Helo! im in need of serious help, in my company we need the access logs by user name, is the only reason the proxy is setted to authenticate. but it just dont show it, the relevant parts of the .conf is looking like this: (...) auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=XXXXX(domain name) auth_param ntlm children 100 auth_param ntlm keep_alive off external_acl_type NT_global_group %LOGIN /usr/lib/squid/ext_wbinfo_group_acl acl users external NT_global_group "/etc/squid/fapgrp" (...) (...) http_access deny !users http_access allow users http_access deny !auth (...) ***("/etc/squid/fapgrp" is a text file with the text "Usuários do dóminio", its "Domain Users" in portuguese) when i test the helper: /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=XXXXX user password BH SPNEGO request invalid prefix i read somewhere that ntlmssp can be tested like this, because we are sending the credentials as plain text, so i tested with basic and the result is this: /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-basic --domain=XXXXX user password OK user password ERR so, im assuming that the way squid is processing the challenges are fine, is it right? but the part that is making me furious is that the access.log are like this: 1557939698.081 218 10.85.xx.xx TCP_MISS/200 1962 GET http://squid-web-proxy-cache.1019090.n4.nabble.com/util/minmax.js *USERNAME* HIER_DIRECT/199.38.86.66 application/x-javascript 1557939698.313 231 10.85.xx.xx TCP_MISS/200 1073 GET http://squid-web-proxy-cache.1019090.n4.nabble.com/images/image.png *USERNAME* HIER_DIRECT/199.38.86.66 image/png 1557939698.360 263 10.85.xx.xx TCP_MISS/200 738 GET http://squid-web-proxy-cache.1019090.n4.nabble.com/images/bold.png *USERNAME* HIER_DIRECT/199.38.86.66 image/png when the id is TCP_MISS the user name always shows correctly, but when the id is: 1557941156.213 240238 10.85.XX.XX TCP_TUNNEL/200 1788 CONNECT www.google.com:443 - HIER_DIRECT/172.217.29.228 - 1557941156.670 240355 10.85.XX.XX TCP_TUNNEL/200 2892 CONNECT s2.googleusercontent.com:443 - HIER_DIRECT/172.217.172.129 - 1557941159.712 243740 10.85.XX.XX TCP_TUNNEL/200 132341 CONNECT www.google.com:443 - HIER_DIRECT/172.217.29.228 - TCP_TUNNEL the user name is never showed, and the majority of the access log have these TCP_TUNNEL stuff theres a way to all the pages that are accessed shows the username? its our only need, to see the user names in all the logs Thanks in advance! -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users