Dear Amos, I have another question to the key_extras for auth_param basic key_extras. It is possible to give the helper more than one key_extras argument? Maybe like this: auth_param basic key_extras %macro auth_param basic key_extras $macro or auth_param basic key_extras %macro %macro And I tried some key_extras but the only usefull key_extras was %rp, where I get /site/ from the URL: https://subdomain.domain.com/site/. And when I try to use %rq my squid tell me an Error that he can't parse the config file. I wish I could get the whole URL from the squid. Maybe do you know why that happens? Or it isn't it the right key_extras %macro? The most of the other %macros gives me the "-", which means that the information is not available in this moment, where the authentication helper get the username and password. My squid version is squid 3.5.23-5 compiled from the sources of a debian distribution (apt-get sources ... ). I used these references for squid: http://www.squid-cache.org/Doc/config/auth_param/ http://devel.squid-cache.org/customlog/logformat.html I hope you can help me. with best regards, Pascal Am 15.09.2017 um 17:26 schrieb Amos Jeffries: > On 16/09/17 02:31, Pascal Schäfer wrote: >> Dear Amos, >> >> Thank you for your reply! >> >>>> >>>> I have a question about the authentication with a radius server. >>>> I use Squid as a reverse proxy. >>>> It is possible to use two radius server for different pages or >>>> subdomains with squid_radius_auth? >>> >>> HTTP has no concept of "page" - so for that; no. >>> >>> For sub-domains (OR specific URLs); maybe. Because the helper you are >>> asking about does not use the key_extras feature provided by latest >>> Squid version >> >> Ok. Thank you. Exist another helper who did an authentication with a >> radius server? >> > > I am aware of some proprietary ones existing. But that is not useful for > you. > >>> >>> You need to write your own helper that does what you want. That could be >>> in the form of a wrapper script that starts multiple radius helper with >>> the necessary parameters, and uses key_extra parameters to decide which >>> one will handle any given auth lookup. >> >> Is this https://wiki.squid-cache.org/Features/AddonHelpers#Authenticator >> the right wiki, where I have to lookup? > > That page describes the protocol Squid will be talking to your script > with; and what is expected to arrive back. > >> Make it sense that behind the radius server is a Windows NPS Server to >> authenticate the Users? > > That does not matter unless you are writing the RADIUS parts yourself. > In which case I cannot help, not knowing much about RADIUS protocol. > > >> So when I write the wrapper helper, I only need to decide which helper I >> would like to start and with which parameters, like a Bash command? >> > > Yes. Though helpers are required to run until Squid stops them. So best > to start the child radius helpers at the beginning then just relay query > and response lines appropriately when they arrive. > > >>> >>> Since you are calling it the long obsolete name "squid_radius_auth", you >>> probably do not have a current Squid version which supplies the >>> key_extras feature. At the very least you will have to upgrade to at >>> least Squid-3.5. >> >> I have a Squid-3.5, self compiled. >> I think about to upgrade there on Squid-4 or to compile it and install >> them fresh on the system. Is the name of them another in the newer >> versions? > > Then you should be fine, except "basic_radius_auth" is the helper binary > name since Squid-3.2. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users