Here... have a look on this: -> username must be specified! what does this
mean???
It is from the /etc/squid/cache.log
2004/05/11 15:52:57| Done reading /etc/squid/cache swaplog (3385 entries)
2004/05/11 15:52:57| Finished rebuilding storage from disk.
2004/05/11 15:52:57| 3385 Entries scanned
2004/05/11 15:52:57| 0 Invalid entries.
2004/05/11 15:52:57| 0 With invalid flags.
2004/05/11 15:52:57| 3385 Objects loaded.
2004/05/11 15:52:57| 0 Objects expired.
2004/05/11 15:52:57| 0 Objects cancelled.
2004/05/11 15:52:57| 0 Duplicate URLs purged.
2004/05/11 15:52:57| 0 Swapfile clashes avoided.
2004/05/11 15:52:57| Took 0.2 seconds (19186.9 objects/sec).
2004/05/11 15:52:57| Beginning Validation Procedure
2004/05/11 15:52:57| Completed Validation Procedure
2004/05/11 15:52:57| Validated 3385 Entries
2004/05/11 15:52:57| store_swap_size = 30104k
username must be specified!
Usage: [OPTION...]
--helper-protocol=helper protocol to use operate as a stdio-based
helper
--username=STRING username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the challenge
(HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to the
challenge (HEX encoded)
--password=STRING User's plaintext password
--request-lm-key Retreive LM session key
--request-nt-key Retreive NT session key
--diagnostics Perform diagnostics on the
authentictaion chain
Help options:
-?, --help Show this help message
--usage Display brief usage message
Common samba options:
-d, --debuglevel=DEBUGLEVEL Set debug level
-s, --configfile=CONFIGFILE Use alternative
configuration
file
-l, --log-basename=LOGFILEBASE Basename for log/debug files
-V, --version Print version
username must be specified!
Usage: [OPTION...]
--helper-protocol=helper protocol to use operate as a stdio-based
helper
--username=STRING username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the challenge
(HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to the
challenge (HEX encoded)
--password=STRING User's plaintext password
--request-lm-key Retreive LM session key
--request-nt-key Retreive NT session key
--diagnostics Perform diagnostics on the
authentictaion chain
Help options:
-?, --help Show this help message
--usage Display brief usage message
Common samba options:
-d, --debuglevel=DEBUGLEVEL Set debug level
-s, --configfile=CONFIGFILE Use alternative
configuration
file
-l, --log-basename=LOGFILEBASE Basename for log/debug files
-V, --version Print version
2004/05/11 15:52:58| storeLateRelease: released 0 objects
sdavy@bics.fr
11.05.2004 18:45 To
lukas.fuchs@rieter.com
cc
squid-users@squid-cache.org
Subject
[squid-users] NTLM username logging
problem
This means that your authentication doesn't work properly
What do you have in cache.log? in winnbind.log?
--- Stéphane Davy - Consultant Alcôve lukas.fuchs@rieter.com Pour : sdavy@bics.fr 11/05/2004 16:42 cc : squid-users@squid-cache.org Objet : Re: [squid-users] NTLM username logging problem hm no it' doesnt work... in the access.log is written: Denied! so acl authorizedusers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl our_networks src 82.29.1.0/24 http_access allow all authorizedusers http_access allow our_networks http_access deny allw works and acl authorizedusers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 http_access allow all authorizedusers http_access deny all works not... but if the fing that was told me bevor is right, I've a failure in the working one... and it jups over this faiure, probably it works because of this jump. (remember: the sting: http_access allow our_networks is not used because this schould stay in the upper allow line ....) strange... Lukas sdavy@bics.fr 11.05.2004 16:55 To lukas.fuchs@rieter.com cc squid-users@squid-cache.org Subject [squid-users] NTLM username logging problem and with that: acl authorizedusers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 http_access allow all authorizedusers http_access deny all what happens? --- Stéphane Davy - Consultant Alcôve lukas.fuchs@rieter.com Pour : squid-users@squid-cache.org 11/05/2004 14:18 cc : Objet : [squid-users] Re: Réf. : [squid-users] NTLM username logging problem Hm ok. Sorry my fault... In other words: My problem is not the security with ACL's... I just want to log the usernames with NTLM into a file ( access.log). Maybe I should try it without ACL's... Ok on a minimum reduced it looks like this: squid.conf: ... debug_options ALL,1 auth_param ntlm program /usr/bin/ntlm_auth3 \ --helper-protocol=squid-2.5-ntlmssp auth_param basic program /usr/bin/ntlm_auth3 \ --helper-protocol=squid-2.5-basic acl authorizedusers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl our_networks src 82.29.1.0/24 http_access allow all authorizedusers http_access allow our_networks http_access deny all ===================================================== Now, if somebody tries to connect to the internet, he has to be authorized, I think??? Ok if he's really authorized, I want do write (it should write!) the username in a file (perhaps access.log), that I can read out, who has which website on which time visited... @ the moment, it works, but the access.log still looks like: 1084264501.855 3416 82.29.1.18 TCP_MISS/200 3980 GET http://www.google.ch/ - DIRECT/www.google.ch text/html there is an ip, but no username... I don't know what to do to become this username! It's confusing... But I think the acl authorizedusers proxy_auth REQUIRED is the key to this problem... Thanks for your help! Lukas sdavy@bics.fr 11.05.2004 15:10 To lukas.fuchs@rieter.com cc squid-users@squid-cache.org Subject Réf. : [squid-users] NTLM username logging problem I think i have it: you define a acl called our_network based on a src IP, and you allow it http_access. i think you probably want to allow access to servers inside your network, and then use a "dst" acl definition instead of a "src" one. Is it what you want to do? --- Stéphane Davy - Consultant Alcôve lukas.fuchs@rieter.com Pour : squid-users@squid-cache.org 11/05/2004 10:30 cc : Objet : [squid-users] NTLM username logging problem hi! I've Squid 2.5 with NTLM, Samba 3 with Winbind, and Mandrake 9.2 running. My problem is, that I want to log the usernames and their visited websites. I want to do this with NTLM / Winbind. The user ID's are stored on a WinNT-PDC. And I don't want that the user must enter his key everytime, he connects to the interet. I think my Winbind works properly, so it must be something wrong with my squid.conf... squid.conf: ... log_ip_on_direct off # off=hostname, on=ip ? debug_options ALL,1 client_db on auth_param ntlm program /usr/bin/ntlm_auth3 \ --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth3 \ --helper-protocol=squid-2.5-basic auth_param basic realm basic-squid-cache auth_param basic children 5 auth_param basic credentialsttl 2 hours acl authorizedusers proxy_auth REQUIRED acl all src 0.0.0.0/0.0.0.0 acl our_networks src 82.29.1.0/24 acl localhost src 82.29.1.26/255.255.255.255 acl safe_ports port 80 # http acl safe_ports port 21 # ftp acl safe_ports port 443 # https acl safe_ports port 563 # https acl safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT acl allowed_hosts src 82.29.1.0/255.255.255.0 http_access allow localhost http_access deny !safe_ports http_access deny CONNECT !safe_ports http_access allow allowed_hosts http_access allow our_networks http_access allow all authorizedusers http_access deny all http_reply_access allow all I think its probably something with the ACL's... Can you help me please? Thanks!!! LukasReceived on Tue May 11 2004 - 10:16:23 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT