Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: kevinb on October 05, 2007, 07:33:41 AM

Title: Setting up Squid to use user authentification
Post by: kevinb on October 05, 2007, 07:33:41 AM

Hello everyone,

I want to have squid log the user name in the access logs. I sure I can do this with Ident. I set the config setting:

Code: [Select]

config setprop squid RequireAuth ident
Followed by:

Code: [Select]

expand-template /etc/squid/squid.conf
sv t /service/squid
And for good measure:

Code: [Select]

signal-event post-upgrade; signal-event reboot

I installed an ident server (tried three actually) on the Windows client but the client was not queried for an ID, nothing is blocked, no user names show up in the log and no errors in the logs either.

I manually set the proxy settings on the browser (FF and IE) and the proxy does work.


Is there anything I am missing.


Kevin


PS ... on other SME servers using DG I have noticed a large delay (several days) before the ident settings actually block unauthorized users, but they get logged immediately.

Thanks

Title: Re: Setting up Squid to use user authentification
Post by: raem on October 05, 2007, 08:10:23 AM

kevinb

Perhaps this is needed also

config setprop squid Transparent no
expand-template /etc/squid/squid.conf
sv t /service/squid

Then add the server IP and port in the proxy setting for your browser

Maybe also if the Windows firewall blocks access to the ident client, you will have to add an exception in the firewall rules as follows:

Control Panel >> Windows Firewall >> Exceptions >> Add Port

    * Name: auth
    * Port number: 113
    * TCP


This is the recommended ident client
https://sourceforge.net/projects/retinascan

Title: Re: Setting up Squid to use user authentification
Post by: stephen noble on October 05, 2007, 12:05:11 PM

also the code to enable ident is in smeserver-dansguardian
if you'd like it to be part of the base
the first step is to raise an NFR and seek approval from the devs

Title: Re: Setting up Squid to use user authentification
Post by: kevinb on October 05, 2007, 09:13:06 PM

I'll try turning off the transparent proxy tonight and see if this does it.

I already had the firewall off (step one of troubleshooting in Windows).

On two other SME servers with Dansguardian and ident (they work as expected) I found that Retinascan did not work but DGident (from the Dansguardian site) did. I never trouble shot this even though I much prefer Retinascan (runs as a service).

On this machine now I cannot see any attempt to contact the idnet server on the client to authenticate.