Hi Amos,
OK this looks promising (if not actually working...)
So I have a config line:
external_acl_type userlookup ttl=60 %SRC /opt/squid354/libexec/ext_sql_session_acl -dsn DBI:mysql:database=pf --user root --password xxxx --table currentUsers --uidcol ip --usercol uid --tagcol ip --persist --debug
Where currentUsers looks like:
mysql> select * from currentUsers;
+------+--------------+---------+
| uid | ip | enabled |
+------+--------------+---------+
| 0003 | 10.15.228.12 | 1 |
+------+--------------+---------+
so running this externally I use:
/opt/squid354/libexec/ext_sql_session_acl -dsn DBI:mysql:database=pf --user root --password fv89j8j6eg2 --table currentUsers --uidcol ip --usercol uid --tagcol ip --debug
this replies with a username if I put in:
<anything> 10.15.228.12
So what is the <anything> about? And I'm still not getting any username in my logfiles. Do I need to use the acl name somewhere else in the config file too?
thanks,
Jim Potter
Network Manager
Oasis Brislington (formerly Brislington Enterprise College)
Jim Potter
Network Manager
Oasis Brislington (formerly Brislington Enterprise College)
On 25 May 2015 at 12:07, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
On 25/05/2015 8:38 p.m., Mr J Potter wrote:
> Hi all,
>
> I'm setting up a system for using iPads in our school, and I'm stuck a bit
> on tracking what the students are doing on them.
>
> First up, I reaaly don't want a Pop-up login box from a 407 response from a
> proxy server, so I'm looking for some other way to track who is doing what.
>
> What i have set up so far is PacketFence with an SSL-bump transparent proxy
> (I've put the CAs o all the ipads) which works well in that users have to
> log in before they get internet access. This works (they get a web page,
> login and get 50 minutes of internet before it disconnects them), but the
> only way I have of tracking users is by working out who was on each ipad
> (from packetfence) then matching it against squid logs, which is messy.
Squid comes bundled with a ext_sql_session_acl helper that looks up a
database and produces OK/ERR (and username for logging) depending on
whether the key given to it exists in the DB already.
<http://www.squid-cache.org/Versions/v4/manuals/ext_sql_session_acl.html>
You just need to get an UID metric. IP address, MAC address, and/or
EUI-64 (IPv6 link-local) are suitable there. It sounds like your
packetfence would be a good way to populate that DB too.
>
> One plan I had would be to add/remove entries in dns or hosts for users,
> eg IP address 10.2.3.4 -> hostname fbloggs (the user's login code) so
> usernames would show up in the client hostname field, but squid caches
> these I think.
Yes. Dont do that with DNS.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
