squid+ad验证无法使用的问题

boyofscu

我的krb验证，samba加入域很顺利，就是最后一步设置ntlm域认证时，squid服务启动不了的问题，
在论坛中见到有人跟我一样的问题，但是具体解决方法没有列出来，希望解决了这个问题的朋友多多指教！

以下这段如果在squid.conf中启用的话，squid服务启动不了，如果没有注释这些语句，则服务正常启动
...
auth_param ntlm program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param basic program /usr/lib/squid/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hours

acl ntlmusers proxy_auth REQUIRED
http_access allow ntlmusers
...

执行squid -NCd1后的结果如下,红色部分应该就是导致服务启动不了的原因
2011/08/16 17:02:25| Starting Squid Cache version 2.7.STABLE6 for i386-debian-linux-gnu...
2011/08/16 17:02:25| Process ID 22826
2011/08/16 17:02:25| With 1024 file descriptors available
2011/08/16 17:02:25| Using epoll for the IO loop
2011/08/16 17:02:25| Performing DNS Tests...
2011/08/16 17:02:25| Successful DNS name lookup tests...
2011/08/16 17:02:25| DNS Socket created at 0.0.0.0, port 53943, FD 5
2011/08/16 17:02:25| Adding domain localdomain from /etc/resolv.conf
2011/08/16 17:02:25| Adding domain localdomain from /etc/resolv.conf
2011/08/16 17:02:25| Adding nameserver 172.16.16.123 from /etc/resolv.conf
2011/08/16 17:02:25| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2011/08/16 17:02:25| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
2011/08/16 17:02:30| helperOpenServers: Starting 5 'ntlm_auth' processes
2011/08/16 17:02:30| helperOpenServers: Starting 5 'wbinfo_group.pl' processes
2011/08/16 17:02:30| User-Agent logging is disabled.
2011/08/16 17:02:30| Referer logging is disabled.
2011/08/16 17:02:30| logfileOpen: opening log /var/log/squid/access.log
2011/08/16 17:02:30| Unlinkd pipe opened on FD 25
2011/08/16 17:02:30| Swap maxSize 102400 + 8192 KB, estimated 0 objects
2011/08/16 17:02:30| Target number of buckets: 425
2011/08/16 17:02:30| Using 8192 Store buckets
2011/08/16 17:02:30| Max Mem  size: 8192 KB
2011/08/16 17:02:30| Max Swap size: 102400 KB
2011/08/16 17:02:30| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2011/08/16 17:02:30| logfileOpen: opening log /var/log/squid/store.log
2011/08/16 17:02:30| Rebuilding storage in /var/log/squid (DIRTY)
2011/08/16 17:02:30| Using Least Load store dir selection
2011/08/16 17:02:30| Current Directory is /root
2011/08/16 17:02:30| Loaded Icons.
2011/08/16 17:02:30| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 27.
2011/08/16 17:02:30| Accepting ICP messages at 0.0.0.0, port 3130, FD 28.
2011/08/16 17:02:30| HTCP Disabled.
2011/08/16 17:02:30| WCCP Disabled.
2011/08/16 17:02:30| Ready to serve requests.
2011/08/16 17:02:30| WARNING: ntlmauthenticator #1 (FD 6) exited
2011/08/16 17:02:30| WARNING: ntlmauthenticator #2 (FD 7) exited
2011/08/16 17:02:30| WARNING: ntlmauthenticator #3 (FD exited
2011/08/16 17:02:30| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!

以下是日志文件cache.log中的显示
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
        total space in arena:    2116 KB
        Ordinary blocks:         2101 KB      2 blks
        Small blocks:               0 KB      0 blks
        Holding blocks:           280 KB      1 blks
        Free Small blocks:          0 KB
        Free Ordinary blocks:      14 KB
        Total in use:            2381 KB 99%
        Total free:                14 KB 1%


我在本机单独的ntlm_auth user@TEST.COM执行验证全部成功，真是愁死我了！

Steiny

1. /usr/lib/squid/ntlm_auth

复制代码

有这个文件吗？
squid版本是多少，目前咱用的是3.1.8，认证配置如下：

1. auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
   
2. auth_param ntlm children 100 startup=0 idle=1
   
3. auth_param ntlm keep_alive on
   
4. authenticate_ttl 4 hour
   
5. authenticate_cache_garbage_interval 4 hour

复制代码

yoqao_lee

你是linux是什么版本？我现在就是采用squid + windows AD验证的，两年了一直很正常。