Solved

How configure Squid to log Windows username in access.log

Posted on 2007-11-15
4
9,639 Views
Last Modified: 2013-12-06
Hello,

I'm running Squid 3.0 on a linux Gentoo 2007.0 and it runs well, but I would like to have Active Directory users log into access.log. ./ntlm_auth on bash is working, server is added to the domain and wbinfo -g & wbinfo -u works well....

What did I wrong? Below is my squid.conf file.

Many thanks in advance. Kindly Regards.
http_port 8080
cache_mgr some@address.com
cache_effective_user squid
cache_effective_group squid
ftp_user anonymous@address.com
visible_hostname server.domain.local
logfile_rotate 1
 
cache_mem 256 MB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid/ncache 1024 16 256
log_ip_on_direct off
access_log /var/log/squid/access.log squid
 
debug_options ALL,1
hosts_file /etc/hosts
 
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
 
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
 
acl all src 0.0.0.0/0.0.0.0
acl lcl_network src 192.168.1.0/24 127.0.0.1/32
http_access allow lcl_network
 
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
 
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
http_access allow all

Open in new window

0
Comment
Question by:David_Pazos
  • 2
4 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 20294697
Hi,

Please folow the steps in this document and then you must see usernames along with the addresses in our logs:
http://www.squid-cache.org/mail-archive/squid-dev/200207/att-0066/winbind.txt

Cheers,
K.
0
 

Accepted Solution

by:
David_Pazos earned 0 total points
ID: 20298800
Hello KeremE and thanks for the answer,

I'm sorry but this doc wasn't helpful... I used this one... It's in russian but I could read the english commands and it worked.

http://www.linux.ru/forum/index.php?t=msg&goto=325509&rid=0&S=cf92c2b30c9036089a17ddc5c5bdc47a&srch=into+seperate+domain%2Fname+parts%21#msg_325509

Here Below you can see what I've changed and I hope it could help someone.

Kindly Regards.

PS Winbind separator in /etc/samba/smb.conf is = +
http_port 8080
cache_mgr some@address.com
cache_effective_user squid
cache_effective_group squid
ftp_user anonymous@address.com
visible_hostname server.domain.local
logfile_rotate 1
 
cache_mem 256 MB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid/ncache 1024 16 256
log_ip_on_direct off
access_log /var/log/squid/access.log squid
 
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
 
debug_options ALL,1 33
hosts_file /etc/hosts
dns_nameservers 192.168.1.1
 
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN+internetuser
auth_param ntlm children 5
auth_param ntlm keep_alive on
 
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=DOMAIN+internetuser
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl DOMAIN proxy_auth REQUIRED
acl SSL_ports port 443 563
acl purge method PURGE
acl CONNECT method CONNECT
 
acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
 
icp_access allow all
http_access allow manager localhost DOMAIN
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow DOMAIN
http_access allow localhost
http_access deny all
http_reply_access allow all

Open in new window

0
 

Expert Comment

by:rchack
ID: 21905245
hello David Pazos,

i use your config file at my CentOS 5.0 box ...
i install squid using yum -y install squid

but i get this error
service squid start
init_cache_dir /var/cache/squid/ncache... Starting squid: /etc/init.d/squid: line 53:  7187 Aborted                 $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
                                                           [FAILED]

Open in new window

0
 

Author Comment

by:David_Pazos
ID: 21906243
Hi rchack,
are you using squid 3.0? what can you see in the logs? Can you please post your logs and config file? what do you have in line 53 in your config file?
I suggest you to open a new question so everybody can help you.
Kindly Regards
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
winscp 000webhost.com 6 72
maybe no no httpd.conf 6 61
Linux Samba using Kerberos to Auth from Active Directory 9 70
what do I need to host my own web sites? 13 50
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question