Squid não exporta o nome do usuário no Access.log

1. Squid não exporta o nome do usuário no Access.log

redbob
(usa Ubuntu)

Enviado em 10/10/2019 - 16:19h

Oi:

Eu subi o Squid 4.8 num servidor Ubuntu 18.04.
Ele está integrado em um AD e está habilitado a permitir acesso autenticado.
O problema é que o /var/log/squid/access.log não está recebendo informações do usuário.

Segue o meu squid.conf:

visible_hostname srvproxy3-mt
acl jfmt src 172.16.0.0/12 # RFC 1918 local private network (LAN)

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localhost manager
http_access allow manager
http_access allow localhost
http_port 3128
cache_dir aufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern -i \.(gif|jpeg|jpg|png|)$ 3600 90% 43200

proxy_protocol_access allow jfmt
forwarded_for on
follow_x_forwarded_for allow localhost
follow_x_forwarded_for allow jfmt
follow_x_forwarded_for allow all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
tproxy_uses_indirect_client off
cache deny all
quick_abort_min 1024 KB
read_ahead_gap 512 KB
maximum_object_size_in_memory 1 MB
dns_v4_first on

### negotiate kerberos and ntlm authentication
#auth_param negotiate program /etc/squid/negotiate_kerberos_auth -d -k /etc/squid/proxy.keytab -s HTTP/srvdc1-mt.mt.trf1.gov.br@MT.TRF1.GOV.BR
auth_param negotiate program /etc/squid/negotiate_wrapper_auth -d -i --kerberos /etc/squid/negotiate_kerberos_auth -s HTTP/srvdc1-mt.mt.trf1.gov.br@MT.TRF1.GOV.BR --ntlm /etc/squid/ntlm_auth --helper-protocol=gss-spnego --domain=JFMT
auth_param negotiate children 10
auth_param negotiate keep_alive on
#export KRB5_KTNAME=/etc/squid/proxy.keytab
#net ads keytab CREATE
#net ads keytab ADD proxy
#unset KRB5_KTNAME

acl authenticated proxy_auth REQUIRED
http_access deny !authenticated
http_access allow authenticated
http_access deny all

logformat squid-host %ts.%03tu %6tr %>A %>a %Ss/%03>Hs %<st %rm %ru %[ul %Sh/%<a %mt %un %ul %ui %ue
#logformat squid-newhost %>a %un %ul %i %tl %rm %ru %Hs %Ss
access_log /var/log/squid/access.log squid-host
#access_log /var/log/squid/new-access.log squid-newhost
access_log syslog:local7.info squid
access_log syslog:local7.* squid
access_log syslog:local7 squid
access_log udp://172.24.1.6:514 squid

O meu cache.log indica que o acesso está ok:

