Solved

How configure Squid to log Windows username in access.log

Posted on 2007-11-15
4
9,839 Views
Last Modified: 2013-12-06
Hello,

I'm running Squid 3.0 on a linux Gentoo 2007.0 and it runs well, but I would like to have Active Directory users log into access.log. ./ntlm_auth on bash is working, server is added to the domain and wbinfo -g & wbinfo -u works well....

What did I wrong? Below is my squid.conf file.

Many thanks in advance. Kindly Regards.
http_port 8080
cache_mgr some@address.com
cache_effective_user squid
cache_effective_group squid
ftp_user anonymous@address.com
visible_hostname server.domain.local
logfile_rotate 1
 
cache_mem 256 MB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid/ncache 1024 16 256
log_ip_on_direct off
access_log /var/log/squid/access.log squid
 
debug_options ALL,1
hosts_file /etc/hosts
 
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
 
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
 
acl all src 0.0.0.0/0.0.0.0
acl lcl_network src 192.168.1.0/24 127.0.0.1/32
http_access allow lcl_network
 
acl SSL_ports port 443 563
acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
 
acl AuthorizedUsers proxy_auth REQUIRED
http_access deny !AuthorizedUsers
http_access allow all

Open in new window

0
Comment
Question by:David_Pazos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 20294697
Hi,

Please folow the steps in this document and then you must see usernames along with the addresses in our logs:
http://www.squid-cache.org/mail-archive/squid-dev/200207/att-0066/winbind.txt

Cheers,
K.
0
 

Accepted Solution

by:
David_Pazos earned 0 total points
ID: 20298800
Hello KeremE and thanks for the answer,

I'm sorry but this doc wasn't helpful... I used this one... It's in russian but I could read the english commands and it worked.

http://www.linux.ru/forum/index.php?t=msg&goto=325509&rid=0&S=cf92c2b30c9036089a17ddc5c5bdc47a&srch=into+seperate+domain%2Fname+parts%21#msg_325509

Here Below you can see what I've changed and I hope it could help someone.

Kindly Regards.

PS Winbind separator in /etc/samba/smb.conf is = +
http_port 8080
cache_mgr some@address.com
cache_effective_user squid
cache_effective_group squid
ftp_user anonymous@address.com
visible_hostname server.domain.local
logfile_rotate 1
 
cache_mem 256 MB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid/ncache 1024 16 256
log_ip_on_direct off
access_log /var/log/squid/access.log squid
 
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320
 
debug_options ALL,1 33
hosts_file /etc/hosts
dns_nameservers 192.168.1.1
 
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN+internetuser
auth_param ntlm children 5
auth_param ntlm keep_alive on
 
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=DOMAIN+internetuser
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl DOMAIN proxy_auth REQUIRED
acl SSL_ports port 443 563
acl purge method PURGE
acl CONNECT method CONNECT
 
acl Safe_ports port 21 70 80 210 280 443 488 563 591 777 1025-65535
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
 
icp_access allow all
http_access allow manager localhost DOMAIN
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow DOMAIN
http_access allow localhost
http_access deny all
http_reply_access allow all

Open in new window

0
 

Expert Comment

by:rchack
ID: 21905245
hello David Pazos,

i use your config file at my CentOS 5.0 box ...
i install squid using yum -y install squid

but i get this error
service squid start
init_cache_dir /var/cache/squid/ncache... Starting squid: /etc/init.d/squid: line 53:  7187 Aborted                 $SQUID $SQUID_OPTS >>/var/log/squid/squid.out 2>&1
                                                           [FAILED]

Open in new window

0
 

Author Comment

by:David_Pazos
ID: 21906243
Hi rchack,
are you using squid 3.0? what can you see in the logs? Can you please post your logs and config file? what do you have in line 53 in your config file?
I suggest you to open a new question so everybody can help you.
Kindly Regards
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question