Wednesday, October 14, 2009

Dansguardian, ident and Windows clients

I manage a Ubuntu, LTSP setup and recently there was an issue where the Windows XP clients that use the Dansguardian web proxy stopped working. Since the issue was noticed some days after the change that casued it I did not realize the connection.

At some point I had enabled ident in the /etc/dansguardian/dansguardian.conf setting in order to record the user name of the person using the proxy. This worked as planned on the LTSP clients however the Windows XP clients stopped working. I figured it out when I noticed that the clients did not totally stop working but were in fact really slow.

The Dansguardian proxy was attempting to connect to Windows XP on port 113/tcp and the firewall was blocking the access. As a workaround I simply added a port exception in the Windows XP firewall to allow the proxy to connect to port 113/tcp. Since nothing was listening on that port Dansguardian instantly received a reply that the connection was refused and the proxy worked fine (with the exception of not being able to identify the user.

I now need to either find a Windows ident server or figure out how the ntlm authentication works in Dansguardian.