Topic: How to invoke user Ident in Squid Access log

[tomp]

I have installed an SME 6.0 server and has made a domain with one client. The client is configured to access til Internet through the Proxy in SME and Internet activity from the client IS being logged in the SME Proxy (Squid).

I can't figure out however how to make User Ident visibel in the log file (/squid/access.log). In all log entries the user Ident is displayed with a -.

Hope one of you guys and girls can help.

Best regards

Tom
Denmark.

[grand-pa]

Hello,

Have you found out a way of doing that ?
I have the same problem and it seems squid has not been compiled with the ident options (at least on SME v7b5).

Is there any other way to have the user name shown in the logs (they connect to Internet from the server itself) ?

Regards.

[CharlieBrady]

I can't figure out however how to make User Ident visibel in the log file (/squid/access.log). In all log entries the user Ident is displayed with a -.

The suqid FAQ (6.6) tells you what part of the configuration you need to change to enable ident lookups.

ident lookups in general can't be trusted - do you have any reason to belive that they should be in your network?

[grand-pa]

ident lookups in general can't be trusted - do you have any reason to belive that they should be in your network?

You're completly right, so I'm looking for ACL proxy_auth option and i'll try to adapt e-smith-proxy-auth-0.0.1-01dc.noarch.rpm for my own use on SME v7b5 (test server).

Just one other question : do you know if it is possible to force the use of the trans-proxy from the server itself ?

Regards.

[cc_skavenger]

....Just one other question : do you know if it is possible to force the use of the trans-proxy from the server itself ?

????  Trans-proxy is enabled by default.

[grand-pa]

....Just one other question : do you know if it is possible to force the use of the trans-proxy from the server itself ?

????  Trans-proxy is enabled by default.

I know, but it doesn't work when you are on the server itself : i have to manually configure the web browser to use it.

I have read an old howto which explained that a proxy server can't be a transparent proxy for itself. But i'd like to know if nowadays it is possible and i can't find this information anywhere

Of course computers behind the server have to pass throw the proxy

[CharlieBrady]

Just one other question : do you know if it is possible to force the use of the trans-proxy from the server itself ?

Why do you want to do that? If there is nobody but you using a browser on the server itself, and you think it important to use the proxy, then you can just configure your browser to use the proxy.

Do you have multiple users with shell access on the server, and you want to force them to use the proxy?

[grand-pa]

Do you have multiple users with shell access on the server, and you want to force them to use the proxy?

Yes. In fact, i try to configure LTSP on SME (LTSP in itself works now very fine).
So i have many users who can login on the server and i would like them to use the transparent proxy.

[CharlieBrady]

Do you have multiple users with shell access on the server, and you want to force them to use the proxy?

Yes. In fact, i try to configure LTSP on SME (LTSP in itself works now very fine).
So i have many users who can login on the server and i would like them to use the transparent proxy.

It's very difficult to do that. You would need to have a non-standard netfilter module which can determine the userid of the process which is attempting to make a connection, and set up the transparent proxy only for connections created by userids other than the 'squid' userid. This is because squid needs to be able to make real outgoing connections - you'd have a loop if squid connections were forced back into squid.

It'll be much easier for you to just configure the users' browsers. Or run LTSP on one server, and squid on another which is the gateway.

[grand-pa]

Thanks a lot Charlie for these informations.

If i have time, i'll look for the implemntation of this userid netfilter module.