Ricpelo wrote:
Hi! I'm trying to set up the following configuration: Client => Squid A => DansGuardian => Squid B => Internet Squid A does Ident authentication, and then forwards the request to the DansGuardian with the following line in its /etc/squid/squid.conf: cache_peer 192.168.0.1 parent 8080 0 no-query no-digest default login=*:foobar where 192.168.0.1:8080 is the DansGuardian's IP address and port. Squid A correctly logs the Client's username in its /var/log/squid/access.log file, which it's great. However, DansGuardian doesn't log the username in /var/log/dansguardian/access.log. When I set up Ident authplugin in /etc/dansguardian/dansguardian.conf, then DansGuardian logs "proxy" username into their logs, instead of the correct user name. If I use another authplugin (proxy-basic, proxy-digest, proxy-ntlm or ip), DansGuardian simply doesn't logs any user name in their log files. Is there a way to get DansGuardian logs the right username in their logs, as Squid does? Is Squid giving the wrong username to DansGuardian? May I fix the Squid's configuration? Thank you very much in advance, Ricardo.
To receive usernames from Squid-A the correct DansGuardian the module is probably that "proxy-basic" one. Most Squid still passes login= credentials as Basic protocol auth headers. (Only the latest releases allow Negotiate as well).
I think you will find the problem is that IDENT is not a full authentication scheme. So the nickname does not get passed on as one in the HTTP headers. Just logged and permitted in ACL tests.
Squid will sort of trust an external_acl_type helper to send back usernames for passing out. So you can build a work-around helper which takes the IDENT nickname as input parameter and returns "OK user=" and the received IDENT nickname.
PS: your mailer seems to be slightly broken. It mailed the list many times. Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.6 Beta testers wanted for 3.2.0.1
