Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid + Captive Portal = not logging usernames?

    Scheduled Pinned Locked Moved pfSense Packages
    10 Posts 7 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cybex
      last edited by

      Hi community,

      I'm using pfSense at a school with approx. 2000 students. We use Captive Portal with Radius login to authenticate before letting the students use the internet. But Squid doesn't seem to log the usernames, only the IP address of the device. Is this a short coming in Captive Portal or is this fixable?

      Kind regards, John

      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by

        I do not see a way how squid should know something about the usernames. The username is entered on CP and CP authenticates against RADIUS. So just RADIUS and CP know the username. squid is just seeing the traffic - and traffic just contains IP address and hostname.

        If you want to see username in squid I would say you need to use squid to authenticate the users - this can also be done with RADIUS.
        But squid MUST run in non-transparent mode or it will not work.

        1 Reply Last reply Reply Quote 0
        • C
          Cybex
          last edited by

          Thank you for your reply. I thought it might be possible that the Captive Portal 'told' Squid what users are connected, but that's obviously not the case.

          Authenticating Squid against Radius is an solution also, but the downside is that I have to disable transparent mode. Would it be possible to use a port forward rule in pfSense that redirects all http traffic (port 80) to port 3128 (Squid proxy) and enable authentication in Squid?

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by

            The package (squid) does not allow you to set "Auth settings" when you selected "transparent mode" on general settings.
            you can try to change the squid listening port from 3128 to port 80 and switch to "non-transparent".

            But not sure if this will conflict with the webGUI of pfsense if running on the same port.

            Best is to do a config backup before doing anything ;-)

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              @Cybex:

              I thought it might be possible that the Captive Portal 'told' Squid what users are connected

              It's possible using squid auth helper, but until today, nobody had time to write it. :(

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • J
                jmorganhome
                last edited by

                @marcelloc:

                @Cybex:

                I thought it might be possible that the Captive Portal 'told' Squid what users are connected

                It's possible using squid auth helper, but until today, nobody had time to write it. :(

                Apologies first of all, as I am a novice user.

                We are a group of caravan users setting up a shared Internet connection for use when we are out & about.

                I have successfully set up pfsense, but our members are very concerned that somebody may do something illegal, and we have been told that we should keep a log of who goes where, in case of repercussions.

                I don't really 'need' a proxy server, and I have set up local usernames & enabled the captive portal.

                I really just need to get a list of:

                username - site requested - date - time

                Could I respectfully ask:

                a) Am I looking at the correct option to do this?
                b) Is there something similar and/or simpler?
                c) I'm not sure if the above is suggesting that this is a possibility, and would be glad of a more detailed explanation

                Many thanks in advance to anyone who may be able to offer assistance, as I have been looking in detail at possibilities, & running up lots of blind alleys.

                1 Reply Last reply Reply Quote 0
                • D
                  dig1234
                  last edited by

                  If you need that kind of info logged it would be better to use squid authentication than captive portal. The squid logs will have the info you want.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mendilli
                    last edited by

                    here is a solution for you

                    http://forum.pfsense.org/index.php/topic,65358.0.html

                    1 Reply Last reply Reply Quote 0
                    • C
                      cuchulainn
                      last edited by

                      The topic is not Accessible .. :/

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        Translate this one from Portuguese forum

                        http://forum.pfsense.org/index.php/topic,66809.0.html

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.