[squid-users] --> Problem with Winbind-NTLM -> AD -> SQUID ?

From: Alex Carlos Braga Ant�o <[email protected]>
Date: Wed, 15 Oct 2003 14:40:42 -0200

Hello,
   I have a FreeBSD 5.1 Box, Running Squid 2.5-STABLE4. I configured it
to authenticate by NTLM with wb_ntlmauth, with wb_group external acl. It
working for about 3 months. But often my users get a login prompt on the
browser (IE) to login. It should not happen!
   I took a look on Statistics and saw my 25 NTLM children. The last
ones had some hits... so I changed it to 50 children. Again the users
got some login promptsm and I changed the children to 100. But they
still get those login prompts sometimes, and I think it's not the number
of children. Now I am raising the wb_group to 50 concurrency.
   My cache has about 600 users, and the load is not big.

   Here's some parts of my config files, and logs... any help are
welcome !!!!

   Squid.conf:
auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth DOMINIO
auth_param ntlm children 100
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 6
auth_param basic realm Formato: DOMINIO\usuario
auth_param basic credentialsttl 2 hour

external_acl_type GrupoAD ttl=600 negative_ttl=30 concurrency=15 %LOGIN
/usr/local/squid/libexec/wb_group

After a -k reconfigure, I get the folowing errors on cache.log:

2003/10/15 15:23:57| Pinger socket opened on FD 415
2003/10/15 15:23:57| Loaded Icons.
2003/10/15 15:23:57| Ready to serve requests.
2003/10/15 15:23:57| AuthenticateNTLMHandleReply: invalid callback data.
Releasing helper '0x832f010'.
2003/10/15 15:23:57| AuthenticateNTLMHandleReply: invalid callback data.
Releasing helper '0x84dff10'.
(wb_ntlmauth)[18565](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=35 (Resource temporarily unavailable)
(wb_ntlmauth)[18567](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=35 (Resource temporarily unavailable)
(wb_group)[19286](wb_check_group.c:231): Warning: Can't enum user groups.
(wb_group)[19287](wb_check_group.c:231): Warning: Can't enum user groups.
(wb_group)[19288](wb_check_group.c:231): Warning: Can't enum user groups.
(wb_group)[19286](wb_check_group.c:231):
(wb_group)[19287](wb_check_group.c:231): Warning: Can't enum user groups.
Warning: Can't enum user groups.
(wb_group)[19290](wb_check_group.c:231): Warning: Can't enum user groups.
(wb_group)[19287](wb_check_group.c:231): Warning: Can't enum user groups.
(wb_group)[19288](wb_check_group.c:231):
(wb_group)[19286](wb_check_group.c:231): Warning: Can't enum user groups.
Warning: Can't enum user groups.
2003/10/15 15:23:57| AuthenticateNTLMHandleReply: invalid callback data.
Releasing helper '0x8500010'.
(wb_ntlmauth)[18566](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=35 (Resource temporarily unavailable)
(wb_ntlmauth)[18568](wb_ntlm_auth.c:273): fgets() failed! dying.....
errno=35 (Resource temporarily unavailable)
2003/10/15 15:23:58| icmpRecv: recv: (61) Connection refused
2003/10/15 15:23:58| Closing Pinger socket on FD 415

Thanks,
  Alex
Received on Wed Oct 15 2003 - 11:39:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:30 MST