RE: [squid-users] Getting SARG to show usernames instead of IP
Thanks. I'll go the intercept route so I'll pass on the WCCP setup for now. What auth method would you folks suggest. Easiest to setup? Once i get this going with WPAD and PAC, I'll look at a second box for squid as don't want users to not connect to the Internet if the Squid box dies. On Wed, 20 Jul 2011 19:35:41 -0600 Alfonso Alejandro Reyes Jimenez wrote Chinner. This information is not part of the squid configuration but I couldn't let you jump to Cisco wccp without sharing my experience. That feature is not working right with any asa5500 IOS version, it has a lot of bugs. Be very careful if you set it up on production environment. Regards. Alfonso. -Mensaje original- De: chinner999 [mailto:chinner...@gmail.com] Enviado el: miércoles, 20 de julio de 2011 11:39 a.m. Para: squid-users@squid-cache.org Asunto: Re: [squid-users] Getting SARG to show usernames instead of IP Right from the squid.conf file WARNING: authentication can't be used in a transparently intercepting # proxy as the client then thinks it is talking to an origin server and # not the proxy. This is a limitation of bending the TCP/IP protocol to # transparently intercepting port 80, not a limitation in Squid. # Ports flagged 'transparent', 'intercept', or 'tproxy' have # authentication disabled. Guess I can't use authentication with a transparent setup. Will have to investigate intercept proxy. I'm trying to use Cisco WCCP via our Cisco 5505's so if I go intercept proxy and the Squid server goes offline, Internet traffic can still go through. On Wed, 20 Jul 2011 10:21:47 -0600 Chad Naugle wrote Simple answer: SARG (or any log analyzer) requires Squid to post usernames in the access log, by using authentication helpers. I am not certain if this can be done in Transparent or Intercept mode at all. chinner999 7/20/2011 12:11 PM Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks. Travel Impressions made the following annotations - This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you.
Re: [squid-users] Getting SARG to show usernames instead of IP
Hi! On Wed, Jul 20, 2011 at 12:08 PM, chinner999 chinner...@gmail.com wrote: Right from the squid.conf file WARNING: authentication can't be used in a transparently intercepting # proxy as the client then thinks it is talking to an origin server and # not the proxy. This is a limitation of bending the TCP/IP protocol to # transparently intercepting port 80, not a limitation in Squid. # Ports flagged 'transparent', 'intercept', or 'tproxy' have # authentication disabled. Guess I can't use authentication with a transparent setup. Will have to investigate intercept proxy. I'm trying to use Cisco WCCP via our Cisco 5505's so if I go intercept proxy and the Squid server goes offline, Internet traffic can still go through. No, you can't authenticate in transparent. However, if you send proxy configuration through AD policy (so that you don't need to go to every workstation to configure it), you could configure squid to use AD for auth purposes - maybe... kerberos auth. Also, there is WPAD that you can use to automatically detect proxy. All of this will have the advantage of allowing you to do access control based on users and groups. Sincerely, Ildefonso Camargo
Re: [squid-users] Getting SARG to show usernames instead of IP
Simple answer: SARG (or any log analyzer) requires Squid to post usernames in the access log, by using authentication helpers. I am not certain if this can be done in Transparent or Intercept mode at all. chinner999 chinner...@gmail.com 7/20/2011 12:11 PM Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks. Travel Impressions made the following annotations - This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you.
Re: [squid-users] Getting SARG to show usernames instead of IP
Resending to list -- Forwarded message -- From: Jose Ildefonso Camargo Tolosa ildefonso.cama...@gmail.com Date: Wed, Jul 20, 2011 at 11:48 AM Subject: Re: [squid-users] Getting SARG to show usernames instead of IP To: chinner999 chinner...@gmail.com On Wed, Jul 20, 2011 at 11:41 AM, chinner999 chinner...@gmail.com wrote: Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. If squid is *not* authenticating, it doesn't know anything about the user, and thus: can't show usersnames instead of IPs. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks.
