<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#464646" bgcolor="#FFFFFF">
<font face="monospace"><br>
<br>
<br>
<br>
Hi %note is used by our external_acls and for log other tokens<br>
And we use also Group as token.<br>
it can disabled by direcly removing source kerberos code before
compiling but i would like to know if there is another way<br>
</font><br>
<div class="moz-cite-prefix">Le 31/01/2024 à 14:36, Andrey K a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CADJd0Y0b_07i6sXUU6AcF4b2LB_AjaF1ksMbt0=fJ2jXv9BCjQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">Hello, David,
<div><br>
</div>
<div>> <span style="font-family:monospace">Anyway to remove
these entries from the log ?</span></div>
<div><span style="font-family:monospace">I think you should
correct logformat directive in your squid configuration to
disable annotations </span><span
style="font-family:monospace">logging (</span><span
style="font-family:monospace">%note</span><span
style="font-family:monospace">): </span><a
href="http://www.squid-cache.org/Doc/config/logformat/"
moz-do-not-send="true" class="moz-txt-link-freetext">http://www.squid-cache.org/Doc/config/logformat/</a></div>
<div><span style="font-family:monospace"><br>
</span></div>
<div><span style="font-family:monospace">Kind regards,</span></div>
<div><span style="font-family:monospace"> Ankor. </span></div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">ср, 31 янв. 2024 г. в 15:51,
David Touzeau <<a href="mailto:david@articatech.com"
moz-do-not-send="true" class="moz-txt-link-freetext">david@articatech.com</a>>:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> <font face="monospace">Anyway to
remove these entries from the log ?</font><br>
<br>
<div>Le 31/01/2024 à 10:01, Andrey K a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hello, David,
<div><br>
</div>
<div>group values in your logs are BASE64-encoded
binary AD-groups SIDs.</div>
<div>You can try to decode them by a simple perl
script <a href="http://sid-reader.pl"
target="_blank" moz-do-not-send="true">sid-reader.pl</a>
(see below):</div>
<div><br>
</div>
<div><font face="monospace">echo
AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA== | base64
-d | perl <a href="http://sid-reader.pl"
target="_blank" moz-do-not-send="true">sid-reader.pl</a></font><br>
</div>
<div><br>
</div>
<div>And finally convert SID to a group name:</div>
<div><font face="monospace">wbinfo -s
S-01-5-21-407062282-1694779757-312552118-71814<br>
</font></div>
<div><br>
</div>
<div>Kind regards,</div>
<div> Ankor</div>
<div><br>
</div>
<div><br>
</div>
<div><b><font face="monospace"><a
href="http://sid-reader.pl" target="_blank"
moz-do-not-send="true">sid-reader.pl</a>:</font></b></div>
<div><font face="monospace">#!/usr/bin/perl</font></div>
<div><font face="monospace">#<a
href="https://lists.samba.org/archive/linux/2005-September/014301.html"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.samba.org/archive/linux/2005-September/014301.html</a><br>
<br>
my $binary_sid;<br>
my @parts;<br>
while(<>){<br>
push @parts, $_;<br>
}<br>
$binary_sid = join('', @parts);<br>
<br>
my($sid_rev, $num_auths, $id1, $id2, @ids) =<br>
unpack("H2 H2 n N V*",
$binary_sid);<br>
my $sid_string = join("-", "S", $sid_rev,
($id1<<32)+$id2, @ids);<br>
print "$sid_string\n";</font><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">вт, 30 янв. 2024 г.
в 18:49, David Touzeau <<a
href="mailto:david@articatech.com" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">david@articatech.com</a>>:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF"> <br>
Hi when using Kerberos with Squid when in access
log a long Group tags:<br>
<br>
I would like to know how to disable Squid to grab
groups suring authentication verification and in
other way, how to decode Group value<br>
<br>
example of an access.log<br>
<br>
<code>1706629424.779 130984 10.1.12.120
TCP_TUNNEL/500 5443 CONNECT <a
href="http://eu-mobile.events.data.microsoft.com:443" target="_blank"
moz-do-not-send="true">eu-mobile.events.data.microsoft.com:443</a>
leblud HIER_DIRECT/<a
href="http://13.69.239.72:443" target="_blank"
moz-do-not-send="true">13.69.239.72:443</a> -
mac="00:00:00:00:00:00"
user:%20leblud%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBsMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESBaAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESj34AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQbcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlPQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNZUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/MMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESh5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuc4AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESl8QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGnsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESihgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESnsEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8QYBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNtcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESX+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8KMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShMcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0XgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMwIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESAQIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESufYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESNAkBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESccMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEStdYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFXkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESb6EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESFcAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESluoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESxY8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2cEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEST/MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESLaEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESlvQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESPLkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShxgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES98IAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShPgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaHsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmegAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiRgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES/tgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5IEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESN9cAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESbQEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjZwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESmsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESvtIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGAEBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESePYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESfp0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuj0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA8gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7p8AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ50AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJ8AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESdu0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjPYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgSUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESs9YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESCBQBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESjBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES4gIBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVaUAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES730AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESiBgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESGQgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESttYAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8P0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3g0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2sMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESaQ0BAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESuvsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESKNEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShscAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESDTsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6HsAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESZ3sAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTvMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES3HgAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESJdkAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES5YcAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES6AUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd/YAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESUsQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESz3gAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES2+0AAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShhgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESMLEAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESP+AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESk/QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESTfoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESixgBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqEShccAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESVwoAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQuwAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESA9AAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQcMAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES0QUBAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESQOAAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESu5wAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESYcIAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESE9MAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES7oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9YQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES9oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESd5EAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES84QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES8oQAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqES74QAAA==%0D%0Agroup:%20AQUAAAAAAAUVAAAACkdDGG1JBGW2KqESgHsAAA==%0D%0Agroup:%20AQEAAAAAABIBAAAA%0D%0Aaccessrule:%20final_allow%0D%0Afirst:%20ERROR%0D%0Awebfilter:%20pass%0D%0Aexterr:%20invalid_code_431%0D%0A
ua="-" exterr="-|-"</code><br>
<br>
<pre cols="72">--
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www: <a href="https://wiki.articatech.com" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://wiki.articatech.com</a>
www: <a href="http://articatech.net" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">http://articatech.net</a> </pre>
</div>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">squid-users@lists.squid-cache.org</a><br>
<a
href="https://lists.squid-cache.org/listinfo/squid-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote>
</div>
</blockquote>
<br>
<pre cols="72">--
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www: <a href="https://wiki.articatech.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://wiki.articatech.com</a>
www: <a href="http://articatech.net" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">http://articatech.net</a> </pre>
</div>
</blockquote>
</div>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
David Touzeau - Artica Tech France
Development team, level 3 support
----------------------------------
P: +33 6 58 44 69 46
www: <a class="moz-txt-link-freetext" href="https://wiki.articatech.com">https://wiki.articatech.com</a>
www: <a class="moz-txt-link-freetext" href="http://articatech.net">http://articatech.net</a> </pre>
</body>
</html>