Squid + Captive Portal = not logging usernames?



  • Hi community,

    I'm using pfSense at a school with approx. 2000 students. We use Captive Portal with Radius login to authenticate before letting the students use the internet. But Squid doesn't seem to log the usernames, only the IP address of the device. Is this a short coming in Captive Portal or is this fixable?

    Kind regards, John



  • I do not see a way how squid should know something about the usernames. The username is entered on CP and CP authenticates against RADIUS. So just RADIUS and CP know the username. squid is just seeing the traffic - and traffic just contains IP address and hostname.

    If you want to see username in squid I would say you need to use squid to authenticate the users - this can also be done with RADIUS.
    But squid MUST run in non-transparent mode or it will not work.



  • Thank you for your reply. I thought it might be possible that the Captive Portal 'told' Squid what users are connected, but that's obviously not the case.

    Authenticating Squid against Radius is an solution also, but the downside is that I have to disable transparent mode. Would it be possible to use a port forward rule in pfSense that redirects all http traffic (port 80) to port 3128 (Squid proxy) and enable authentication in Squid?



  • The package (squid) does not allow you to set "Auth settings" when you selected "transparent mode" on general settings.
    you can try to change the squid listening port from 3128 to port 80 and switch to "non-transparent".

    But not sure if this will conflict with the webGUI of pfsense if running on the same port.

    Best is to do a config backup before doing anything ;-)



  • @Cybex:

    I thought it might be possible that the Captive Portal 'told' Squid what users are connected

    It's possible using squid auth helper, but until today, nobody had time to write it. :(



  • @marcelloc:

    @Cybex:

    I thought it might be possible that the Captive Portal 'told' Squid what users are connected

    It's possible using squid auth helper, but until today, nobody had time to write it. :(

    Apologies first of all, as I am a novice user.

    We are a group of caravan users setting up a shared Internet connection for use when we are out & about.

    I have successfully set up pfsense, but our members are very concerned that somebody may do something illegal, and we have been told that we should keep a log of who goes where, in case of repercussions.

    I don't really 'need' a proxy server, and I have set up local usernames & enabled the captive portal.

    I really just need to get a list of:

    username - site requested - date - time

    Could I respectfully ask:

    a) Am I looking at the correct option to do this?
    b) Is there something similar and/or simpler?
    c) I'm not sure if the above is suggesting that this is a possibility, and would be glad of a more detailed explanation

    Many thanks in advance to anyone who may be able to offer assistance, as I have been looking in detail at possibilities, & running up lots of blind alleys.



  • If you need that kind of info logged it would be better to use squid authentication than captive portal. The squid logs will have the info you want.





  • The topic is not Accessible .. :/



  • Translate this one from Portuguese forum

    http://forum.pfsense.org/index.php/topic,66809.0.html


Log in to reply