Windows Domain ciscotr.com olsun. Domainde domain controller ismi dcontroller.ciscotr.com olacaktır. Bu girdilere göre gerekli conf dosyaları aşağıdadır .

4000 kullanıcıyı eş zamanlı nete çıkarmaya yeterli olmakta ve sorunsuz çalışmaktadır.



/etc/krb5.conf
----------------------------------------------------------------------------

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = CISCOTR.COM
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes

[realms]

CISCOTR.COM = {
kdc = dcontrolleradı.ciscotr.com
admin_server = dcontrolleradı.ciscotr.com
default_domain = dcontrolleradı.ciscotr.com
}

[domain_realm]
ciscotr.com = CISCOTR.COM
.ciscotr.com = CISCOTR.COM

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}




/etc/nssswitch.conf

------------------------------------------------


passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus
sudoers: files ldap


/etc/ntp.conf
------------------------------------------------------------


restrict default kod nomodify notrap nopeer noquery
restrict 127.0.0.1
restrict -6 ::1
server 127.127.1.0
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
keys /etc/ntp/keys
server 192.168.0.x
restrict 192.168.0.x mask 255.255.255.255 nomodify notrap noquery
noquery

/etc/samba/smb.conf
---------------------------------------




# NOT: BU DOSYADA DEGISIKLIK YAPTIKTAN SONRA "testparm" KOMUTUNU CALISTIR BAK BAKALIM HATA VAR MI.




#======================= Global Settings =====================================

[global]
#--authconfig--start-line--

# Generated by authconfig on 2013/07/29 13:03:32
# DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--)
# Any modification may be deleted or altered by authconfig in future

workgroup = ciscotr
password server = 192.168.0.x ### (dc ip adresi)
realm = CISCOTR.COM
security = domain
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
#idmap uid = 16777216-33554431
#idmap gid = 16777216-33554431
#template shell = /sbin/nologin
#winbind offline logon = false

#--authconfig--end-line--



# --------------------------- Printing Options -----------------------------

load printers = yes
cups options = raw



#============================ Share Definitions ==============================

[homes]
comment = Home Directories
browseable = no
writable = yes

[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes




/etc/squid/squid.conf (ntlm+basic auth)
--------------------------------------------------------------


Bu dosyalardan sonra service samba restart edin. /var/cache/samba/winbindd_privileged dosyasına read write ve exec yetkısı verın . Winbind restart edin.

Sonra kinit [email protected]
net ads join -U Administarator

net ads test join

Sonuç " Join OK " ise makina domaindedir.

Şimdi bir reboot edin.

Açılınca wbinfo -u dediğinizde ad userlarını çekiyorsa tmmdır.



###############------SQUID 2.6.STABLE21----###################

###############------KIMLIK DOGRULAMA------###################
#------------------------------------------------------------#

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 8 hours
auth_param basic casesensitive off

####### TAG: authenticate_cache_garbage_interval ######
#Default:
# authenticate_cache_garbage_interval 1 hour

####### TAG: authenticate_ttl ######
#Default:
# authenticate_ttl 1 hour

######## TAG: authenticate_ip_ttl ########
#Default:
# authenticate_ip_ttl 0 seconds


######################--------ERISIM KONTROL-----------#####################
# --------------------------------------------------------------------------#

######TANIMLANAN ACL'LER########
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl NETKULLANICILARI proxy_auth REQUIRED

########UYGULANAN ACL'LER#######
http_access allow NETKULLANICILARI
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny to_localhost
http_access allow localhost
http_access deny all

# http_reply_access allow all


# TAG: icp_access
#Default:
# icp_access deny all

#Allow ICP queries from everyone
icp_access allow all



##############------- OPTIONS FOR X-Forwarded-For---------##################
# -------------------------------------------------------------------------#

#Default:
# follow_x_forwarded_for deny all


# TAG: acl_uses_indirect_client on|off
#Default:
# acl_uses_indirect_client on


# TAG: delay_pool_uses_indirect_client on|off
#Default:
# delay_pool_uses_indirect_client on


# TAG: log_uses_indirect_client on|off
#Default:
# log_uses_indirect_client on


#####################-------- NETWORK OPTIONS-----------#######################
# ----------------------------------------------------------------------------#


http_port 3128




#####################----------SSL OPTIONS----------------#####################
# ----------------------------------------------------------------------------#

# TAG: ssl_unclean_shutdown
#Default:
# ssl_unclean_shutdown off


# TAG: sslproxy_version
#Default:
# sslproxy_version 1




##############3OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM###########
# ----------------------------------------------------------------------------#


# TAG: dead_peer_timeout (seconds)
#Default:
# dead_peer_timeout 10 seconds


# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?


