Re: [squid-users] --> Problem with Winbind-NTLM -> AD -> SQUID ?

From: Eduardo Elgueta <[email protected]>
Date: Wed, 15 Oct 2003 16:27:00 -0300

I was posting about something similar when this came in: every now and
then my users get a login dialog. The problem goes away by itself after
a while (an hour, by my estimation), but it' really annoying.

Any thoughts?

Ed.

Alex Carlos Braga Ant�o wrote:

> Hello,
> I have a FreeBSD 5.1 Box, Running Squid 2.5-STABLE4. I configured it
> to authenticate by NTLM with wb_ntlmauth, with wb_group external acl.
> It working for about 3 months. But often my users get a login prompt
> on the browser (IE) to login. It should not happen!
> I took a look on Statistics and saw my 25 NTLM children. The last
> ones had some hits... so I changed it to 50 children. Again the users
> got some login promptsm and I changed the children to 100. But they
> still get those login prompts sometimes, and I think it's not the
> number of children. Now I am raising the wb_group to 50 concurrency.
> My cache has about 600 users, and the load is not big.
>
> Here's some parts of my config files, and logs... any help are
> welcome !!!!
>
> Squid.conf:
> auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth DOMINIO
> auth_param ntlm children 100
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
>
> auth_param basic program /usr/local/squid/libexec/wb_auth
> auth_param basic children 6
> auth_param basic realm Formato: DOMINIO\usuario
> auth_param basic credentialsttl 2 hour
>
> external_acl_type GrupoAD ttl=600 negative_ttl=30 concurrency=15
> %LOGIN /usr/local/squid/libexec/wb_group
>
>
> After a -k reconfigure, I get the folowing errors on cache.log:
>
> 2003/10/15 15:23:57| Pinger socket opened on FD 415
> 2003/10/15 15:23:57| Loaded Icons.
> 2003/10/15 15:23:57| Ready to serve requests.
> 2003/10/15 15:23:57| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x832f010'.
> 2003/10/15 15:23:57| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x84dff10'.
> (wb_ntlmauth)[18565](wb_ntlm_auth.c:273): fgets() failed! dying.....
> errno=35 (Resource temporarily unavailable)
> (wb_ntlmauth)[18567](wb_ntlm_auth.c:273): fgets() failed! dying.....
> errno=35 (Resource temporarily unavailable)
> (wb_group)[19286](wb_check_group.c:231): Warning: Can't enum user groups.
> (wb_group)[19287](wb_check_group.c:231): Warning: Can't enum user groups.
> (wb_group)[19288](wb_check_group.c:231): Warning: Can't enum user groups.
> (wb_group)[19286](wb_check_group.c:231):
> (wb_group)[19287](wb_check_group.c:231): Warning: Can't enum user groups.
> Warning: Can't enum user groups.
> (wb_group)[19290](wb_check_group.c:231): Warning: Can't enum user groups.
> (wb_group)[19287](wb_check_group.c:231): Warning: Can't enum user groups.
> (wb_group)[19288](wb_check_group.c:231):
> (wb_group)[19286](wb_check_group.c:231): Warning: Can't enum user groups.
> Warning: Can't enum user groups.
> 2003/10/15 15:23:57| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x8500010'.
> (wb_ntlmauth)[18566](wb_ntlm_auth.c:273): fgets() failed! dying.....
> errno=35 (Resource temporarily unavailable)
> (wb_ntlmauth)[18568](wb_ntlm_auth.c:273): fgets() failed! dying.....
> errno=35 (Resource temporarily unavailable)
> 2003/10/15 15:23:58| icmpRecv: recv: (61) Connection refused
> 2003/10/15 15:23:58| Closing Pinger socket on FD 415
>
>
> Thanks,
> Alex
>

-- 
Eduardo Elgueta
Senior Consultant
Navix
Phone  : +56 (2) 315-7608
Mobile : +56 (9) 821-0033
Web    : www.navix.cl
Received on Wed Oct 15 2003 - 13:28:01 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:30 MST