Alejandro Bednarik wrote:
> Hi all!. I am using squid stable 2.6.stable18. and i need to log
> failed authentications attempts or at least some info to look. I
> noticed that NTLM don't log the username if it is fails, ldap_auth do
> that so i can parse the log to find something like TCP_DENIED/407, a
> low ts value and a username to find a possible login attempt. Is there
> any way i can do something about, when squid use ntlm to authenticate
> the user?
Squid always logs the username when its available.
NTLM is an authentication mechanism that does not use usernames. It
pases around encoded binary hashes instead.
I think you need to change your concept a little bit. The real
identifier of whether a request is a login attempt is whether the
browser has included a Proxy-Authorization: header.
You can log that by adding %{Proxy-Authorization}>h to the log format if
you like. However be aware that one username cannot be derived out of
the hash and one username has multiple hashes over time.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20 Current Beta Squid 3.1.0.14Received on Thu Nov 05 2009 - 04:40:27 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 05 2009 - 12:00:03 MST