squid+ad驗證無法使用的問題
我的krb驗證,samba加入域很順利,就是最後一步設置ntlm域認證時,squid服務啟動不了的問題,
在論壇中見到有人跟我一樣的問題,但是具體解決方法沒有列出來,希望解決了這個問題的朋友多多指教!
以下這段如果在squid.conf中啟用的話,squid服務啟動不了,如果沒有註釋這些語句,則服務正常啟動
...
auth_param ntlm program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours
acl ntlmusers proxy_auth REQUIRED
http_access allow ntlmusers
...
執行squid -NCd1后的結果如下,紅色部分應該就是導致服務啟動不了的原因
2011/08/16 17:02:25| Starting Squid Cache version 2.7.STABLE6 for i386-debian-linux-gnu...
2011/08/16 17:02:25| Process ID 22826
2011/08/16 17:02:25| With 1024 file descriptors available
2011/08/16 17:02:25| Using epoll for the IO loop
2011/08/16 17:02:25| Performing DNS Tests...
2011/08/16 17:02:25| Successful DNS name lookup tests...
2011/08/16 17:02:25| DNS Socket created at 0.0.0.0, port 53943, FD 5
2011/08/16 17:02:25| Adding domain localdomain from /etc/resolv.conf
2011/08/16 17:02:25| Adding domain localdomain from /etc/resolv.conf
2011/08/16 17:02:25| Adding nameserver 172.16.16.123 from /etc/resolv.conf
2011/08/16 17:02:25| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2011/08/16 17:02:25| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
2011/08/16 17:02:30| helperOpenServers: Starting 5 'ntlm_auth' processes
2011/08/16 17:02:30| helperOpenServers: Starting 5 'wbinfo_group.pl' processes
2011/08/16 17:02:30| User-Agent logging is disabled.
2011/08/16 17:02:30| Referer logging is disabled.
2011/08/16 17:02:30| logfileOpen: opening log /var/log/squid/access.log
2011/08/16 17:02:30| Unlinkd pipe opened on FD 25
2011/08/16 17:02:30| Swap maxSize 102400 + 8192 KB, estimated 0 objects
2011/08/16 17:02:30| Target number of buckets: 425
2011/08/16 17:02:30| Using 8192 Store buckets
2011/08/16 17:02:30| Max Mem size: 8192 KB
2011/08/16 17:02:30| Max Swap size: 102400 KB
2011/08/16 17:02:30| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2011/08/16 17:02:30| logfileOpen: opening log /var/log/squid/store.log
2011/08/16 17:02:30| Rebuilding storage in /var/log/squid (DIRTY)
2011/08/16 17:02:30| Using Least Load store dir selection
2011/08/16 17:02:30| Current Directory is /root
2011/08/16 17:02:30| Loaded Icons.
2011/08/16 17:02:30| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 27.
2011/08/16 17:02:30| Accepting ICP messages at 0.0.0.0, port 3130, FD 28.
2011/08/16 17:02:30| HTCP Disabled.
2011/08/16 17:02:30| WCCP Disabled.
2011/08/16 17:02:30| Ready to serve requests.
2011/08/16 17:02:30| WARNING: ntlmauthenticator #1 (FD 6) exited
2011/08/16 17:02:30| WARNING: ntlmauthenticator #2 (FD 7) exited
2011/08/16 17:02:30| WARNING: ntlmauthenticator #3 (FD 8) exited
2011/08/16 17:02:30| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!
以下是日誌文件cache.log中的顯示
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2116 KB
Ordinary blocks: 2101 KB 2 blks
Small blocks: 0 KB 0 blks
Holding blocks: 280 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 14 KB
Total in use: 2381 KB 99%
Total free: 14 KB 1%
我在本機單獨的ntlm_auth user@TEST.COM執行驗證全部成功,真是愁死我了!
《解決方案》
/usr/lib/squid/ntlm_auth有這個文件嗎?
squid版本是多少,目前咱用的是3.1.8,認證配置如下:auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 100 startup=0 idle=1
auth_param ntlm keep_alive on
authenticate_ttl 4 hour
authenticate_cache_garbage_interval 4 hour
《解決方案》
你是linux是什麼版本?我現在就是採用squid + windows AD驗證的,兩年了一直很正常。
