On Fri, Aug 03, 2001, Leo Mrafko wrote:
> Hi,
>
> I can't solve this: I'd like to use squid for transparent proxying, but
> also to log clients usernames from ident lookups. It doesn't work.
> Transparent proxy works, ident lookups also, but not together. On the
> client machine, when I set proxy, the log is fine, with username. But when
> I don't set proxy server (and I don't want to set it for each machine -
> therefor i want transparent proxy to work), squid doesn't log the
> username.
>
> Anyone has any clues, please ?
Ident and transparent proxying don't mix.
The ident protocol identifies a connection by supplying the remote
and local port numbers for the client to return a username for.
In a non-transparent setup, the following happens:
* client issues request to proxy
* proxy issues ident request on the above request connection to client
* client returns ident information
In a transparent setup, the following happens:
* client issues web request to some web server
* proxy snarfs web request
* proxy issues ident request on the above request connection to client
from its own IP
* client notes that its got no connection to the proxy IP, and (rightly!)
doesn't return any ident information.
There are ways around it, but squid doesn't support any of them, and they
are very very evil and particular about the network setup.
(it involves squid pretending to be the IP of the web server when issuing
the ident request, and it relies on the clients ident requests going through
the squid server which picks off ones to intercept..)
Why don't you use some other form of authentication?
You'd still get your username logging via basic auth, ntlm auth ..
Adrian
Received on Fri Aug 03 2001 - 09:21:33 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:28 MST