to Dec 7.

In contrast, a linux (Ubuntu) box running  Firefox prompts immediately for credentials.

The forum is silent on this - would anyone hazard a guess as to what I could look for? Please ask if you need more details.

Thanks,

[Franco]

Is the client properly configured with the proxy settings? Dansguardian runs on a different port than Squid, so make sure you have the right port and not 3128 which is squid's default.

[bloodshoteye]

'sfunny, can't insert quote code? - and I can't remember the syntax (blush)

Stuntshell, I tried "Auto detect proxy server" and as another test I inserted the server's IP address and port 8080.
Both scenarios make the client wait more than 5 mins.

[raem]

ardugh

'sfunny, can't insert quote code? - and I can't remember the syntax (blush)

Click on the quote link on top right of original post
or
use the second last button called Insert Quote
or
otherwise manually write the start & finish delimiters, as follows but without spaces (only written here to allow them to be displayed here).

[ quote ]  text [ /quote ]

[bloodshoteye]

Click on the quote link on top right of original post
or
use the second last button called Insert Quote

Tried both the first time, thanks. Neither are working. Perhaps an issue with Firefox. I must try on another  PC - just had a thought. Must check to see if Dansguardian is preventing JScript code...
I've manually quoted the above - thanks for the syntax.

EDIT: Quoting issue was due to .js and .jse being blocked by Dansguardian - I had reverted to default install configs during a testing phase 

However, this does not solve my original issue - why do XP clients wait more than 5 mins before they can authenticate against Dansguardian + ncsa-auth 
All installation & configuration done according to the Wiki.

[raem]

ardugh

...why do XP clients wait more than 5 mins before they can authenticate

I can only make a guess, a firewall issue on your XP clients, more blocked file types, DNS issues with finding your server.

[bloodshoteye]

I can only make a guess, a firewall issue on your XP clients, more blocked file types, DNS issues with finding your server.

Thanks for these pointers. I made sure:
1) Windows firewall is off
2) XP is on DHCP
3) User is logged into Samba domain via XP pc
4) WAN connection is up
5) User has credentials in /etc/proxyusers
6) Server reconfigured and rebooted

Of note: Client can access web-based mail (running on same box) with no auth other than usual log in to access mail.
 
EDIT: 11:30am
Also tried auth-pam. No auth dialog form appears at all on the XP pc. After a long time a "Cache Denied" message is given:
"Sorry, you are note allowed to access http://blah.tld until you have authenticated yourself"

I'm going to systematically turn off all extension blocking in "bannedextenlist" and report back.

[raem]

ardugh

Is your sme server's IP specified as the workstations DNS server.
Is your sme server configured to be the DNS server for the network, rather than some external DNS server.

[Stefano]

2) XP is on DHCP
3) User is logged into Samba domain via XP pc

in my experience when clients are in domain, fixed ip's and expecially fixed dns (sme's ip) entry are recommended.

HTH

Ciao

Stefano

[bloodshoteye]

Is your sme server's IP specified as the workstations DNS server.

Yes

Is your sme server configured to be the DNS server for the network, rather than some external DNS server.

Yes, and set to resolve locally.

I also made sure there wasn't a strange/unwanted entry in the workstation's hosts file.

[bloodshoteye]

in my experience when clients are in domain, fixed ip's and expecially fixed dns (sme's ip) entry are recommended.

I did that via the Hostnames and addresses panel and assigned a static DHCP address.
Windows Ipconfig shows all necessary TCP details are in order.

EDIT
Strange - according to the Wiki, running
/usr/lib/squid/ncsa_auth /etc/proxyusers
should produce ERR or OK after entering a username & password
I get no response - just a flashing cursor and cannot therefor enter anything.
 

[raem]

ardugh

I don't use ncsa auth, but I think the syntax is like this.

Enter your original passwords with inverted commas around them eg
htpasswd -b /etc/proxyusers username "password"

When you test the password file do
/usr/lib/squid/ncsa_auth /etc/proxyusers
you will then see no command cursor so just type in your username & password combination on the same line
username password
press Enter
then if correct you see
OK
or if incorrect you see
ERR Wrong password
When finished testing all passwords, to exit press
Ctrl c

[bloodshoteye]

When you test the password file do
/usr/lib/squid/ncsa_auth /etc/proxyusers
you will then see no command cursor so just type in your username & password combination on the same line
username password
press Enter
then if correct you see
OK
or if incorrect you see
ERR Wrong password

Good (and thanks for the pointer, Ray) - works as advertised.
Stupidly, I was waiting to be asked a question instead of volunteering a username and password combo.

Has anyone experienced the 5 or more minutes delay I have for a login to ncsa_auth? This is very irritating, and maybe my error somewhere 
So far the advice given has not solved this.

 

[stephen noble]

ncsa does login immediately if it is configured correctly

double check
http://wiki.contribs.org/Dansguardian#Using_Ident_login

[bloodshoteye]

ncsa does login immediately if it is configured correctly

double check
http://wiki.contribs.org/Dansguardian#Using_Ident_login

Does this mean I need to use Ident login on the workstation in order for ncsa_auth to work?