SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001616: Dansguardian should enable ntlm authplugin when using ntlm auth in squid - MantisBT Endian Bugtracker
Endian Issue Tracker

Please see now our new Bugtracker system: JIRA

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001616Endian FirewallProxy HTTPpublic2009-02-24 14:192010-01-21 18:17
Assigned Tosimon-endian 
StatusclosedResolutionno change required 
PlatformOSOS Version
Product Version 
Target VersionfutureFixed in Version 
Summary0001616: Dansguardian should enable ntlm authplugin when using ntlm auth in squid
DescriptionBy default when enabling NTLM Proxy username are not passed to dansguardian.
The only auth plugin enabled by default is ip.conf

When enabling NTLM Proxy auth dansguardian.conf should uncomment proxy-basic and proxy-ntlm in auth plugins section.

This way we can see which username got blocked in the Content Filter logs.
Additional InformationWorkaround: manually uncomment
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
authplugin = '/etc/dansguardian/authplugins/proxy-ntlm.conf'

in /etc/dansguardian/dansguardian.conf.tmpl and restart danguardian.

Now you should see the usernames in the content filter logs.

TagsNo tags attached.
Attached Files

- Relationships

-  Notes
simon-endian (developer)
2009-06-08 17:45

will test it with 2.3, but am not shure if it is compatible with the ip auth we use for multiple dansguardian profiles.
peter-endian (administrator)
2009-06-11 15:14

needs definitely the localip patch implemented also for ntlm authplugin. currently it is made only for ip authplugin.

I'm also unsure if it's really necessary to use NTLM here, since authentication already has been done. It's only about the username and the username will always be passed to the parent (login=*:password) since it is a normal proxy-auth header.

It's also to check if squid would pass the whole NTLM header to dansguardian.
peter-endian (administrator)
2010-01-21 18:17

dansguardian does not know anything about NTLM.

- Issue History
Date Modified Username Field Change
2009-02-24 14:19 bonald New Issue
2009-02-24 14:19 bonald Assigned To => simon-endian
2009-06-08 17:45 simon-endian Note Added: 0002506
2009-06-08 17:45 simon-endian Status new => assigned
2009-06-09 20:20 peter-endian Relationship added child of 0001921
2009-06-11 15:14 peter-endian Note Added: 0002585
2009-09-03 17:23 peter-endian Relationship deleted child of 0001921
2009-11-25 17:34 peter-endian Target Version => future
2010-01-21 18:17 peter-endian Note Added: 0003689
2010-01-21 18:17 peter-endian Status assigned => closed
2010-01-21 18:17 peter-endian Resolution open => no change required

Copyright © 2005-2008 Endian, SRL. All rights reserved.

Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker