Obtaining user information via SNMP

Draft - Work in progress

This documents how to use the squark-auth squid authentication helper to obtain a user-name or other information from via SNMP from a switch. The example uses an HP Procurve 5400zl switch.

It is possible to configure HP Procurve switches to do port-based web authentication. A network device initiates traffic on a port, and is assigned to a "guest" vlan with limited or no network access. A browser needs to be opened, and the user is given a user-name and password prompt. For more information on configuring web-based authentication on an HP switch, see this link.

The squark-auth squid authentication helper queries the HP switch via SNMP using standard MIBs to obtain the user-name associated with the IP address, which it injects into the squid access logs, which can help web-log auditors analyse . For more information see the squark-auth documentation here.

Enable SNMP Lookups on HP Procurve Device

Create an SNMP read-only community on your HP Procurve Switch, or use one that already exists (the following example uses "public" as a community name - adjust as you like):

configure
snmp-server community "public" restricted
snmp-server response-source dst-ip-of-request
exit

The 2nd last command ensures that the SNMP replies are always returned from the switch's primary management interface. Run the above commands on all switches that the squark-auth plugin will run snmp queries against. Run them exactly as they appear.

Install Squark and Configure Squid

apk add squark

The squark-auth binary used by squid is copied into the /usr/local/bin directory. All further configuration is done in /etc/squid/squid.conf:

#external ACL squid auth helper
insert code here