Re: [squid-users] ntlm_auth not showing users connect into access.log file

From: Chris Robertson <crobertson@dont-contact.us>
Date: Tue, 20 Nov 2007 13:15:41 -0900

David PAZOS wrote:
> Hello,
>
> I've configured squid and it seems to be working as it logs which ip
> goes to which website but... I can't see the AD users. I've tested
> ./ntlm_auth with several usernames and it worked...
>
> If you have any idea of what the problem could be, it will be really
> appreciate! ;)
>
> I'm running Squid 3.0 RC1 on Gentoo 2007.0
> with samba 3.0.26a
> and krb5-1.5.3-r1
>
> Here is my squid.conf file :
> ###########################
> http_port 8080
> cache_mgr some@email.com
> cache_effective_user squid
> cache_effective_group squid
> ftp_user anonymous@someadress.com
> visible_hostname myservername.mydomain.local
> logfile_rotate 1
>
> cache_mem 256 MB
> cache_access_log /var/log/squid/access.log
> cache_dir ufs /var/cache/squid/ncache 1024 16 256
> log_ip_on_direct off
>
> debug_options ALL,1
> hosts_file /etc/hosts
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 30
> #auth_param ntlm max_challenge_reuses 0
> #auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> acl all src 0.0.0.0/0.0.0.0
> acl local_network src 192.168.1.0/24 127.0.0.1/32
> http_access allow local_network
>

Anyone surfing from 192.168.1.0/24 is allowed at this point. No
authentication requested or required.

>
> acl SSL_ports port 443 563
> acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
> acl AuthorizedUsers proxy_auth REQUIRED
>
> http_access deny !AuthorizedUsers
> http_access allow all
>
> Here is a view of the access.log file of squid
> ###############################
> 1195130391.112 104 192.168.1.34 TCP_MISS/200 512 GET
> http://www.google-analy$
>

Yup. That IP matches. :o)

> 1195130392.236 1303 192.168.1.34 TCP_MISS/200 20433 GET
> http://media.ldlc.com$
> 1195130392.280 35 192.168.1.34 TCP_MISS/200 717 GET
> http://www.hardware.fr/$
> 1195130416.467 317 192.168.1.34 TCP_MISS/200 2736 GET
> http://www.danstapomme$
> 1195130416.613 109 192.168.1.34 TCP_MISS/200 503 GET
> http://www.danstapomme.$
> 1195130416.617 112 192.168.1.34 TCP_MISS/200 1394 GET
> http://www.danstapomme$
> 1195130416.849 347 192.168.1.34 TCP_MISS/200 24973 GET
> http://www.danstapomm$
> 1195130416.915 31 192.168.1.34 TCP_MISS/404 571 GET
> http://www.danstapomme.$
>
> Here is aview of cache.log of squid
> ###############################
> 007/11/15 13:37:13| Starting Squid Cache version 3.0.RC1 for
> i686-pc-linux-gnu$
> 2007/11/15 13:37:13| Process ID 8219
> 2007/11/15 13:37:13| With 1024 file descriptors available
> 2007/11/15 13:37:13| DNS Socket created at 0.0.0.0, port 40818, FD 7
> 2007/11/15 13:37:13| Adding nameserver 192.168.1.251 from
> /etc/resolv.conf
> 2007/11/15 13:37:13| helperStatefulOpenServers: Starting 30 'ntlm_auth'
> process$
> 2007/11/15 13:37:14| helperOpenServers: Starting 5 'ntlm_auth' processes
> 2007/11/15 13:37:14| User-Agent logging is disabled.
> 2007/11/15 13:37:14| Referer logging is disabled.
> 2007/11/15 13:37:14| Unlinkd pipe opened on FD 47
> 2007/11/15 13:37:14| Local cache digest enabled; rebuild/rewrite every
> 3600/360$
> 2007/11/15 13:37:14| Swap maxSize 1048576 KB, estimated 80659 objects
> 2007/11/15 13:37:14| Target number of buckets: 4032
> 2007/11/15 13:37:14| Using 8192 Store buckets
> 2007/11/15 13:37:14| Max Mem size: 262144 KB
> 2007/11/15 13:37:14| Max Swap size: 1048576 KB
> 2007/11/15 13:37:14| Version 1 of swap file with LFS support detected...
> 2007/11/15 13:37:14| Rebuilding storage in /var/cache/squid/ncache
> (CLEAN)
> 2007/11/15 13:37:14| Using Least Load store dir selection
> 2007/11/15 13:37:14| Current Directory is /root
> 2007/11/15 13:37:14| Loaded Icons.
> 2007/11/15 13:37:14| Accepting HTTP connections at 0.0.0.0, port 8080,
> FD 49.
> 2007/11/15 13:37:14| HTCP Disabled.
> 2007/11/15 13:37:14| Ready to serve requests.
> 2007/11/15 13:37:14| Done reading /var/cache/squid/ncache swaplog (267
> entries)
> 2007/11/15 13:37:14| Finished rebuilding storage from disk.
> 2007/11/15 13:37:14| 267 Entries scanned
> 2007/11/15 13:37:14| 0 Invalid entries.
> 2007/11/15 13:37:14| 0 With invalid flags.
> 2007/11/15 13:37:14| 267 Objects loaded.
> 2007/11/15 13:37:14| 0 Objects expired.
> 2007/11/15 13:37:14| 0 Objects cancelled.
> 2007/11/15 13:37:14| 0 Duplicate URLs purged.
> 2007/11/15 13:37:14| 0 Swapfile clashes avoided.
> 2007/11/15 13:37:14| Took 0.075 seconds (3.6e+03 objects/sec).
> 2007/11/15 13:37:14| Beginning Validation Procedure
> 2007/11/15 13:37:14| Completed Validation Procedure
> 2007/11/15 13:37:14| Validated 559 Entries
> 2007/11/15 13:37:14| store_swap_size = 2784
> 2007/11/15 13:37:15| storeLateRelease: released 0 objects
>
> Hope you will find something wierd in my config because I've redone it
> twice and I don't know what I've missed...
>

You might want to peruse the FAQ section on ACLs.
http://wiki.squid-cache.org/SquidFaq/SquidAcl

>
> Many Thanks.
> Kindly Regards.
> David
>

Chris
Received on Tue Nov 20 2007 - 15:16:02 MST

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:02 MST