[squid-users] auth username logging
Marko Cupać
marko.cupac at mimar.rs
Sat Sep 29 10:23:07 UTC 2018
On Sat, 29 Sep 2018 11:17:49 +1200
Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 29/09/18 3:56 AM, Marko Cupać wrote:
> > Hi,
> >
> > I am testing migration of my AD-authenticated (kerberos + ntlm) 3.5
> > setup to 4.1. I noticed there are no usernames in access.log, just
> > "*" for served pages, "-" for 407s.
> >
> > How can I get usernames in my access.log again?
>
> What is your auth_param config?
>
> It sounds to me like you are using a "Negotiate/NTLM" auth helper for
> "NTLM" authentication.
Hi,
Here's relevant part of squid.conf:
# AUTHENTICATION HELPERS
auth_param negotiate program \
/usr/local/libexec/squid/negotiate_wrapper_auth \
--ntlm /usr/local/bin/ntlm_auth --helper-protocol=gss-spnego \
--domain=MIMAR \
--kerberos /usr/local/libexec/squid/negotiate_kerberos_auth \
-d -r -s GSS_C_NO_NAME
auth_param negotiate children 20 startup=0 idle=1
auth_param negotiate keep_alive on
I am not sure what exactly authenticates, kerberos or NTLM.
Thank you in advance for any pointers,
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
More information about the squid-users
mailing list