SUSE 10.0 SAMBA SQUID probleem

Ik heb net een suse 10.0 geinstalleerd met samba en squid er op

De samba werkt blijkbaar goed.
De machine is toegevoegd in het domain ik kan de groupen opvragen users testen.

De squid werkt niet zo goed alle de authentication op de ads
ntlm_auth geeft problemen

2006/05/08 20:52:53| WARNING: ntlmauthenticator #2 (FD 9) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #3 (FD 10) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #4 (FD 11) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #5 (FD 12) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #6 (FD 13) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #7 (FD 14) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #8 (FD 15) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #9 (FD 16) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #10 (FD 17) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #11 (FD 18) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #12 (FD 19) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #13 (FD 20) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #14 (FD 21) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #15 (FD 22) exited
2006/05/08 20:52:53| WARNING: ntlmauthenticator #16 (FD 23) exited
2006/05/08 20:52:53| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!

Squid Cache (Version 2.5.STABLE10): Terminated abnormally.
CPU Usage: 0.060 seconds = 0.032 user + 0.028 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2528 KB
Ordinary blocks: 2507 KB 2 blks
Small blocks: 0 KB 0 blks
Holding blocks: 820 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 20 KB
Total in use: 3327 KB 132%
Total free: 20 KB 1%
username must be specified!

Usage: [OPTION...]
Usage: [OPTION...]
--helper-protocol=helper protocol to use operate as a stdio-based helper
--username=STRING username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the challenge
(HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to the
challenge (HEX encoded)
--password=STRING User's plaintext password
--request-lm-key Retrieve LM session key
--request-nt-key Retrieve User (NT) session key
--diagnostics Perform diagnostics on the
authentictaion chain
--require-membership-of=STRING Require that a user be a member
of this group (either name or
SID) for authentication to
succeed

Help options:
-?, --help Show this help message
--usage Display brief usage message

Common samba options:
-d, --debuglevel=DEBUGLEVEL Set debug level
-s, --configfile=CONFIGFILE Use alternative configuration
file
-l, --log-basename=LOGFILEBASE Basename for log/debug files
-V, --version Print version
username must be specified!

....

2006/05/08 21:14:46| Starting Squid Cache version 2.5.STABLE10 for i686-pc-linux-gnu...
2006/05/08 21:14:46| Process ID 7246
2006/05/08 21:14:46| With 4096 file descriptors available
2006/05/08 21:14:46| DNS Socket created at 0.0.0.0, port 32774, FD 6
2006/05/08 21:14:46| Adding nameserver 10.16.1.2 from /etc/resolv.conf
2006/05/08 21:14:46| Adding nameserver 10.0.0.37 from /etc/resolv.conf
2006/05/08 21:14:46| helperStatefulOpenServers: Starting 30 'ntlm_auth' processes
username must be specified!

zet hij in de cach.log

bij het uitvoeren van ntlm_auth --helper-protocol=squid-2.5-basic
spuwt hij constant
You MUST specify at least one Domain Controller.
You can use either \ or / as separator between the domain name
and the controller name
ntlm_auth: invalid option -- s
unknown option: -?. Exiting
ntlm_auth usage:
ntlm_auth [-b] [-f] [-d] [-l] domain\controller [domain\controller ...]
-b enables load-balancing among controllers
-f enables failover among controllers (DEPRECATED and always active)
-l changes behavior on domain controller failyures to last-ditch.
-d enables debugging statements if DEBUG was defined at build-time.


....


Iemand een ideetje ?

In men log.winbind

[2006/05/08 16:45:22, 1] nsswitch/winbindd.c:main(935)
winbindd version 3.0.20-4-SUSE started.
Copyright The Samba Team 2000-2004
[2006/05/08 17:11:12, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700)
rpc_pipe_bind failed
[2006/05/08 17:11:12, 0] rpc_client/cli_pipe.c:cli_rpc_open_noauth(1700)
rpc_pipe_bind failed


En in de squid cache.log

2006/05/08 22:05:16| Unlinkd pipe opened on FD 76
2006/05/08 22:05:16| Swap maxSize 102400 KB, estimated 7876 objects
2006/05/08 22:05:16| Target number of buckets: 393
2006/05/08 22:05:16| Using 8192 Store buckets
2006/05/08 22:05:16| Max Mem size: 65536 KB
2006/05/08 22:05:16| Max Swap size: 102400 KB
2006/05/08 22:05:16| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2006/05/08 22:05:16| Rebuilding storage in /var/cache/squid (DIRTY)
2006/05/08 22:05:16| Using Least Load store dir selection
2006/05/08 22:05:16| Set Current Directory to /var/cache/squid
2006/05/08 22:05:16| Loaded Icons.
2006/05/08 22:05:17| Accepting HTTP connections at 0.0.0.0, port 8080, FD 77.
2006/05/08 22:05:17| Accepting ICP messages at 0.0.0.0, port 3130, FD 78.
2006/05/08 22:05:17| HTCP Disabled.
2006/05/08 22:05:17| Accepting SNMP messages on port 3401, FD 79.
2006/05/08 22:05:17| WCCP Disabled.
2006/05/08 22:05:17| Configuring Parent 192.168.32.1/80/0
2006/05/08 22:05:17| Ready to serve requests.
2006/05/08 22:05:17| WARNING: ntlmauthenticator #3 (FD 10) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #4 (FD 11) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #5 (FD 12) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #6 (FD 13) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #7 (FD 14) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #8 (FD 15) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #9 (FD 16) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #10 (FD 17) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #11 (FD 18) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #12 (FD 19) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #13 (FD 20) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #14 (FD 21) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #15 (FD 22) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #16 (FD 23) exited
2006/05/08 22:05:17| WARNING: ntlmauthenticator #17 (FD 24) exited


Strange want aan authenticatie zelf raak ik nog niet
de bedoeling is dat squid de ADS gebruik voor de authenticatie.

dit probleem is opgelost.
blijbkaar stonden er 2 nltm_auth en ik sprak de verkeerde aan.


Nu heb ik nog een raar probleemke

in mijn cach.log krijg ik onderstaande message

2006/05/09 12:07:07| temporary disabling (Service Unavailable) digest from 192.168.32.1
2006/05/09 12:12:08| temporary disabling (Service Unavailable) digest from 192.168.32.1
2006/05/09 12:22:09| temporary disabling (Service Unavailable) digest from 192.168.32.1


de squid moet alles forwarden naar de dmz machine waar een AV op runt.
dat is dus de 192.168.32.1
ik kan een telnet doen naar port 80 van dat ip dus de connectie is er ....

iemand een ideeke