[squid-users] auth username logging
Amos Jeffries
squid3 at treenet.co.nz
Sun Sep 30 07:57:36 UTC 2018
On 29/09/18 10:23 PM, Marko Cupać wrote:
> On Sat, 29 Sep 2018 11:17:49 +1200
> Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>> On 29/09/18 3:56 AM, Marko Cupać wrote:
>>> Hi,
>>>
>>> I am testing migration of my AD-authenticated (kerberos + ntlm) 3.5
>>> setup to 4.1. I noticed there are no usernames in access.log, just
>>> "*" for served pages, "-" for 407s.
>>>
>>> How can I get usernames in my access.log again?
>>
>> What is your auth_param config?
>>
>> It sounds to me like you are using a "Negotiate/NTLM" auth helper for
>> "NTLM" authentication.
>
> Hi,
>
> Here's relevant part of squid.conf:
>
> # AUTHENTICATION HELPERS
> auth_param negotiate program \
> /usr/local/libexec/squid/negotiate_wrapper_auth \
> --ntlm /usr/local/bin/ntlm_auth --helper-protocol=gss-spnego \
--helper-protocol=gss-spnego is telling the samba helper to use
Negotiate protocol, but the wrapper is expecting NTLM protocol and
mapping them.
Please try --helper-protocol=squid-2.5-ntlmssp
> --domain=MIMAR \
> --kerberos /usr/local/libexec/squid/negotiate_kerberos_auth \
> -d -r -s GSS_C_NO_NAME
> auth_param negotiate children 20 startup=0 idle=1
> auth_param negotiate keep_alive on
>
> I am not sure what exactly authenticates, kerberos or NTLM.
>
> Thank you in advance for any pointers,
>
Amos
More information about the squid-users
mailing list