############################# MEMORY CACHE OPTIONS ############################
# ----------------------------------------------------------------------------#

# TAG: cache_mem (bytes)
#Default:
# cache_mem 8 MB


# TAG: maximum_object_size_in_memory (bytes)
#Default:
# maximum_object_size_in_memory 8 KB


# TAG: memory_replacement_policy
#Default:
# memory_replacement_policy lru


############################## DISK CACHE OPTIONS #############################
# ----------------------------------------------------------------------------#

# TAG: cache_replacement_policy
#Default:
# cache_replacement_policy lru

# TAG: cache_dir
#Default:
# cache_dir ufs /var/spool/squid 100 16 256


# TAG: store_dir_select_algorithm
#Default:
# store_dir_select_algorithm least-load

# TAG: max_open_disk_fds
#Default:
# max_open_disk_fds 0


# TAG: minimum_object_size (bytes)
#Default:
# minimum_object_size 0 KB


# TAG: maximum_object_size (bytes)
#Default:
# maximum_object_size 4096 KB


# TAG: cache_swap_low (percent, 0-100)
# TAG: cache_swap_high (percent, 0-100)
#Default:
# cache_swap_low 90
# cache_swap_high 95


############################### LOGFILE OPTIONS ###############################
# ----------------------------------------------------------------------------#


# TAG: access_log
access_log /var/log/squid/access.log squid

# TAG: cache_log
#Default:
# cache_log /var/log/squid/cache.log

# TAG: cache_store_log
#Default:
# cache_store_log /var/log/squid/store.log

# TAG: logfile_rotate
#Default:
# logfile_rotate 0

# TAG: emulate_httpd_log on|off
#Default:
# emulate_httpd_log off

# TAG: log_ip_on_direct on|off
#Default:
# log_ip_on_direct on

# TAG: mime_table
#Default:
# mime_table /etc/squid/mime.conf

# TAG: log_mime_hdrs on|off
#Default:
# log_mime_hdrs off

# TAG: pid_filename
#Default:
# pid_filename /var/run/squid.pid

# TAG: debug_options
#Default:
# debug_options ALL,1

# TAG: log_fqdn on|off
#Default:
# log_fqdn off

# TAG: client_netmask
#Default:
# client_netmask 255.255.255.255

# TAG: strip_query_terms
#Default:
# strip_query_terms on

# TAG: buffered_logs on|off
#Default:
# buffered_logs off


#################### OPTIONS FOR FTP GATEWAYING################################
# ----------------------------------------------------------------------------#

# TAG: ftp_user
#Default:
# ftp_user [email protected]

# TAG: ftp_list_width
#Default:
# ftp_list_width 32

# TAG: ftp_passive
#Default:
# ftp_passive on

# TAG: ftp_sanitycheck
#Default:
# ftp_sanitycheck on

# TAG: ftp_telnet_protocol
#Default:
# ftp_telnet_protocol on


################ OPTIONS FOR EXTERNAL SUPPORT PROGRAMS ########################
# ----------------------------------------------------------------------------#

# TAG: diskd_program
#Default:
# diskd_program /usr/lib/squid/diskd-daemon

# TAG: unlinkd_program
#Default:
# unlinkd_program /usr/lib/squid/unlinkd

# TAG: pinger_program
#Default:
# pinger_program /usr/lib/squid/pinger


####################### OPTIONS FOR URL REWRITING #############################
# ----------------------------------------------------------------------------#



