Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: taufan95 on November 23, 2017, 05:38:11 AM

Title: Dansguardian keeps asking user name password
Post by: taufan95 on November 23, 2017, 05:38:11 AM

Hi All.....

I already install Dansguardian, smeserver-dansguardian and dansguardian Panel on SME 9.
I use pam as user authentication
I set client to use auto detect proxy.....

but it keep asking for user name password even after entered them..... so i can't use the proxy.....

I did this in Vmware Workstation Environment.

did I miss some steps?

Could someone please help me?

Title: Re: Dansguardian keeps asking user nae password
Post by: Jean-Philippe Pialasse on November 23, 2017, 05:49:56 AM

Can you point what how to you followed?

Or explain what you did step by step both on sme server and on client.

Wihtout more information it will be hardto help you

Title: Re: Dansguardian keeps asking user nae password
Post by: janet on November 23, 2017, 05:58:36 AM

taufan95

Do the users have valid accounts on SME server ?

One of the wiki docs says:
 pam

set the browser to use http://proxy/proxy.pac, users are required to have valid accounts on the server and must enter their username/password to access the proxy.

Title: Re: Dansguardian keeps asking user nae password
Post by: taufan95 on November 23, 2017, 10:23:28 AM

Quote from: Jean-Philippe Pialasse on November 23, 2017, 05:49:56 AM

Can you point what how to you followed?

Or explain what you did step by step both on sme server and on client.

Wihtout more information it will be hardto help you

after installing Dansguardian, smeserver-dansguardian I install  dansguardian Panel
after that I input command
config setprop squid TransparentPort 8080
config setprop squid Transparent yes
config setprop dansguardian portblocking yes
signal-event post-upgrade; signal-event reboot

then
config setprop squid RequireAuth pam

then
expand-template /etc/squid/squid.conf
sv t /service/squid

last
signal-event post-upgrade; signal-event reboot

On the client side

I use Firefox and I input http://proxy/proxy.pac in automatic proxy configuration as sugested...... Still asking for password
the I try using manual proxy port 8080 ............. still asking Password...........

I already create user on the server .... I use that account and admin account still the same asking password

is this what you mean?

Title: Re: Dansguardian keeps asking user name password
Post by: taufan95 on November 24, 2017, 04:25:09 AM

any suggestion guys ??

Title: Re: Dansguardian keeps asking user name password
Post by: Jean-Philippe Pialasse on November 24, 2017, 10:00:01 PM

this pretty much what is described here: https://wiki.contribs.org/Dansguardian#Configuring_Proxy_to_use_Auth_login and
https://wiki.contribs.org/Dansguardian-panel#pam

just to be sure, you use a user and password that work to log on your SME ?

I would suggest to check your logs while trying to auth :

Code: [Select]

tail -f /var/log/messages

tail -f /var/log/squid/access.log

tail -f /var/log/squid.run/current

tail -f /var/log/dansguardian/access.log

tail -f /var/log/secure


Title: Re: Dansguardian keeps asking user name password
Post by: taufan95 on November 28, 2017, 11:38:20 AM

Quote from: Jean-Philippe Pialasse on November 24, 2017, 10:00:01 PM

just to be sure, you use a user and password that work to log on your SME ?

Yes, I use The account to log on to sme server

I did as suggested this is the results

tail -f /var/log/squid/access.log
1511864410.936      0 127.0.0.1 TCP_DENIED/407 4034 GET http://detectportal.firefox.com/success.txt - NONE/- text/html
1511864418.960      0 127.0.0.1 TCP_DENIED/407 4034 GET http://detectportal.firefox.com/success.txt - NONE/- text/html
1511864427.009      0 127.0.0.1 TCP_DENIED/407 4034 GET http://detectportal.firefox.com/success.txt - NONE/- text/html
1511864434.992      0 127.0.0.1 TCP_DENIED/407 4034 GET http://detectportal.firefox.com/success.txt - NONE/- text/html


tail -f /var/log/squid.run/current
@400000005a1d2b752b90560c Initializing squid cache...
@400000005a1d2b773537d144 2017/11/28 16:25:01| Creating Swap Directories


tail -f /var/log/dansguardian/access.log
2017.11.28 16:29:05 root 10.24.8.65 http://detectportal.firefox.com/success.txt *DENIED* Your username is not allowed to web browse: root GET 0 0 Banned User 1 403 -   -


tail -f /var/log/secure
Nov 28 17:14:33 psicargo unix_chkpwd[2782]: check pass; user unknown
Nov 28 17:14:33 psicargo unix_chkpwd[2783]: check pass; user unknown
Nov 28 17:14:33 psicargo unix_chkpwd[2783]: password check failed for user (admin)
Nov 28 17:14:33 psicargo (pam_auth): pam_unix(squid:auth): authentication failure; logname= uid=23 euid=23 tty= ruser= rhost=  user=admin

Title: Re: Dansguardian keeps asking user name password
Post by: Jean-Philippe Pialasse on November 28, 2017, 03:06:50 PM

everything works as expected.

you try to log as a user, he does not belongs to a group that has priviledges to surf on the web, browser ask you for a new user....


you need to use a regular user, not root, avoid admin. And set correctly SME groups and dansguardian filtering groups (f1, f2....)


as soon as you enforce authentication, dansguardian seek to the user membership and filtering is more important as the default setting without auth.