On 11/11/2011 8:23 p.m., Giovanni Rosini wrote:
Hi Amos,
i'm using squid-2.6.STABLE22-1.fc8 (on fedora core 8 o.s.).
That was popular last decade right?
I think it's better if i send you my squid.conf file.
However, as i wrote before, squid has no authentication functions.
And then you go and ask why "in access.log i can't see information about
users" ?
user is an output of the authentication and authorization processes.
Authentication is made by chillispot + freeradius.
There is the answer why *Squid* is not logging it by default.
Some details....
I have a wi-fi router (with dd-wrt firmware inside) the clients
connect to, and a remote server where i have installed freeradius,
mysql and squid.
Chillispot (on router) captures internet access request and send
connection to the login page on remote server.
Here user enters username and password, which are sent to freeradius
for matching against radius database.
So the username is in radius database.
Being an interception proxy auth_param is obviously out of the question.
So you need an external_acl_type script to lookup the client details in
the database and send Squid back the username in the external ACL
"user=" response key. This gets logged in the %ue format tag. Squid
bundles with a perl script called db_auth. You can adjust it easily to
do these tasks.
If auth is ok, client is allowed to browse the web.
On router firmware there is an iptables rule that redirect connections
to port 80 to port 3128 on remote server, where squid act as a
transparent proxy and logs page requests.
You would do well to implement this instead of NAT redirect on the
router. This will let Squid actually have IP information about the
clients machines, to help with in the external ACL lookups.
http://wiki.squid-cache.org/ConfigExamples/Intercept/IptablesPolicyRoute
Amos
Giovanni
Il 11/11/2011 1.25, Amos Jeffries ha scritto:
On 10/11/2011 9:12 p.m., Giovanni Rosini (personale) wrote:
I've created a hotspot system using chillispot, freeradius, mysql
and squid.
Thru chillispot's captive portal, username and password are sent to
freeradius for authentication.
After authentication, squid registers web pages requested by users.
My problem is that in access.log i can't see information about
users, i.e for each page requested i see the url, ip address and
other data, but not the username the user is logged in.
It's not a problem of LOGFORMAT , i've tried all the possibilities
about it.
Is there a way to solve this problem?
Please provide some info about the squid version being used, and the
config you are using in Squid to retrieve the username (auth_param or
external_acl_type? with what http_access rules?).
Amos