# TAG: url_rewrite_children
#Default:
# url_rewrite_children 5

# TAG: url_rewrite_concurrency
#Default:
# url_rewrite_concurrency 0

# TAG: url_rewrite_host_header
#Default:
# url_rewrite_host_header on



# TAG: redirector_bypass
#Default:
# redirector_bypass off



# TAG: location_rewrite_children
#Default:
# location_rewrite_children 5

# TAG: location_rewrite_concurrency
#Default:
# location_rewrite_concurrency 0




#################### OPTIONS FOR TUNING THE CACHE #############################
# ----------------------------------------------------------------------------#

# TAG: cache
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# TAG: refresh_pattern
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# TAG: quick_abort_min (KB)
# TAG: quick_abort_max (KB)
# TAG: quick_abort_pct (percent)
#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

# TAG: read_ahead_gap buffer-size
#Default:
# read_ahead_gap 16 KB

# TAG: negative_ttl time-units
#Default:
# negative_ttl 5 minutes

# TAG: positive_dns_ttl time-units
#Default:
# positive_dns_ttl 6 hours

# TAG: negative_dns_ttl time-units
#Default:
# negative_dns_ttl 1 minute

# TAG: range_offset_limit (bytes)
#Default:
# range_offset_limit 0 KB

# TAG: minimum_expiry_time (seconds)
#Default:
# minimum_expiry_time 60 seconds

# TAG: store_avg_object_size (kbytes)
#Default:
# store_avg_object_size 13 KB

# TAG: store_objects_per_bucket
#Default:
# store_objects_per_bucket 20


############################ HTTP OPTIONS #####################################
# ----------------------------------------------------------------------------#

# TAG: request_header_max_size (KB)
#Default:
# request_header_max_size 20 KB

# TAG: reply_header_max_size (KB)
#Default:
# reply_header_max_size 20 KB

# TAG: request_body_max_size (KB)
#Default:
# request_body_max_size 0 KB


# TAG: via on|off
#Default:
# via on

# TAG: cache_vary
#Default:
# cache_vary on

# TAG: broken_vary_encoding
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

# TAG: collapsed_forwarding (on|off)
#Default:
# collapsed_forwarding off

# TAG: refresh_stale_hit (time)
#Default:
# refresh_stale_hit 0 seconds

# TAG: ie_refresh on|off
#Default:
# ie_refresh off

# TAG: vary_ignore_expire on|off
#Default:
# vary_ignore_expire off

# TAG: extension_methods
#Default:
# none

# TAG: request_entities
#Default:
# request_entities off

# TAG: relaxed_header_parser on|off|warn
#Default:
# relaxed_header_parser on


############################## TIMEOUTS #######################################
# ----------------------------------------------------------------------------#

# TAG: forward_timeout time-units
#Default:
# forward_timeout 4 minutes

# TAG: connect_timeout time-units
#Default:
# connect_timeout 1 minute

# TAG: peer_connect_timeout time-units
#Default:
# peer_connect_timeout 30 seconds

# TAG: read_timeout time-units
#Default:
# read_timeout 15 minutes

# TAG: request_timeout
#Default:
# request_timeout 5 minutes

# TAG: persistent_request_timeout
#Default:
# persistent_request_timeout 2 minutes

# TAG: client_lifetime time-units
#Default:
# client_lifetime 1 day

# TAG: half_closed_clients
#Default:
# half_closed_clients on

# TAG: pconn_timeout
#Default:
# pconn_timeout 1 minute

# TAG: ident_timeout
#Default:
# ident_timeout 10 seconds

# TAG: shutdown_lifetime time-units
#Default:
# shutdown_lifetime 30 seconds


######################## ADMINISTRATIVE PARAMETERS ############################
# ----------------------------------------------------------------------------#

# TAG: cache_mgr
#Default:
# cache_mgr root

# TAG: mail_program
#Default:
# mail_program mail

# TAG: cache_effective_user
#Default:
# cache_effective_user squid

# TAG: cache_effective_group
#Default:
# cache_effective_group squid

# TAG: httpd_suppress_version_string on|off
#Default:
# httpd_suppress_version_string off

# TAG: umask
#Default:
# umask 027


################ OPTIONS FOR THE CACHE REGISTRATION SERVICE ###################
# ----------------------------------------------------------------------------#


