The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"Проблемы аутентификации пользователей домена в squid."
Вариант для распечатки  
Пред. тема | След. тема 
Форумы Настройка Squid и других прокси серверов (Public)
Изначальное сообщение [ Отслеживать ]

"Проблемы аутентификации пользователей домена в squid."  
Сообщение от blkgod email(ok) on 27-Апр-07, 19:42 
Помогите разобраться.
Имеется домен Win2003, FreeBSD 6.2(с установленными samba 3.0.23 и squid 2.5.14)
Задача: сделать аутентификацию пользователей домена в squid.
Все собрал с нужными опциями. Но аутентификация не проходит. Не могу понять в чем дело.
Вот конфиги:

SAMBA
[global]
workgroup = cc94
server string = Samba Server
security = ads
hosts allow = 192.168.0. 127.
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
password server = ccmain.cc94, ccmain2.cc94
realm = cc94
local master = no
domain master = no
preferred master = no
domain logons = no
wins server = 192.168.0.2
dns proxy = no
display charset = koi8-r
unix charset = koi8-r
dos charset = cp866

# WindBind
winbind use default domain = yes
winbind separator = +
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes

SQUID
http_port 192.168.0.8:8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /usr/local/squid/cache 100 16 256
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
mime_table /usr/local/etc/squid/mime.conf
pid_filename /usr/local/squid/logs/squid.pid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320

auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

acl AuthUsers proxy_auth REQUIRED

acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443 563    # https, snews
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT

acl all src 0.0.0.0/0.0.0.0
acl worktime time 08:00-24:00
acl macaddr arp 00:18:f3:99:92:6b #Aleksandr
acl macaddr arp 00:13:77:35:82:32 #Production
acl our_networks src 192.168.0.0/24
acl allow_ip src 192.168.0.50
acl allow_ip src 192.168.0.66

http_access allow AuthUsers
http_access deny all

Лог SQUID
2007/04/27 18:38:12| Starting Squid Cache version 2.5.STABLE14 for i386-portbld-freebsd6.2...
2007/04/27 18:38:12| Process ID 1091
2007/04/27 18:38:12| With 2624 file descriptors available
2007/04/27 18:38:12| DNS Socket created at 0.0.0.0, port 55870, FD 6
2007/04/27 18:38:12| Adding nameserver 192.168.0.2 from /etc/resolv.conf
2007/04/27 18:38:12| Adding nameserver 192.168.0.3 from /etc/resolv.conf
2007/04/27 18:38:12| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| helperOpenServers: Starting 5 'ntlm_auth' processes
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 7 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.
2007/04/27 18:38:13| Unlinkd pipe opened on FD 11
2007/04/27 18:38:13| Swap maxSize 102400 KB, estimated 7876 objects
2007/04/27 18:38:13| Target number of buckets: 393
2007/04/27 18:38:13| Using 8192 Store buckets
2007/04/27 18:38:13| Max Mem  size: 8192 KB
2007/04/27 18:38:13| Max Swap size: 102400 KB
2007/04/27 18:38:13| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2007/04/27 18:38:13| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2007/04/27 18:38:13| Using Least Load store dir selection
2007/04/27 18:38:13| Current Directory is /usr/local/squid/logs
2007/04/27 18:38:13| Loaded Icons.
2007/04/27 18:38:13| Accepting HTTP connections at 192.168.0.8, port 8080, FD 13.
2007/04/27 18:38:13| Accepting ICP messages at 0.0.0.0, port 3130, FD 14.
2007/04/27 18:38:13| Accepting HTCP messages on port 4827, FD 15.
2007/04/27 18:38:13| Accepting SNMP messages on port 3401, FD 16.
2007/04/27 18:38:13| WCCP Disabled.
2007/04/27 18:38:13| commBind: Cannot bind socket FD 17 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| commBind: Cannot bind socket FD 17 to 127.0.0.1:0: (49) Can't assign requested address
2007/04/27 18:38:13| ipcCreate: Failed to create child FD.
2007/04/27 18:38:13| Ready to serve requests.
2007/04/27 18:38:13| Done reading /usr/local/squid/cache swaplog (841 entries)
2007/04/27 18:38:13| Finished rebuilding storage from disk.
2007/04/27 18:38:13|       841 Entries scanned
2007/04/27 18:38:13|         0 Invalid entries.
2007/04/27 18:38:13|         0 With invalid flags.
2007/04/27 18:38:13|       841 Objects loaded.
2007/04/27 18:38:13|         0 Objects expired.
2007/04/27 18:38:13|         0 Objects cancelled.
2007/04/27 18:38:13|         0 Duplicate URLs purged.
2007/04/27 18:38:13|         0 Swapfile clashes avoided.
2007/04/27 18:38:13|   Took 0.4 seconds (1989.3 objects/sec).
2007/04/27 18:38:13| Beginning Validation Procedure
2007/04/27 18:38:13|   Completed Validation Procedure
2007/04/27 18:38:13|   Validated 841 Entries
2007/04/27 18:38:13|   store_swap_size = 6004k
2007/04/27 18:38:14| storeLateRelease: released 0 objects
2007/04/27 18:38:30| helperStatefulGetServer: No running servers!.
2007/04/27 18:38:30| helperStatefulGetServer: No running servers!.
2007/04/27 18:38:30| storeDirWriteCleanLogs: Starting...
2007/04/27 18:38:30| WARNING: Closing open FD   13
2007/04/27 18:38:30|   Finished.  Wrote 841 entries.
2007/04/27 18:38:30|   Took 0.0 seconds (339386.6 entries/sec).
FATAL: Too many queued ntlmauthenticator requests (1 on 0)
Squid Cache (Version 2.5.STABLE14): Terminated abnormally.
CPU Usage: 0.147 seconds = 0.070 user + 0.077 sys
Maximum Resident Size: 6904 KB
Page faults with physical i/o: 0

Winbind работает нормально. Проверено.

Выставил след. права:
chown root:squid /var/db/samba/winbindd_privileged/

Аутентификация в IE не проходит.
В Opere вылазит приглашение с вводом имени и пароля. Какие комбинации не пробовал, аутентификация не проходит.

При запуске броузера на консоле машины с FreeBSD вылазит следующее: Too many queued ntlmauthenticator requests (1 on 0)

Я так понимаю запара вся в этой строчке:
WARNING: Cannot run '/usr/local/bin/ntlm_auth' process.

Подскажите где копать???

Высказать мнение | Ответить | Правка | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "Проблемы аутентификации пользователей домена в squid."  
Сообщение от Redduck (??) on 27-Апр-07, 20:11 
Здравствуйте.
Проверьте
wbinfo -t
wbinfo -u (выводит список пользователей домена)
wbinfo -g (выводит список групп домена)
Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "Проблемы аутентификации пользователей домена в squid."  
Сообщение от blkgod (ok) on 28-Апр-07, 00:13 
>Здравствуйте.
>Проверьте
>wbinfo -t
>wbinfo -u (выводит список пользователей домена)
>wbinfo -g (выводит список групп домена)

Да. WinBind работает. Я так понимаю, почему то не запускается helper.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "Проблемы аутентификации пользователей домена в squid."  
Сообщение от ALEXEYCH (ok) on 26-Май-08, 13:13 
Сделай так:
auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="cc94+U_PROXY_ADMIN"
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру