It's setup to use Kerberos. I seem to be able to generate tickets by checking klist, and using kinit to authenticate my username with AD. But it looks like the proxy is ignoring it. This could explain why all my proxy_auth ACL's stopped working too. Here's my authentication settings: auth_param negotiate children 10 auth_param negotiate keep_alive on auth_param basic credentialsttl 2 hours auth_param basic realm <redacted> Proxy Server acl kerb-auth proxy_auth REQUIRED The bottom of my ACL Rules looks like this: http_access deny !kerb-auth http_access allow kerb-auth http_access deny all -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Matus UHLAR - fantomas Sent: Tuesday, November 12, 2024 10:19 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Access Log Question Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 12.11.24 15:16, Piana, Josh wrote: >Seems like it. > >Example: > >12/Nov/2024:09:51:37 -0500.396 10.46.49.135 TCP_TUNNEL/200 23735 >CONNECT >http://www.sa/ >fgard.com%3A443%2F&data=05%7C02%7Cjosh.piana%40hexcel.com%7C1dd5a668cff >64041506f08dd032d47f6%7C4248050df19546d5ac9c0c7c52b04cae%7C0%7C0%7C6386 >70215221064884%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIw >LjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C% >7C&sdata=gmzUs90%2Bccg4xxW8WHB2R4Tyb66r1tfKPdsQL2mHmUE%3D&reserved=0 - >\ HIER_DIRECT/206.188.0.52 - -/- yes, this looks like the username is not known to squid, thus probably bypassed authentication. what type of proxy authentication you use? >-----Original Message----- >From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf >Of Matus UHLAR - fantomas >Sent: Tuesday, November 12, 2024 10:10 AM >To: squid-users@xxxxxxxxxxxxxxxxxxxxx >Subject: Re: Access Log Question > >Caution: This email originated from outside of Hexcel. Do not click links or open attachments unless you recognize the sender and know the content is safe. > > >On 12.11.24 14:56, Piana, Josh wrote: >> At some point, the access log has stopped recording which users are >> trying to access which sites. >> >> I'm currently thinking is could be an issue with log format, Squid >> not being able to receive the header information, or authentication >> is being bypassed completely due to our config, for some reason. > >what is it logging? doest is log "-" instead of usernames? -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0... _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