# TAG: announce_period
#Default:
# announce_period 0
#To enable announcing your cache, just uncomment the line below.
#announce_period 1 day


# TAG: announce_host
# TAG: announce_file
# TAG: announce_port
#Default:
# announce_host tracker.ircache.net
# announce_port 3131


######################## HTTPD-ACCELERATOR OPTIONS ############################
# ----------------------------------------------------------------------------#

# TAG: httpd_accel_no_pmtu_disc on|off
#Default:
# httpd_accel_no_pmtu_disc off


########################### DELAY POOL PARAMETERS #############################
# -----------------------------------------------------------------------------

# TAG: delay_pools
#Default:
# delay_pools 0

# TAG: delay_initial_bucket_level (percent, 0-100)
#Default:
# delay_initial_bucket_level 50


############### WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS #######################
# ----------------------------------------------------------------------------#

# TAG: wccp_router
# TAG: wccp2_router
#
# wccp_router supports a single WCCP(v1) router
#
# wccp2_router supports multiple WCCPv2 routers
#Default:
# wccp_router 0.0.0.0


# TAG: wccp_version
#Default:
# wccp_version 4

# TAG: wccp2_rebuild_wait
#Default:
# wccp2_rebuild_wait on

# TAG: wccp2_forwarding_method
#Default:
# wccp2_forwarding_method 1

# TAG: wccp2_return_method
#Default:
# wccp2_return_method 1

# TAG: wccp2_assignment_method
#Default:
# wccp2_assignment_method 1

# TAG: wccp2_service
#Default:
# wccp2_service standard 0


# TAG: wccp2_weight
#Default:
# wccp2_weight 10000

# TAG: wccp_address
# TAG: wccp2_address
#Default:
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0


##################### PERSISTENT CONNECTION HANDLING ##########################
# ----------------------------------------------------------------------------#

# TAG: client_persistent_connections
# TAG: server_persistent_connections
#Default:
# client_persistent_connections on
# server_persistent_connections on

# TAG: persistent_connection_after_error
#Default:
# persistent_connection_after_error off

# TAG: detect_broken_pconn
#Default:
# detect_broken_pconn off


############################ CACHE DIGEST OPTIONS #############################
# ----------------------------------------------------------------------------#

# TAG: digest_generation
#Default:
# digest_generation on

# TAG: digest_bits_per_entry
#Default:
# digest_bits_per_entry 5

# TAG: digest_rebuild_period (seconds)
#Default:
# digest_rebuild_period 1 hour

# TAG: digest_rewrite_period (seconds)
#Default:
# digest_rewrite_period 1 hour

# TAG: digest_swapout_chunk_size (bytes)
#Default:
# digest_swapout_chunk_size 4096 bytes

# TAG: digest_rebuild_chunk_percentage (percent, 0-100)
#Default:
# digest_rebuild_chunk_percentage 10


############################ SNMP OPTIONS #####################################
# ----------------------------------------------------------------------------#

# TAG: snmp_port
#Default:
# snmp_port 0

# TAG: snmp_access
# snmp_access deny all

# TAG: snmp_incoming_address
# TAG: snmp_outgoing_address
#Default:
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255


################################# ICP OPTIONS #################################
# ----------------------------------------------------------------------------#