2019/10/10 15:15:05| negotiate_wrapper: Got 'YR TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAFopAAAADw==' from squid (length: 59).
2019/10/10 15:15:05| negotiate_wrapper: Decode 'TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKAFopAAAADw==' (decoded length: 42).
2019/10/10 15:15:05| negotiate_wrapper: received type 1 NTLM token
2019/10/10 15:15:05| negotiate_wrapper: Return 'TT TlRMTVNTUAACAAAACAAIADgAAAAVgoni7DJ+IVeU9BoAAAAAAAAAAJIAkgBAAAAABgEAAAAAAA9KAEYATQBUAAIACABKAEYATQBUAAEAGABTAFIAVgBQAFIATwBYAFkAMwAtAE0AVAAEABwAbQB0AC4AdAByAGYAMQAuAGcAbwB2AC4AYgByAAMANgBzAHIAdgBwAHIAbwB4AHkAMwAtAG0AdAAuAG0AdAAuAHQAcgBmADEALgBnAG8AdgAuAGIAcgAHAAgAvLwcBp9/1QEAAAAA *
'
2019/10/10 15:15:05| negotiate_wrapper: Got 'KK TlRMTVNTUAADAAAAGAAYAIIAAAA6AToBmgAAAAgACABYAAAACgAKAGAAAAAYABgAagAAABAAEADUAQAAFYKI4goAWikAAAAPHj7wNqxdloGepZGg2lLQVUoARgBNAFQAagB1ADUAOQA5AEcAVQBBAFQAQQBNAEIAVQAtAEMAQwBTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADz8iD2o3lUCa81Crcz+81sBAQAAAAAAALy8HAaff9UBj8b1VTzMcQMAAAAAAgAIAEoARgBNAFQAAQAYAFMAUgBWAFAAUgBPAFgAWQAzAC0ATQBUAAQAHABtAHQALgB0AHIAZgAxAC4AZwBvAHYALgBiAHIAAwA2AHMAcgB2AHAAcgBvAHgAeQAzAC0AbQB0AC4AbQB0AC4AdAByAGYAMQAuAGcAbwB2AC4AYgByAAcACAC8vBwGn3/VAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAgAABQRBZNbIggqu05CEqtTe1EZxW/Of8fXXD731+uSGM+PQoAEAAAAAAAAAAAAAAAAAAAAAAACQAgAEgAVABUAFAALwAxADcAMgAuADIANAAuADMALgAxADkAAAAAAAAAAAAAAAAArtNIWm7XR8PIsIClF5w17w==' from squid (length: 651).
2019/10/10 15:15:05| negotiate_wrapper: Decode 'TlRMTVNTUAADAAAAGAAYAIIAAAA6AToBmgAAAAgACABYAAAACgAKAGAAAAAYABgAagAAABAAEADUAQAAFYKI4goAWikAAAAPHj7wNqxdloGepZGg2lLQVUoARgBNAFQAagB1ADUAOQA5AEcAVQBBAFQAQQBNAEIAVQAtAEMAQwBTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADz8iD2o3lUCa81Crcz+81sBAQAAAAAAALy8HAaff9UBj8b1VTzMcQMAAAAAAgAIAEoARgBNAFQAAQAYAFMAUgBWAFAAUgBPAFgAWQAzAC0ATQBUAAQAHABtAHQALgB0AHIAZgAxAC4AZwBvAHYALgBiAHIAAwA2AHMAcgB2AHAAcgBvAHgAeQAzAC0AbQB0AC4AbQB0AC4AdAByAGYAMQAuAGcAbwB2AC4AYgByAAcACAC8vBwGn3/VAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAgAABQRBZNbIggqu05CEqtTe1EZxW/Of8fXXD731+uSGM+PQoAEAAAAAAAAAAAAAAAAAAAAAAACQAgAEgAVABUAFAALwAxADcAMgAuADIANAAuADMALgAxADkAAAAAAAAAAAAAAAAArtNIWm7XR8PIsIClF5w17w==' (decoded length: 486).
2019/10/10 15:15:05| negotiate_wrapper: received type 3 NTLM token
2019/10/10 15:15:05| negotiate_wrapper: Return 'AF = * ju599

Mas o access.log não mostra o username (ao invés disso, só vejo tracinhos)

1570734970.972 0 avoante.mt.trf1.gov.br 172.24.12.91 TCP_DENIED/407 4095 CONNECT www.google.com:443 - HIER_NONE/- text/html - - - -
1570734970.977 3 avoante.mt.trf1.gov.br 172.24.12.91 TCP_DENIED/407 4536 CONNECT www.google.com:443 - HIER_NONE/- text/html - - - -
1570734971.106 10688 rendeira-sno.mt.trf1.gov.br 172.24.41.35 TCP_TUNNEL/200 2824 CONNECT ib.adnxs.com:443 * HIER_DIRECT/68.67.160.25 - * * - -
1570734971.156 0 rendeira-sno.mt.trf1.gov.br 172.24.41.35 TCP_DENIED/407 4139 CONNECT ade.googlesyndication.com:443 - HIER_NONE/- text/html - - - -
1570734971.176 2 rendeira-sno.mt.trf1.gov.br 172.24.41.35 TCP_DENIED/407 4578 CONNECT ade.googlesyndication.com:443 - HIER_NONE/- text/html - - - -

Alguma ideia?

0 0

Quote