[squid-users] Long Group TAG in access.log when using kerberos
Andrey K
ankor2023 at gmail.com
Wed Jan 31 09:01:39 UTC 2024
Hello, David,
group values in your logs are BASE64-encoded binary AD-groups SIDs.
You can try to decode them by a simple perl script sid-reader.pl (see
below):
echo AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA== | base64 -d | perl
sid-reader.pl
And finally convert SID to a group name:
wbinfo -s S-01-5-21-407062282-1694779757-312552118-71814
Kind regards,
Ankor
*sid-reader.pl <http://sid-reader.pl>:*
#!/usr/bin/perl
#https://lists.samba.org/archive/linux/2005-September/014301.html
my $binary_sid;
my @parts;
while(<>){
push @parts, $_;
}
$binary_sid = join('', @parts);
my($sid_rev, $num_auths, $id1, $id2, @ids) =
unpack("H2 H2 n N V*", $binary_sid);
my $sid_string = join("-", "S", $sid_rev, ($id1<<32)+$id2, @ids);
print "$sid_string\n";
вт, 30 янв. 2024 г. в 18:49, David Touzeau <david at articatech.com>:
>
> Hi when using Kerberos with Squid when in access log a long Group tags:
>
> I would like to know how to disable Squid to grab groups suring
> authentication verification and in other way, how to decode Group value
>
> example of an access.log
>
> 1706629424.779 130984 10.1.12.120 TCP_TUNNEL/500 5443 CONNECT
> eu-mobile.events.data.microsoft.com:443 leblud HIER_DIRECT/
> 13.69.239.72:443 - mac="00:00:00:00:00:00"
> user:%20leblud%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBsMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBaAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESj34AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQbcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlPQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNZUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/MMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESh5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuc4AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESl8QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGnsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESihgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESnsEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8QYBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNtcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESX+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8KMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShMcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0XgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMwIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESAQIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESufYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNAkBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESccMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEStdYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFXkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESb6EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFcAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESluoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESxY8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2cEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEST/MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESLaEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlvQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESPLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES98IAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShPgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaHsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmegAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiRgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/tgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5IEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESN9cAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESbQEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjZwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESvtIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGAEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESePYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESfp0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuj0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA8gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7p8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ50AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ8AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESdu0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjPYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESs9YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESCBQBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES4gIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVaUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES730AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGQgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESttYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8P0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3g0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2sMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaQ0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuvsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESKNEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShscAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESDTsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6HsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ3sAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTvMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3HgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJdkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5YcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd/YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESUsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESz3gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMLEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESP+AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESk/QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTfoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESixgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShccAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVwoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA9AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQcMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0QUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQOAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESu5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESYcIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESE9MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9YQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd5EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES84QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES74QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgHsAAA==%0D%0Agroup:%20AQEAAAAAABIBAAAA%0D%0Aaccessrule:%20final_allow%0D%0Afirst:%20ERROR%0D%0Awebfilter:%20pass%0D%0Aexterr:%20invalid_code_431%0D%0A
> ua="-" exterr="-|-"
>
> --
> David Touzeau - Artica Tech France
> Development team, level 3 support
> ----------------------------------
> P: +33 6 58 44 69 46
> www: https://wiki.articatech.com
> www: http://articatech.net
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240131/1bd503a5/attachment-0001.htm>
More information about the squid-users
mailing list