Search squid archive

Re: missing username in squid log

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/11/2011 8:23 p.m., Giovanni Rosini wrote:
Hi Amos,
i'm using squid-2.6.STABLE22-1.fc8 (on fedora core 8 o.s.).

That was popular last decade right?

I think it's better if i send you my squid.conf file.
However, as i wrote before, squid has no authentication functions.

And then you go and ask why "in access.log i can't see information about users" ?

  user is an output of the authentication and authorization processes.

Authentication is made by chillispot + freeradius.

There is the answer why *Squid* is not logging it by default.

Some details....
I have a wi-fi router (with dd-wrt firmware inside) the clients connect to, and a remote server where i have installed freeradius, mysql and squid. Chillispot (on router) captures internet access request and send connection to the login page on remote server. Here user enters username and password, which are sent to freeradius for matching against radius database.

So the username is in radius database.

Being an interception proxy auth_param is obviously out of the question. So you need an external_acl_type script to lookup the client details in the database and send Squid back the username in the external ACL "user=" response key. This gets logged in the %ue format tag. Squid bundles with a perl script called db_auth. You can adjust it easily to do these tasks.

If auth is ok, client is allowed to browse the web.
On router firmware there is an iptables rule that redirect connections to port 80 to port 3128 on remote server, where squid act as a transparent proxy and logs page requests.


You would do well to implement this instead of NAT redirect on the router. This will let Squid actually have IP information about the clients machines, to help with in the external ACL lookups.
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute


Amos

Giovanni



Il 11/11/2011 1.25, Amos Jeffries ha scritto:
On 10/11/2011 9:12 p.m., Giovanni Rosini (personale) wrote:
I've created a hotspot system using chillispot, freeradius, mysql and squid. Thru chillispot's captive portal, username and password are sent to freeradius for authentication.
After authentication, squid registers web pages requested by users.
My problem is that in access.log i can't see information about users, i.e for each page requested i see the url, ip address and other data, but not the username the user is logged in. It's not a problem of LOGFORMAT , i've tried all the possibilities about it.
Is there a way to solve this problem?

Please provide some info about the squid version being used, and the config you are using in Squid to retrieve the username (auth_param or external_acl_type? with what http_access rules?).

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux