Alejandro Bednarik wrote:
Hi all!. I am using squid stable 2.6.stable18. and i need to log
failed authentications attempts or at least some info to look. I
noticed that NTLM don't log the username if it is fails, ldap_auth do
that so i can parse the log to find something like TCP_DENIED/407, a
low ts value and a username to find a possible login attempt. Is there
any way i can do something about, when squid use ntlm to authenticate
the user?
Squid always logs the username when its available.
NTLM is an authentication mechanism that does not use usernames. It
pases around encoded binary hashes instead.
I think you need to change your concept a little bit. The real
identifier of whether a request is a login attempt is whether the
browser has included a Proxy-Authorization: header.
You can log that by adding %{Proxy-Authorization}>h to the log format if
you like. However be aware that one username cannot be derived out of
the hash and one username has multiple hashes over time.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
Current Beta Squid 3.1.0.14
