RE: [squid-users] Problems with IDENT lookup logging from Dustin Hane on 2009-04-27 (squid-users)

From: Dustin Hane <dustinh_at_postalproducts.com>
Date: Mon, 27 Apr 2009 13:42:48 -0500

> 1) you mention having questions but don't ask any.

--> Well, one of them is..I have read that using LDAP lookup..When attempting to visit a blocked site, squid will challenge the authentication. Is this true? We're trying to keep this as transparent as possible.
Will squid have any problems performing LDAP against a mail server? I have the mail server also set up as an LDAP server (it's an exchange2003 box), so, so long as I direct the requests under port 389 there shouldn't be a problem correct?
Next question would be..Is there a better method to use than LDAP? NTLM possibly?

2) logging of authenticated username (LDAP) and loging of identity
name (IDENT) are two separate things sometimes in Squid. Check the log
format is showing what you want.
---> I do have the log format set to record successfully the IDENT lookup. As you can see from the log..It does sometimes work and sometimes does not. I can include a much larger log file if anyone has the time to look it over. I do, but I can't discern any patterns..

3) Ident is a rarely used (due to being insecure) method of
identification. The re-write of auth for Squid-3 left a few problems in
the way it works. Many of which are being resolved so recently the
patches have not yet made it to 3.0 and some still waiting testing in
bugzilla. If you need this kind of fix, please test the latest snapshots
then get check bugzilla for any remaining issues.
----> Again..I don't mind getting away from IDENT..It is a pain in the ass to get installed on all the client machines..But when I was first learning about squid, this is the path that was easiest for me (I had to learn linux first, then squid, then squint for reports, then IDENT for username logging..All in about a week).. So I just kind of stuck with it.
We have until May 4th til this needs to go live. We, as you can see, are currently running and logging now so we can make sure the loads are all ok. So, any help before then would be awesome!!

Thanks again guys!!

Thanks
Dustin

Dustin Hane wrote:
> Hello all!
>
> I'm trying to get around having to do the LDAP or NTLM authentication schemas. It may be a lot easier, but I'm just not exactly sure how..So what I have done is this..
> I pushed out via a GPO a script that will report the username to a text file. I then use windows IDent server (installed on all local boxes) to listen for when Squid makes an RFC 931 lookup request. The service responds with the username from the text file.
> Using Squid 3Stable7 on Unix..Exporting logs in default squid format..
> I wouldn't have a problem using an LDAP server as I do have it set up..I just don't understand it and for some reason I can't wrap my head around the wiki for it and I have a few questions that aren't listed there..If someone has a few minutes that I could email my test config for it to, I would be eternally greatful! I just don't want to bog down the maillist with my stupidity.
> Works absolutely awesome 94% of the time..But occasionally I get the following. (usernames have been retracted for obvious reasons)
>
>
>A few things crop into y head reading your post:
>
> 1) you mention having questions but don't ask any.

2) logging of authenticated username (LDAP) and loging of identity
name (IDENT) are two separate things sometimes in Squid. Check the log
format is showing what you want.

Amos

> ---Begin Logs---
> 1240514814.201 289 icm1512.postalproducts.com TCP_MISS/200 2347 GET http://www.bassind.com/images/bg_03.gif username DIRECT/65.198.197.121 image/gif
> 1240514814.578 404 icm1512.postalproducts.com TCP_MISS/200 544 GET http://www.bassind.com/images/top_nav_bg.gif - DIRECT/65.198.197.121 image/gif
> 1240514814.613 1106 icm1512.postalproducts.com TCP_MISS/404 1561 GET http://www.bassind.com/images/main_top.gif - DIRECT/65.198.197.121 text/html
> 1240514814.673 417 icm1512.postalproducts.com TCP_MISS/200 3994 GET http://www.bassind.com/prodimg/hometheatrehp.jpg username DIRECT/65.198.197.121 image/jpeg
>
> 1240514824.037 356 icm1512.postalproducts.com TCP_MISS/404 1561 GET http://www.bassind.com/favicon.ico username DIRECT/65.198.197.121 text/html
> 1240514829.944 0 icm1338.postalproducts.com TCP_IMS_HIT/304 375 GET http://vendornet.americanhotel.com/colors/styles.css username NONE/- text/css
> 1240514829.946 0 icm1338.postalproducts.com TCP_IMS_HIT/304 391 GET http://vendornet.americanhotel.com/inc/main.js - NONE/- application/x-javascript
> 1240514829.969 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/topB.gif username NONE/- image/gif
> 1240514830.000 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/Logo/AHLogo.gif - NONE/- image/gif
> 1240514830.004 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/liteteal1x1.gif username NONE/- image/gif
> 1240514830.009 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/exit.gif - NONE/- image/gif
> 1240514830.011 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/topA.gif username NONE/- image/gif
> 1240514830.015 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/leftReduce.gif - NONE/- image/gif
> 1240514830.021 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/leftExpand.gif username NONE/- image/gif
> 1240514830.025 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/Colors/liteteal1x1.gif - NONE/- image/gif
> 1240514830.029 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/arrow.gif username NONE/- image/gif
> 1240514830.034 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/leftDiv.gif - NONE/- image/gif
> 1240514830.040 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/arrowbl.gif username NONE/- image/gif
> 1240514830.049 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/tealleft.gif - NONE/- image/gif
> 1240514830.050 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/leftSpace.gif username NONE/- image/gif
> 1240514830.070 327 icm1338.postalproducts.com TCP_MISS/200 23941 POST http://vendornet.americanhotel.com/Index.asp jurgitad DIRECT/72.35.92.212 text/html
> 1240514830.080 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/images/powered.gif - NONE/- image/gif
> 1240514830.083 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/teal1x1.gif username NONE/- image/gif
> 1240514830.093 0 icm1338.postalproducts.com TCP_IMS_HIT/304 376 GET http://vendornet.americanhotel.com/colors/recapright.gif username NONE/- image/gif
> 1240514832.457 107 icm1512.postalproducts.com TCP_MISS/200 1903 GET http://www.freightquote.com/images/qb_nav_account_on.gif username DIRECT/207.218.147.11 image/gif
> ---END LOGS----
>
> Dustin Hane
> IT Support
> Ph: 414-290-1128
> Fx: 414-290-1515
> 500 W Oklahoma Ave
> Milwaukee, WI 53207
> dustinh_at_postalproducts.com
>
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7

Received on Mon Apr 27 2009 - 18:43:01 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 28 2009 - 12:00:02 MDT