# TAG: icp_port
#Default:
# icp_port 3130

# TAG: htcp_port
#Default:
# htcp_port 4827

# TAG: log_icp_queries on|off
#Default:
# log_icp_queries on

# TAG: udp_incoming_address
#Default:
# udp_incoming_address 0.0.0.0

# TAG: udp_outgoing_address
#Default:
# udp_outgoing_address 255.255.255.255

# TAG: icp_hit_stale on|off
#Default:
# icp_hit_stale off

# TAG: minimum_direct_hops
#Default:
# minimum_direct_hops 4

# TAG: minimum_direct_rtt
#Default:
# minimum_direct_rtt 400

# TAG: netdb_low
# TAG: netdb_high
#Default:
# netdb_low 900
# netdb_high 1000

# TAG: netdb_ping_period
#Default:
# netdb_ping_period 5 minutes

# TAG: query_icmp on|off
#Default:
# query_icmp off

# TAG: test_reachability on|off
#Default:
# test_reachability off

# TAG: icp_query_timeout (msec)
#Default:
# icp_query_timeout 0

# TAG: maximum_icp_query_timeout (msec)
#Default:
# maximum_icp_query_timeout 2000

# TAG: minimum_icp_query_timeout (msec)
#Default:
# minimum_icp_query_timeout 5


########################## MULTICAST ICP OPTIONS ##############################
# ----------------------------------------------------------------------------#



# TAG: mcast_miss_addr
#Default:
# mcast_miss_addr 255.255.255.255

# TAG: mcast_miss_ttl
#Default:
# mcast_miss_ttl 16

# TAG: mcast_miss_port
#Default:
# mcast_miss_port 3135

# TAG: mcast_miss_encode_key
#Default:
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

# TAG: mcast_icp_query_timeout (msec)
#Default:
# mcast_icp_query_timeout 2000


######################### INTERNAL ICON OPTIONS ###############################
# ----------------------------------------------------------------------------#

# TAG: icon_directory
#Default:
# icon_directory /usr/share/squid/icons

# TAG: global_internal_static
#Default:
# global_internal_static on

# TAG: short_icon_urls
#Default:
# short_icon_urls off


########################## ERROR PAGE OPTIONS #################################
# ----------------------------------------------------------------------------#

# TAG: error_directory
#Default:
# error_directory /usr/share/squid/errors/English



################# OPTIONS INFLUENCING REQUEST FORWARDING ######################
# ----------------------------------------------------------------------------#

# TAG: nonhierarchical_direct
#Default:
# nonhierarchical_direct on

# TAG: prefer_direct
#Default:
# prefer_direct off


####################### ADVANCED NETWORKING OPTIONS ###########################
# ----------------------------------------------------------------------------#

# TAG: incoming_icp_average
# TAG: incoming_http_average
# TAG: incoming_dns_average
# TAG: min_icp_poll_cnt
# TAG: min_dns_poll_cnt
# TAG: min_http_poll_cnt
#Default:
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8

# TAG: tcp_recv_bufsize (bytes)
#Default:
# tcp_recv_bufsize 0 bytes


################################ DNS OPTIONS ##################################
# ----------------------------------------------------------------------------#

# TAG: check_hostnames
#Default:
# check_hostnames on

# TAG: allow_underscore
#Default:
# allow_underscore on

# TAG: cache_dns_program
#Default:
# cache_dns_program /usr/lib/squid/dnsserver

# TAG: dns_children
#Default:
# dns_children 5

# TAG: dns_retransmit_interval
#Default:
# dns_retransmit_interval 5 seconds

# TAG: dns_timeout
#Default:
# dns_timeout 2 minutes

# TAG: dns_defnames on|off
#Default:
# dns_defnames off

# TAG: dns_nameservers
# Example: dns_nameservers 10.0.0.1 192.172.0.4
#Default:
# none

# TAG: hosts_file
#Default:
# hosts_file /etc/hosts

# TAG: dns_testnames
#Default:
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

# TAG: append_domain
#Default:
# none

# TAG: ignore_unknown_nameservers
#Default:
# ignore_unknown_nameservers on

# TAG: ipcache_size (number of entries)
# TAG: ipcache_low (percent)
# TAG: ipcache_high (percent)
#Default:
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95

# TAG: fqdncache_size (number of entries)
#Default:
# fqdncache_size 1024


############################## MISCELLANEOUS ##################################
# ----------------------------------------------------------------------------#

