Hello - I have Squid 3.4.8 installed on Debian Jessie.
I'm using the negotiate wrapper configured like this: auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth -d \ --kerberos /usr/lib/squid3/negotiate_kerberos_auth -s HTTP/proxy.domain.local@DOMAIN.LOCAL \ --ntlm /usr/bin/ntlm_auth --helper-protocol=gss-spnego --domain=DOMAIN.LOCAL The proxy works as intended - authentication happens, and usernames are logged for users that authenticate via Kerberos. However my logs don't show user names for anyone that authenticates via NTLM. The user name is replaced with an asterisk. I am testing by configuring my browser to use the FQDN of the proxy (which results in Kerberos authentication) or by using the IP address (which results in NTLM). Anyway, cache log does show the username but it is apparently in the wrong location to be parsed into the access log: 2016/03/16 16:38:29| negotiate_wrapper: Return 'AF = * james_zuelow ' This is a problem for me, as my organization wants the username in the log. Researching the issue I found this: http://squid-web-proxy-cache.1019090.n4.nabble.com/negotiate-wrapper-Return-AF-username-td4674765.html In which Amos says this was fixed "a long while back." My google-fu is not strong enough to discover an upstream fix for this issue though. I want to submit a bug report to Debian that says "please apply this fix to Jessie, and the fix can be found at X." Can you help me find X? Specific versions of Squid and Samba are: Squid3 3.4.8-6+deb8u1 and Samba/Winbind 4.1.17+dsfg-2+deb8u2. Thanks! James Zuelow Systems Operations Manager City and Borough of Juneau - MIS (907) 586-0236
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
