On Mon, 23 Nov 2009 19:30:00 -0500, <rchandler@xxxxxxxxxx> wrote: > Thanks! > > The LDAP server is also a Radius server that does Auth for all services. > The time zones are different and our ips are pooled so we get a lot of > false positives when we corelate the log files. The LDAP database stores > the username/ip so realtime lookups are to most accurate. We are working > on updating the log files on the radius server to get more pertaint > information. > I just wanted to try this. Have you considered using the squid_radius_auth helper bundled with Squid? to get Squid logging the auth details+IP and having the same auth backend as for all other services. Amos > > Thanks for your help! > > Riley > -----Original Message----- > > From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo@xxxxxxxxx> > Subj: Re: LDAP in access.log > Date: Mon Nov 23, 2009 15:23 > Size: 2K > To: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> > cc: "Riley E. Chandler" <rchandler@xxxxxxxxxx>; > squid-users@xxxxxxxxxxxxxxx > > Sorry, missed the "key point": > >>> I don't authenticate, and I can't enable it. > > Now, the question is: where does he stores the "ldap authentication" > + IP.... I don't get what is Riley trying to do. > > Where does the users "log into"?. Anywhere they log into, that system > should be able to log the IP and the username, and then, another > (external) script could parse both logs files (which are on the same > computer, and thus can be time-correlated) and get squid's entries > coming from the same IP at the same time as the user was logged in > from that IP.... but then, there are some ISPs (mostly, cell phone > access), that masquerade their users to a narrow set of *real* IPs, > and thus: you can have more than one user at the same time from the > same IP (at least, that's possible). > > I hope this helps, > > Ildefonso Camargo > > On Tue, Nov 24, 2009 at 3:43 PM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: >> There is only scripts for performing LDAP based authenitication based on >> login+password, there is not scripts to query some LDAP on what user is >> logged in at ip X. >> >> >> >> tis 2009-11-24 klockan 15:23 +1930 skrev Jose Ildefonso Camargo Tolosa: >>> Hi! >>> >>> But... such scripts are already part of squid, I don't have the names >>> at hand, but really: squid works really well with LDAP, you can even >>> create ACLs "by-ldap-groups". >>> >>> And, squid will produce something like this in the logs: >>> >>> 1258978126.154 5238 192.168.12.34 TCP_REFRESH_MISS/200 776 GET >>> http://mail.goo >>> gle.com/ username DIRECT/74.125.45.17 text/html >>> >>> As you can see, it has: client's IP, URL, username and server IP. >>> >>> I hope this helps, >>> >>> Ildefonso Camargo >>> >>> On Tue, Nov 24, 2009 at 5:06 AM, Henrik Nordstrom >>> <henrik@xxxxxxxxxxxxxxxxxxx> wrote: >>> > sön 2009-11-22 klockan 21:32 -0500 skrev Riley E. Chandler: >>> >> I need to do a LDAP search for username based on source IP, I would >>> >> prefer to have Squid put it in the access.log. My other option is >>> >> to >>> >> generate my own log file based off the access.log and to include the >>> >> LDAP info separately. My users are only online for minutes or >>> >> seconds >>> >> at a time, so it's hard to correlate IP to username from the two >>> >> different logs. >>> > >>> > You will need to write a small script performing the lookup, and then >>> > integrate this into Squid via external_acl_type. >>> > >>> > >>> > external_acl_type ldap_ip_user_lookup %SRC /path/to/your/script >>> > acl lookup_ip_user external ldap_ip_user_lookup >>> > http_access deny lookup_ip_user !all >>> > >>> > >>> > The strange http_access rule is just to trigger the acl. It does not >>> > in >>> > itself have any outcome on the request and only used for the >>> > siteeffect >>> > of setting the username. >>> > >>> > Regards >>> > Henrik >>> > >>> > >> >> > > --- message truncated ---