# TAG: memory_pools on|off
#Default:
# memory_pools on

# TAG: memory_pools_limit (bytes)
#Default:
# memory_pools_limit 5 MB

# TAG: forwarded_for on|off
#Default:
# forwarded_for on



# TAG: client_db on|off
#Default:
# client_db on

# TAG: reload_into_ims on|off
#Default:
# reload_into_ims off

# TAG: maximum_single_addr_tries
#Default:
# maximum_single_addr_tries 1

# TAG: retry_on_error
#Default:
# retry_on_error off

# TAG: as_whois_server
#Default:
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

# TAG: offline_mode
#Default:
# offline_mode off

# TAG: uri_whitespace
#Default:
# uri_whitespace strip

# TAG: coredump_dir
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# TAG: balance_on_multiple_ip
#Default:
# balance_on_multiple_ip on

# TAG: pipeline_prefetch
#Default:
# pipeline_prefetch off

# TAG: high_response_time_warning (msec)
#Default:
# high_response_time_warning 0

# TAG: high_page_fault_warning
#Default:
# high_page_fault_warning 0

# TAG: high_memory_warning
#Default:
# high_memory_warning 0 KB

# TAG: sleep_after_fork (microseconds)
#Default:
# sleep_after_fork 0

# TAG: max_filedesc
#Default:
# max_filedesc 1024




Son olarak /usr/local/etc/dansguardian/dansguardian.conf
----------------------------------------------------------------------------------------------------------------




########################## LOGLAMA ######################

# -1 = log, but do not block - Stealth mode
# 0 = just say 'Access Denied'
# 1 = report why but not what denied phrase
# 2 = report fully
# 3 = use HTML template file (accessdeniedaddress ignored) - recommended

reportinglevel = 3
languagedir = '/usr/local/share/dansguardian/languages'
language = 'ukenglish'
loglevel = 2
logexceptionhits = 2

# Log File Format(SQUID FORMATI)
logfileformat = 3

# truncate large items in log lines
#maxlogitemlength = 400

# anonymize logs (blank out usernames & IPs)
#anonymizelogs = on

loglocation = '/usr/local/var/log/dansguardian/access.log'

# Statistics log file location
#statlocation = '/usr/local/var/log/dansguardian/stats'


############################# AG AYARLARI #################################

filterip = 192.168.0.x # Lan arayüzü ip adresi
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128


accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = on
custombannedimagefile = '/usr/local/share/dansguardian/transparent1x1.gif'
filtergroups = 2 # kaç farklı grup varsa buraya yazınız ama her bırı ayrı bır dansguard process demektır cpu tuketır...
filtergroupslist = '/usr/local/etc/dansguardian/lists/filtergroupslist'



################# Authentication files location ####################

bannediplist = '/usr/local/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/usr/local/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = on
createlistcachefiles = on


# use 0 for a complete block
# use higher (e.g. 512 = 512Kbytes) for limiting
# use -1 for no blocking
maxuploadsize = -1


# The value must not be higher than maxcontentramcachescansize

maxcontentfiltersize = 256
maxcontentramcachescansize = 2000

# This value must be greater or equal to maxcontentramcachescansize.
# The size is in Kibibytes - eg 10240 = 10Mb
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10



###################### Download Managers ########################

downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/usr/local/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off



############################# KIMLIK DOGRULAMA #########################

# Bu işi squid yapar sadece burada auth işlemi squid'e map edilmiş durumda.
# ntml'de şifre transferi encrpt olarak basic'de clear text gönderilir.

authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-basic.conf'
authplugin = '/usr/local/etc/dansguardian/authplugins/proxy-ntlm.conf'
recheckreplacedurls = off



############################ Misc settings #########################


forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on



######################### Fork pool options #########################


logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0



######################### Process options ##################################


ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
pidfilename = '/usr/local/var/run/dansguardian.pid'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
softrestart = off




Her bir fılter group için : /usr/local/etc/dansguardian/dansguardianfx.conf (x grup numarası olacak)

