Re: [squid-users] NTLM authentication

From: Squid Support (Henrik Nordstrom) <hno@dont-contact.us>
Date: Wed, 8 May 2002 19:10:07 +0200

Alexander Kiselev wrote:

> The two questions:
> 1) How can i collect/see the per user statistic if only IP addresses
> (without usernames) are stored in access.log?

If you are using authentication then usernames are stored in access.log in
the user field. This is in addition to the client IP address. Only where the
user isn't yet logged in (being denied by Squid with a 407 error) will the
username field be blank as it isn't yet known by Squid.

> 2) In MSNT method there are
> two files on Proxy server's side - "$SQUID_BASE/etc/allowusers" and
> "$SQUID_BASE/etc/denyusers". So, i can permit or deny the access of the
> user to Internet in these files. Unfortunately, there is no such scheme in
> NTLM method - all requests passed directly to NT domain controller. How can
> i limit the access of users to Internet on Proxy server's side using NTLM
> method?

Currently being worked upon. For now you will have to have a list all allowed
users in the proxy_auth acl (use a included file to keep squid.conf clean).

-- 
Basic free Squid support provided thanks to MARA Systems AB
Your source of advanced reverse proxy solutions or customized
Squid solutions. http://www.marasystems.com/products/
Received on Wed May 08 2002 - 11:10:13 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:03 MST