[squid-users] auth username logging

Marko Cupać marko.cupac at mimar.rs
Sat Sep 29 10:23:07 UTC 2018


On Sat, 29 Sep 2018 11:17:49 +1200
Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 29/09/18 3:56 AM, Marko Cupać wrote:
> > Hi,
> > 
> > I am testing migration of my AD-authenticated (kerberos + ntlm) 3.5
> > setup to 4.1. I noticed there are no usernames in access.log, just
> > "*" for served pages, "-" for 407s.
> > 
> > How can I get usernames in my access.log again?  
> 
> What is your auth_param config?
> 
> It sounds to me like you are using a "Negotiate/NTLM" auth helper for
> "NTLM" authentication.

Hi,

Here's relevant part of squid.conf:

# AUTHENTICATION HELPERS
auth_param negotiate program \
  /usr/local/libexec/squid/negotiate_wrapper_auth \
    --ntlm /usr/local/bin/ntlm_auth --helper-protocol=gss-spnego \
      --domain=MIMAR \
    --kerberos /usr/local/libexec/squid/negotiate_kerberos_auth \
      -d -r -s GSS_C_NO_NAME
auth_param negotiate children 20 startup=0 idle=1
auth_param negotiate keep_alive on

I am not sure what exactly authenticates, kerberos or NTLM.

Thank you in advance for any pointers,
-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/


More information about the squid-users mailing list