######## FILTER-X GRUBUNA AIT CONFIG DOSYASIDIR ############


# Filter group mode
# 0 = banned
# 1 = filtered
# 2 = unfiltered (exception)

groupmode = 1
groupname = xxxxxxxx

######## URL FILTRELEME ICIN KARALISTE DOSYALARI KISAYOLLARI #########

bannedphraselist = '/usr/local/etc/dansguardian/lists/bannedphraselist'
weightedphraselist = '/usr/local/etc/dansguardian/lists/weightedphraselist'
exceptionphraselist = '/usr/local/etc/dansguardian/lists/exceptionphraselist'
bannedsitelist = '/usr/local/etc/dansguardian/lists/bannedsitelist'
greysitelist = '/usr/local/etc/dansguardian/lists/greysitelist'
exceptionsitelist = '/usr/local/etc/dansguardian/lists/exceptionsitelist'
bannedurllist = '/usr/local/etc/dansguardian/lists/bannedurllist'
greyurllist = '/usr/local/etc/dansguardian/lists/greyurllist'
exceptionurllist = '/usr/local/etc/dansguardian/lists/exceptionurllist'
exceptionregexpurllist = '/usr/local/etc/dansguardian/lists/exceptionregexpurllist'
bannedregexpurllist = '/usr/local/etc/dansguardian/lists/bannedregexpurllist'
picsfile = '/usr/local/etc/dansguardian/lists/pics'
contentregexplist = '/usr/local/etc/dansguardian/lists/contentregexplist'
urlregexplist = '/usr/local/etc/dansguardian/lists/urlregexplist'



####################### Filetype filtering ##########################

blockdownloads = on
exceptionextensionlist = '/usr/local/etc/dansguardian/lists/exceptionextensionlist'
exceptionmimetypelist = '/usr/local/etc/dansguardian/lists/exceptionmimetypelist'

###### ASAGIDAKI IKI DOSYA ILE DOSYA TIPINE GORE DOWNLOAD YASAKLANMISTIR ######

bannedextensionlist = '/usr/local/etc/dansguardian/lists/bannedextensionlist'
bannedmimetypelist = '/usr/local/etc/dansguardian/lists/bannedmimetypelist'

######## YASAKLANANLARIN AKSINE ASAGIDAKI TIPLERE DOWNLOAD SERBESTTIR ##########

exceptionfilesitelist = '/usr/local/etc/dansguardian/lists/exceptionfilesitelist'
exceptionfileurllist = '/usr/local/etc/dansguardian/lists/exceptionfileurllist'
headerregexplist = '/usr/local/etc/dansguardian/lists/headerregexplist'
bannedregexpheaderlist = '/usr/local/etc/dansguardian/lists/bannedregexpheaderlist'

############## TERBIYE SINIRI ##############################

# 50 is for young children, 100 for old children, 160 for young adults.
naughtynesslimit = 350

# 0 = display all categories (default)
categorydisplaythreshold = 0

embeddedurlweight = 0
enablepics = off
bypass = 0
bypasskey = ''

infectionbypass = 0

infectionbypasskey = ''
infectionbypasserrorsonly = on
disablecontentscan = off
deepurlanalysis = off



Bunları kendı networkunuze gore editledıkten sonra winbind_priviliged dosyasınına read write exec yetkisi verirseniz otomatik olarak windows ad' üzerinden kimlik doğrulama yapar. Domaine ait olmayan pc'lerde ise proxy username ve password sorar. Artık erişim loglarında kullanıcı adları ve pc isimleri'de görünecektir.

Hasbel kadar sorun yasarsanız cache'leri yada log dosyarını temızleyın. Sonra squid,samba ve windbind'i durdurup. windbind_priviliged dosyasını silin. Samba + winbind yeniden başlatıp ilgilli dosyaya yenıden yetki verin sonra squidi başlatın tmmdır.

Bu yapıda windows dc yada windows domainden bir pc ntp sunucusu olmalıdır. Dc aynı zamanda DNS sunucusu olmalıdır. Bu sebeple kurulum yaparken resolv.conf dosyasında veya hosts dosyasında dc için gerekli dns girdilerini yapmanız gerekmektedir.


Administrator şifresi AD ortamında never expire ve user cant change pass şeklinde olmalıdır.


Dasnguardian filter groupları sayesınde pc ve ip ayrımına gerek kalmaksızın bir tane script ile kullanıcı bazlı internet erişimi yasaklanabilir veya kısıtlanabilir.

Sorusu olan bu konu altından sorabilir. İyi çalışmalar.