[squid-users] Réf. : Re: [squid-users] Radius and websens problem

This is the situation ...

User connect thrue the firewall, the firewall connect to radius to valid
the authentification, and to websense to create an new entry in the log.

The proxy is a plus, configure in some web browser. So the user connect on
the proxy, the proxy to the firewall, the firewall to radius, and to
websense ...
The only authentification in all of this is on the radius server. I don't
want to had another authentification... but the problem is that the first
person need to be loggued, but the others use the first login and in
websense all the logs say that there is only one person who is surfing as
if squid was creating a connexion with the first information (the ip I
think) and doesn't upgrade it when a new user connect.

Sergent David

DCS Easyware
Agence de Strasbourg
Parc des Tanneries
1 rue de la Faisanderie
BP 44
67832 Lingolsheim
Tél : 03 88 76 48 20
Fax : 03 88 49 08 68
mailto:d.sergent@dcs.fr

|---------+---------------------------->
| | Gerard Eviston |
| | <geviston@bigpond|
| | .net.au> |
| | |
| | 09/01/2003 14:47 |
| | |
|---------+---------------------------->
>------------------------------------------------------------------------------------------------------------------------------|
  | |
  | Pour : d.sergent@dcs.fr, squid-users@squid-cache.org |
  | cc : |
  | Objet : Re: [squid-users] Radius and websens problem |
>------------------------------------------------------------------------------------------------------------------------------|

On Thu, 9 Jan 2003 22:55, d.sergent@dcs.fr wrote:
> I've made some test and my problem is that the first user who connect
thrue
> the proxy have to authentify himself because of the radius, but all the
> next use the same authentification and don't have to reconnect. This is
the
> same for websense which report that all the connexion are from the first
> connected and not from different user ...
>

Just a suggestion, but you should not be using the DC agent or any similar
means to map IP addresses to usernames if your clients are not directly
connected to Websense. You probably should decide whether you want squid or

Websense to handle authentication. If you chose both then you'll have to
authenticate twice. If you want Websense to do authentication then disable
authentication in squid - Websense pretends to be a web server instead of a

proxy so even cache_peer login=PASS wont help.

Regards
Gerard
Received on Thu Jan 09 2003 - 07:20:29 MST