User:Mhavela/squark-auth-snmp: Difference between revisions
(Introduction) |
(No difference)
|
Revision as of 05:54, 22 December 2011
![]() Do not follow instructions here until this notice is removed. |
Using squark-auth-snmp
Introduction
This document describes how to use 'squark-auth-snmp' as squid authentication helper to obtain a username or other useful information from a switch.
'squark-auth-snmp' queries the switch via SNMP using standard MIBs to obtain various information.
The information is then injected into the squid access logs (which can help auditors when analysing the logs).
![](/images/thumb/0/0e/Underconstruction_clock_icon_gray.svg/48px-Underconstruction_clock_icon_gray.svg.png)
Switches that confirmed to function at least in some degree:
- HP Procurve 5400zl
- HP Procurve 1810G 24GE
![](/images/thumb/0/0e/Underconstruction_clock_icon_gray.svg/48px-Underconstruction_clock_icon_gray.svg.png)
![](/images/thumb/0/0e/Underconstruction_clock_icon_gray.svg/48px-Underconstruction_clock_icon_gray.svg.png)
Enable SNMP Lookups on HP Procurve Device
Create an SNMP read-only community on your HP Procurve Switch, or use one that already exists (the following example uses "public" as a community name - adjust as you like):
configure snmp-server community "public" restricted snmp-server response-source dst-ip-of-request exit
The 2nd last command ensures that the SNMP replies are always returned from the switch's primary management interface. Run the above commands on all switches that the squark-auth plugin will run snmp queries against. Run them exactly as they appear.
Install Squark and Configure Squid
apk add squark
The squark-auth binary used by squid is copied into the /usr/local/bin directory. All further configuration is done in /etc/squid/squid.conf:
#external ACL squid auth helper # Squark authentication external acl external_acl_type squark_auth children=1 ttl=1800 negative_ttl=60 concurrency=128 grace=10 %SRC /usr/local/bin/squark-auth -c <communityname> -r <ip.of.switch> -i VLAN<id> -v <id> acl Zone_D_SquarkAuth external squark_auth
Replace <communityname> with the SNMPv2 community name you have configured on your switch. Replace <ip.of.switch> with the IP of your switch, and replace <id> with the VLAN Id number of the VLAN that the clients will be connected to.
Here is an example to illustrate how the above configuration could look:
#external ACL squid auth helper # Squark authentication external acl external_acl_type squark_auth children=1 ttl=1800 negative_ttl=60 concurrency=128 grace=10 %SRC /usr/local/bin/squark-auth -c public -r 192.168.0.1 -i VLAN5 -v 5 acl Zone_D_SquarkAuth external squark_auth
Optional: SNMP v3 Configuration
Squark will use the configuration specified in /etc/snmp/snmp.conf when snmpv3 is specified as the preferred version of SNMP to use.
Ensure that you have at least the following in /etc/snmp/snmp.conf:
defContext none defSecurityName <username> defAuthPassphrase <password> defVersion 3 defAuthType MD5 defSecurityLevel authNoPriv
Adjust the above as dictated by the SNMP v3 configuration on your switch.