Re: [squid-users] squid and Multiple companies

From: Kevin Blackwell <>
Date: Tue, 11 Nov 2008 13:07:24 -0600

To all, thanks for the direction

I seem to be running into one problem.

We have multiple companies in our domain. They are all in different
OU's What I'm trying to do is create a different log file for each OU.
So say if user from OU Domain Users authenticates, I want logging of
this user to go to /var/log/squid/Domain_Users. Looks like creating an
access_log for that acl should work. But how would squid log each
different OU? So I was attempting to use to solve this
problem. I might be useing this wrong, if I am, please let me know.

So i set up squid to also use

external_acl_type nt_group ttl=0 children=5 %LOGIN
/usr/lib64/squid/ -d

Then I have an acl

acl 40_auth external nt_group hoffman #ntgroup group in AD
acl adm_auth external nt_group BUILTIN\Administrators #Admin group in AD

Then the http_access

http_access allow authuser 40_auth adm_auth

Now looking at the debug for I was getting this error

Got username ntgroup from squid
User: -usernamel-
Group: -ntgroup-
SID: -S-1-5-21-1607859618-1323328405-3834754132-2829-
GID: -10016-
Sending ERR to squid

But if I comment out

#acl 40_auth external nt_group ntgroup #ntgroup group in AD

I get

Got username BUILTIN%5cAdministrators from squid
User: -username-
Group: -BUILTIN\Administrators-
SID: -S-1-5-32-544-
GID: -10000-
Sending OK to squid

I thought squid was populating the Group name. Looks like it's
grabbing it from the squid.conf file. Anyone have any thoughts?

On Wed, Oct 15, 2008 at 12:56 PM, Chris Robertson <> wrote:
> Kevin Blackwell wrote:
>> Hi,
>> We have implemented squid and sarg with ntlm_auth. everything is
>> working fine. I have been requested to do something a bit different
>> though.
>> Where I work at we have different divisions within the company. What I
>> would like to do is create a different access log file depending on
>> what OU container your in on Windows.
>> So
>> squid log files.
>> Comp A /var/log/squid/compA_access.log
>> Comp B /var/log/squid.compB_access.log
>> etc...
>> Anyone know if that is possible?
> Seems like it should be.
> Chris
Received on Tue Nov 11 2008 - 19:07:34 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 12 2008 - 12:00:02 MST