Re: [squid-users] Getting SARG to show usernames instead of IP
Right from the squid.conf file WARNING: authentication can't be used in a transparently intercepting # proxy as the client then thinks it is talking to an origin server and # not the proxy. This is a limitation of bending the TCP/IP protocol to # transparently intercepting port 80, not a limitation in Squid. # Ports flagged 'transparent', 'intercept', or 'tproxy' have # authentication disabled. Guess I can't use authentication with a transparent setup. Will have to investigate intercept proxy. I'm trying to use Cisco WCCP via our Cisco 5505's so if I go intercept proxy and the Squid server goes offline, Internet traffic can still go through. On Wed, 20 Jul 2011 10:21:47 -0600 Chad Naugle wrote Simple answer: SARG (or any log analyzer) requires Squid to post usernames in the access log, by using authentication helpers. I am not certain if this can be done in Transparent or Intercept mode at all. chinner999 7/20/2011 12:11 PM Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks. Travel Impressions made the following annotations - This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you.
Re: [squid-users] Getting SARG to show usernames instead of IP
On 20/07/11 17:11, chinner999 wrote: Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks. If you had, say, dhcp or Samba setup with dynamic dns at your site you could get your DNS to reverse-resolve the IP in the logs to a machine or username. Not sure about an AD DC but I'm sure it must be possible to have that update DNS. Then preparse your squid logs to insert the username in the right place and you could have what you need from SARG. Alex
Re: [squid-users] Getting SARG to show usernames instead of IP
On Wed, 20 Jul 2011 21:04:47 +0100, Alex Crow wrote: On 20/07/11 17:11, chinner999 wrote: Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks. If you had, say, dhcp or Samba setup with dynamic dns at your site you could get your DNS to reverse-resolve the IP in the logs to a machine or username. Not sure about an AD DC but I'm sure it must be possible to have that update DNS. Then preparse your squid logs to insert the username in the right place and you could have what you need from SARG. Alex Or an external_acl_type helper that does similar to provide squid with the username. (This can not be considered auth though since the password/token is not available to verify its correctness). Amos
RE: [squid-users] Getting SARG to show usernames instead of IP
Chinner. This information is not part of the squid configuration but I couldn't let you jump to Cisco wccp without sharing my experience. That feature is not working right with any asa5500 IOS version, it has a lot of bugs. Be very careful if you set it up on production environment. Regards. Alfonso. -Mensaje original- De: chinner999 [mailto:chinner...@gmail.com] Enviado el: miércoles, 20 de julio de 2011 11:39 a.m. Para: squid-users@squid-cache.org Asunto: Re: [squid-users] Getting SARG to show usernames instead of IP Right from the squid.conf file WARNING: authentication can't be used in a transparently intercepting # proxy as the client then thinks it is talking to an origin server and # not the proxy. This is a limitation of bending the TCP/IP protocol to # transparently intercepting port 80, not a limitation in Squid. # Ports flagged 'transparent', 'intercept', or 'tproxy' have # authentication disabled. Guess I can't use authentication with a transparent setup. Will have to investigate intercept proxy. I'm trying to use Cisco WCCP via our Cisco 5505's so if I go intercept proxy and the Squid server goes offline, Internet traffic can still go through. On Wed, 20 Jul 2011 10:21:47 -0600 Chad Naugle wrote Simple answer: SARG (or any log analyzer) requires Squid to post usernames in the access log, by using authentication helpers. I am not certain if this can be done in Transparent or Intercept mode at all. chinner999 7/20/2011 12:11 PM Hi guys, I have SARG running and the reports shows usage per user by ip address. How do I get it to show username instead? The users are using Active Directory. I don't have Squid configured for any authentication currently. Ubuntu v10.04 Sarg v2.2.7.1 Squid v3.1.6 - transparent Thanks. Travel Impressions made the following annotations - This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you.
