freebsd 5.3
установил samba3 из портов с winbind, ads, ldap поддержкой.smb.conf:
#======================= Global Settings =====================================
[global]
workgroup = TG
server string = SQUID Server
security = ads
hosts allow = 192.168.111. 127.0.0.1
log file = /var/log/samba/log.%m
max log size = 500
password server = server.tg.local
realm = tg.local
passdb backend = tdbsam
socket options = TCP_NODELAY
local master = no
os level = 0
domain master = no
preferred master = no
domain logons = no
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866
encrypt passwords = yes
winbind use default domain = no
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
установил squid
squid.conf:
http_port 3128
icp_port 0
hierarchy_stoplist cgi-bin ? chat
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
maximum_object_size 8092 KB
maximum_object_size_in_memory 512 KB
cache_dir ufs /usr/local/squid/cache 1024 16 64
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log none
cache_mgr it@tg.local
emulate_httpd_log on
ftp_user anonymous@qwerty
logfile_rotate 3
quick_abort_pct 60
#negative_ttl 1
#half_closed_clients on
#http_reply_access allow all
redirect_children 20
redirect_program /usr/local/bin/squidGuard
#redirector_bypass off
refresh_pattern ^ftp: &n... 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
icap_enable on
icap_preview_enable on
icap_preview_size 128
icap_send_client_ip on
#log_icp_queries off
# TAG: auth_param
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
# TAG: acl
acl USERS1 proxy_auth REQUIRED
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 21 1025-65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access deny !Safe_ports
http_access deny CONNECT
http_access allow USERS1
http_access allow localhost
http_access deny all
icap_service service_1 reqmod_precache 0 icap://localhost:1344/srv_clamav
icap_service service_2 respmod_precache 1 icap://localhost:1344/srv_clamav
icap_class class_antivirus service_2 service_1
icap_access class_antivirus allow all
coredump_dir /usr/local/squid/cache
pid_filename /usr/local/squid/logs/squid.pid
Все wbinfo -p.-t,-u,-g и авторизации по керберосу работают.
запускаем winbind -d 9
запускаю сквид
на виндовсе прописываю прокси и пытаюсь зайти куда нибудь. сквид падает. логи:
access.log:
192.168.111.1 - - [20/Feb/2006:16:23:19 +0300] "GET http://www.ru/ HTTP/1.0" 407 1694 TCP_DENIED:NONE
cache.log:
2006/02/20 16:23:15| Starting Squid Cache version 2.5.STABLE12 for i386-portbld-freebsd5.3...
2006/02/20 16:23:15| Process ID 48332
2006/02/20 16:23:15| With 7232 file descriptors available
2006/02/20 16:23:15| DNS Socket created at 0.0.0.0, port 49808, FD 5
2006/02/20 16:23:15| Adding nameserver 192.168.111.1 from /etc/resolv.conf
2006/02/20 16:23:15| Adding nameserver 195.28.33.1 from /etc/resolv.conf
2006/02/20 16:23:15| helperOpenServers: Starting 20 'squidGuard' processes
2006/02/20 16:23:15| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
2006/02/20 16:23:15| Unlinkd pipe opened on FD 35
2006/02/20 16:23:15| Swap maxSize 1048576 KB, estimated 80659 objects
2006/02/20 16:23:15| Target number of buckets: 4032
2006/02/20 16:23:15| Using 8192 Store buckets
2006/02/20 16:23:15| Max Mem size: 32768 KB
2006/02/20 16:23:15| Max Swap size: 1048576 KB
2006/02/20 16:23:15| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2006/02/20 16:23:15| Store logging disabled
2006/02/20 16:23:15| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2006/02/20 16:23:15| Using Least Load store dir selection
2006/02/20 16:23:15| Set Current Directory to /usr/local/squid/cache
2006/02/20 16:23:15| Loaded Icons.
2006/02/20 16:23:16| Accepting HTTP connections at 0.0.0.0, port 3128, FD 34.
2006/02/20 16:23:16| Accepting HTCP messages on port 4827, FD 36.
2006/02/20 16:23:16| WCCP Disabled.
2006/02/20 16:23:16| Pinger socket opened on FD 38
2006/02/20 16:23:16| Ready to serve requests.
2006/02/20 16:23:16| Done scanning /usr/local/squid/cache (0 entries)
2006/02/20 16:23:16| Finished rebuilding storage from disk.
2006/02/20 16:23:16| 0 Entries scanned
2006/02/20 16:23:16| 0 Invalid entries.
2006/02/20 16:23:16| 0 With invalid flags.
2006/02/20 16:23:16| 0 Objects loaded.
2006/02/20 16:23:16| 0 Objects expired.
2006/02/20 16:23:16| 0 Objects cancelled.
2006/02/20 16:23:16| 0 Duplicate URLs purged.
2006/02/20 16:23:16| 0 Swapfile clashes avoided.
2006/02/20 16:23:16| Took 0.4 seconds ( 0.0 objects/sec).
2006/02/20 16:23:16| Beginning Validation Procedure
2006/02/20 16:23:16| Completed Validation Procedure
2006/02/20 16:23:16| Validated 0 Entries
2006/02/20 16:23:16| store_swap_size = 0k
2006/02/20 16:23:16| storeLateRelease: released 0 objects
2006/02/20 16:23:19| storeDirWriteCleanLogs: Starting...
2006/02/20 16:23:19| WARNING: Closing open FD 34
2006/02/20 16:23:19| Finished. Wrote 0 entries.
2006/02/20 16:23:19| Took 0.0 seconds ( 0.0 entries/sec).
FATAL: authenticateNTLMHandleReply: *** Unsupported helper response ***, 'ERR'
Squid Cache (Version 2.5.STABLE12): Terminated abnormally.
CPU Usage: 0.111 seconds = 0.037 user + 0.074 sys
Maximum Resident Size: 7996 KB
Page faults with physical i/o: 0
почему сквид падает? как заставить его нормально авторизоваться в AD?