Hello Amos,
Thank you for the idea to write a wrapper script.
As NTLM-helper returns "NA NT_STATUS_LOGON_FAILURE" during authentication failed, I think it is also required to patch the squid sources to copy the value of the user attribute, returned by the wrapper, to auth_user_request->user()->username().
As I see, I need to modify the following functions:
Helper::Reply::finalize() - add parsing of additional attributes in the case when returned value is "NA " ,
Auth::Ntlm/Negotiate::UserRequest::HandleReply() - add finding the "user" attribute and copping it to the username: auth_user_request->user()->username(userLabel) in the case of returned Helper::Error;
By the way, what are these acronyms for (YR, KK, TT, AF, BH, NA, LD)?
Kind regards,
Ankor.
вт, 31 янв. 2023 г. в 08:54, Amos Jeffries <squid3@xxxxxxxxxxxxx>:
On 31/01/2023 6:13 pm, Andrey K wrote:
> Amos,
>
> I understood: the helper.cc does not parse the KK-request and does not
> know about the username. He can only get the username information from
> the reply of the external helper. But since the external helper
> returns only an error without a username, this information is missing
> from the logs.
>
> Is there any other possibility to log username and source IP address
> in such NTLM-failed authentication attempts?
You could make a wrapper script that decodes the KK request and returns
user=name along with the real helpers result.
The problem is tat the credentials are known to be invalid at that
point, so it may just be garbage instead of a username.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
