[squid-users] Logging failed authentication attempts
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 31 05:54:18 UTC 2023
On 31/01/2023 6:13 pm, Andrey K wrote:
> Amos,
>
> I understood: the helper.cc does not parse the KK-request and does not
> know about the username. He can only get the username information from
> the reply of the external helper. But since the external helper
> returns only an error without a username, this information is missing
> from the logs.
>
> Is there any other possibility to log username and source IP address
> in such NTLM-failed authentication attempts?
You could make a wrapper script that decodes the KK request and returns
user=name along with the real helpers result.
The problem is tat the credentials are known to be invalid at that
point, so it may just be garbage instead of a username.
Amos
More information about the squid-users
mailing list