User:Mhavela/squark-auth-snmp
This material is work-in-progress ... Do not follow instructions here until this notice is removed. |
Using squark-auth-snmp
Introduction
This document describes how to use 'squark-auth-snmp' as squid authentication helper to obtain a username or other useful information from a switch.
'squark-auth-snmp' queries the switch via SNMP using standard MIBs to obtain various information.
The information is then injected into the squid access logs (which can help auditors when analysing the logs).
Switches that confirmed to function at least in some degree:
- HP Procurve 5400zl
- HP Procurve 1810G 24GE
Enable SNMP Lookups on HP Procurve Device
Create an SNMP read-only community on your HP Procurve Switch, or use one that already exists (the following example uses "public" as a community name - adjust as you like):
configure snmp-server community "public" restricted snmp-server response-source dst-ip-of-request exit
The 2nd last command ensures that the SNMP replies are always returned from the switch's primary management interface. Run the above commands on all switches that the squark-auth plugin will run snmp queries against. Run them exactly as they appear.
Install Squark and Configure Squid
apk add squark
The squark-auth binary used by squid is copied into the /usr/local/bin directory. All further configuration is done in /etc/squid/squid.conf:
#external ACL squid auth helper # Squark authentication external acl external_acl_type squark_auth children=1 ttl=1800 negative_ttl=60 concurrency=128 grace=10 %SRC /usr/local/bin/squark-auth -c <communityname> -r <ip.of.switch> -i VLAN<id> -v <id> acl Zone_D_SquarkAuth external squark_auth
Replace <communityname> with the SNMPv2 community name you have configured on your switch. Replace <ip.of.switch> with the IP of your switch, and replace <id> with the VLAN Id number of the VLAN that the clients will be connected to.
Here is an example to illustrate how the above configuration could look:
#external ACL squid auth helper # Squark authentication external acl external_acl_type squark_auth children=1 ttl=1800 negative_ttl=60 concurrency=128 grace=10 %SRC /usr/local/bin/squark-auth -c public -r 192.168.0.1 -i VLAN5 -v 5 acl Zone_D_SquarkAuth external squark_auth
Optional: SNMP v3 Configuration
Squark will use the configuration specified in /etc/snmp/snmp.conf when snmpv3 is specified as the preferred version of SNMP to use.
Ensure that you have at least the following in /etc/snmp/snmp.conf:
defContext none defSecurityName <username> defAuthPassphrase <password> defVersion 3 defAuthType MD5 defSecurityLevel authNoPriv
Adjust the above as dictated by the SNMP v3 configuration on your switch.