[squid-users] Squid V 3.5.23 authenticating in AD: User names not showing in log
Rafael Silva Daniel
rafaelsilvadaniel at gmail.com
Wed May 15 17:45:22 UTC 2019
Helo! im in need of serious help, in my company we need the access logs by
user name, is the only reason the proxy is setted to authenticate. but it
just dont show it, the relevant parts of the .conf is looking like this:
(...)
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=XXXXX(domain name)
auth_param ntlm children 100
auth_param ntlm keep_alive off
external_acl_type NT_global_group %LOGIN /usr/lib/squid/ext_wbinfo_group_acl
acl users external NT_global_group "/etc/squid/fapgrp"
(...)
(...)
http_access deny !users
http_access allow users
http_access deny !auth
(...)
***("/etc/squid/fapgrp" is a text file with the text "Usuários do dóminio",
its "Domain Users" in portuguese)
when i test the helper:
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
--domain=XXXXX
user password
BH SPNEGO request invalid prefix
i read somewhere that ntlmssp can be tested like this, because we are
sending the credentials as plain text, so i tested with basic and the result
is this:
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-basic
--domain=XXXXX
user password
OK
user password
ERR
so, im assuming that the way squid is processing the challenges are fine, is
it right?
but the part that is making me furious is that the access.log are like this:
1557939698.081 218 10.85.xx.xx TCP_MISS/200 1962 GET
http://squid-web-proxy-cache.1019090.n4.nabble.com/util/minmax.js *USERNAME*
HIER_DIRECT/199.38.86.66 application/x-javascript
1557939698.313 231 10.85.xx.xx TCP_MISS/200 1073 GET
http://squid-web-proxy-cache.1019090.n4.nabble.com/images/image.png
*USERNAME* HIER_DIRECT/199.38.86.66 image/png
1557939698.360 263 10.85.xx.xx TCP_MISS/200 738 GET
http://squid-web-proxy-cache.1019090.n4.nabble.com/images/bold.png
*USERNAME* HIER_DIRECT/199.38.86.66 image/png
when the id is TCP_MISS the user name always shows correctly, but when the
id is:
1557941156.213 240238 10.85.XX.XX TCP_TUNNEL/200 1788 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.29.228 -
1557941156.670 240355 10.85.XX.XX TCP_TUNNEL/200 2892 CONNECT
s2.googleusercontent.com:443 - HIER_DIRECT/172.217.172.129 -
1557941159.712 243740 10.85.XX.XX TCP_TUNNEL/200 132341 CONNECT
www.google.com:443 - HIER_DIRECT/172.217.29.228 -
TCP_TUNNEL the user name is never showed, and the majority of the access log
have these TCP_TUNNEL stuff
theres a way to all the pages that are accessed shows the username? its our
only need, to see the user names in all the logs
Thanks in advance!
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list