Помогите разобраться.
Имеется домен Win2003, FreeBSD 6.2(с установленными samba 3.0.23 и squid 2.5.14)
Задача: сделать аутентификацию пользователей домена в squid.
Все собрал с нужными опциями. Но аутентификация не проходит. Не могу понять в чем дело.
Вот конфиги:SAMBA
[global]
workgroup = cc94
server string = Samba Server
security = ads
hosts allow = 192.168.0. 127.
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
password server = ccmain.cc94, ccmain2.cc94
realm = cc94
local master = no
domain master = no
preferred master = no
domain logons = no
wins server = 192.168.0.2
dns proxy = no
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866# WindBind
winbind use default domain = yes
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yesSQUID
http_port 192.168.0.8:8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /usr/local/squid/cache 100 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
mime_table /usr/local/etc/squid/mime.conf
pid_filename /usr/local/squid/logs/squid.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutesauth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hoursacl AuthUsers proxy_auth REQUIRED
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECTacl all src 0.0.0.0/0.0.0.0
acl worktime time 08:00-24:00
acl macaddr arp 00:18:f3:99:92:6b #Aleksandr
acl macaddr arp 00:13:77:35:82:32 #Production
acl our_networks src 192.168.0.0/24
acl allow_ip src 192.168.0.50
acl allow_ip src 192.168.0.66http_access allow AuthUsers
http_access deny allЛог SQUID
2007/04/27 18:38:12| Starting Squid Cache version 2.5.STABLE14 for i386-portbld-freebsd6.2...
2007/04/27 18:38:12| Process ID 1091
2007/04/27 18:38:12| With 2624 file descriptors available
2007/04/27 18:38:12| DNS Socket created at 0.0.0.0, port 55870, FD 6
2007/04/27 18:38:12| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2007/04/27 18:38:12| Adding nameserver 192.168.0.3 from /etc/resolv.conf
2007/04/27 18:38:12| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| helperOpenServers: Starting 5 'ntlm_auth' processes
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| Unlinkd pipe opened on FD 11
2007/04/27 18:38:13| Swap maxSize 102400 KB, estimated 7876 objects
2007/04/27 18:38:13| Target number of buckets: 393
2007/04/27 18:38:13| Using 8192 Store buckets
2007/04/27 18:38:13| Max Mem size: 8192 KB
2007/04/27 18:38:13| Max Swap size: 102400 KB
2007/04/27 18:38:13| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2007/04/27 18:38:13| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2007/04/27 18:38:13| Using Least Load store dir selection
2007/04/27 18:38:13| Current Directory is /usr/local/squid/logs
2007/04/27 18:38:13| Loaded Icons.
2007/04/27 18:38:13| Accepting HTTP connections at 192.168.0.8, port 8080, FD 13.
2007/04/27 18:38:13| Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
2007/04/27 18:38:13| Accepting HTCP messages on port 4827, FD 15.
2007/04/27 18:38:13| Accepting SNMP messages on port 3401, FD 16.
2007/04/27 18:38:13| WCCP Disabled.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 17 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 17 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| Ready to serve requests.
2007/04/27 18:38:13| Done reading /usr/local/squid/cache swaplog (841 entries)
2007/04/27 18:38:13| Finished rebuilding storage from disk.
2007/04/27 18:38:13| 841 Entries scanned
2007/04/27 18:38:13| 0 Invalid entries.
2007/04/27 18:38:13| 0 With invalid flags.
2007/04/27 18:38:13| 841 Objects loaded.
2007/04/27 18:38:13| 0 Objects expired.
2007/04/27 18:38:13| 0 Objects cancelled.
2007/04/27 18:38:13| 0 Duplicate URLs purged.
2007/04/27 18:38:13| 0 Swapfile clashes avoided.
2007/04/27 18:38:13| Took 0.4 seconds (1989.3 objects/sec).
2007/04/27 18:38:13| Beginning Validation Procedure
2007/04/27 18:38:13| Completed Validation Procedure
2007/04/27 18:38:13| Validated 841 Entries
2007/04/27 18:38:13| store_swap_size = 6004k
2007/04/27 18:38:14| storeLateRelease: released 0 objects
2007/04/27 18:38:30| helperStatefulGetServer: No running servers!.
2007/04/27 18:38:30| helperStatefulGetServer: No running servers!.
2007/04/27 18:38:30| storeDirWriteCleanLogs: Starting...
2007/04/27 18:38:30| WARNING: Closing open FD 13
2007/04/27 18:38:30| Finished. Wrote 841 entries.
2007/04/27 18:38:30| Took 0.0 seconds (339386.6 entries/sec).
FATAL: Too many queued ntlmauthenticator requests (1 on 0)
Squid Cache (Version 2.5.STABLE14): Terminated abnormally.
CPU Usage: 0.147 seconds = 0.070 user + 0.077 sys
Maximum Resident Size: 6904 KB
Page faults with physical i/o: 0Winbind работает нормально. Проверено.
Выставил след. права:
chown root:squid /var/db/samba/winbindd_privileged/Аутентификация в IE не проходит.
В Opere вылазит приглашение с вводом имени и пароля. Какие комбинации не пробовал, аутентификация не проходит.При запуске броузера на консоле машины с FreeBSD вылазит следующее: Too many queued ntlmauthenticator requests (1 on 0)
Я так понимаю запара вся в этой строчке:
WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.Подскажите где копать???
Здравствуйте.
Проверьте
wbinfo -t
wbinfo -u (выводит список пользователей домена)
wbinfo -g (выводит список групп домена)
>Здравствуйте.
>Проверьте
>wbinfo -t
>wbinfo -u (выводит список пользователей домена)
>wbinfo -g (выводит список групп домена)Да. WinBind работает. Я так понимаю, почему то не запускается helper.
Сделай так:
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutesauth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours