ffischer
(usa Red Hat)
Enviado em 16/08/2010 - 15:35h
Pessoal boa tarde,
Mais uma vez recorrendo aos amigos...hehehe...
Seguinte, tenho um squid 2.6 rodando num ubuntu9.10 com autenticação msnt_auth. Estou migrando essa versão do squid para 3.1, com autenticação LDAP para AD.
SEgui alguns TUTO´s daqui, e um outro que localizei na página do squid (squid-org)http://www.squid-cache.org.br/index.php?option=com_content&task=view&id=50&Itemid=27.
Fiz toda a instalção sem qualquer problema, pedi que fosse criado um usuário no AD para utilizá-lo posteriormente no arquivo de configuração do squid. Compilei o LDAP sem erros e problemas.
A partir daí travei...hehehe...
Antes de alterar o squid.conf, realizei o teste LDAP com a seguinte linha via linha de comando:
/usr/local/squid/libexec/squid_ldap_auth -R -b "dc=nomedodominioAD,dc=local" -D "cn=proxy_user,dc=nomedodominioAD,dc=local" -w "Proxy@123" -f sAMAccountName=%s -h ipdoservidorAD
Ele fica como que aguardando algum comando...tentei utilizar um usuário válido do domínio mas ele me retornou ERR.
Coloquei a linha dentro do meu squid.config, e o log me retorna assim:
2010/08/16 14:42:57| Starting Squid Cache version 2.7.STABLE7 for i386-debian-linux-gnu...
2010/08/16 14:42:57| Process ID 25870
2010/08/16 14:42:57| With 1024 file descriptors available
2010/08/16 14:42:57| Using epoll for the IO loop
2010/08/16 14:42:57| Performing DNS Tests...
2010/08/16 14:42:57| Successful DNS name lookup tests...
2010/08/16 14:42:57| DNS Socket created at 0.0.0.0, port 42887, FD 6
2010/08/16 14:42:57| Adding nameserver 200.20.212.71 from squid.conf
2010/08/16 14:42:57| Adding nameserver 200.20.213.2 from squid.conf
2010/08/16 14:42:57| Adding nameserver 200.20.213.1 from squid.conf
2010/08/16 14:42:57| Adding nameserver 200.20.212.34 from squid.conf
2010/08/16 14:42:57| helperOpenServers: Starting 10 'squid_ldap_auth' processes
2010/08/16 14:43:04| User-Agent logging is disabled.
2010/08/16 14:43:04| Referer logging is disabled.
2010/08/16 14:43:04| logfileOpen: opening log /var/log/squid/access.log
Usage: squid_ldap_auth -b basedn [options] [ldap_server_name[:port]]...
-b basedn (REQUIRED) base dn under which to search
-f filter search filter to locate user DN
-u userattr username DN attribute
-s base|one|sub search scope
-D binddn DN to bind as to perform searches
-w bindpasswd password for binddn
-W secretfile read password for binddn from file secretfile
-H URI LDAPURI (defaults to ldap://localhost)
-h server LDAP server (defaults to localhost)
-p port LDAP server port
-P persistent LDAP connection
-c timeout connect timeout
-t timelimit search time limit
-R do not follow referrals
-a never|always|search|find
when to dereference aliases
-v 2|3 LDAP version
-Z TLS encrypt the LDAP connection, requires LDAP version 3
-d enable debug mode
If no search filter is specified, then the dn <userattr>=user,basedn
will be used (same as specifying a search filter of '<userattr>=',
but quicker as as there is no need to search for the user DN)
If you need to bind as a user to perform searches then use the
-D binddn -w bindpasswd or -D binddn -W secretfile options
2010/08/16 14:43:04| Unlinkd pipe opened on FD 22
2010/08/16 14:43:04| Swap maxSize 8290304 + 524288 KB, estimated 678045 objects
2010/08/16 14:43:04| Target number of buckets: 33902
2010/08/16 14:43:04| Using 65536 Store buckets
2010/08/16 14:43:04| Max Mem size: 524288 KB
2010/08/16 14:43:04| Max Swap size: 8290304 KB
2010/08/16 14:43:04| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/08/16 14:43:04| logfileOpen: opening log /var/log/squid/store.log
2010/08/16 14:43:04| Rebuilding storage in /var/cache/squid (DIRTY)
2010/08/16 14:43:04| Using Least Load store dir selection
2010/08/16 14:43:04| Set Current Directory to /var/cache/squid
2010/08/16 14:43:04| Loaded Icons.
2010/08/16 14:43:04| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 23.
2010/08/16 14:43:04| Accepting ICP messages at 0.0.0.0, port 3130, FD 24.
2010/08/16 14:43:04| HTCP Disabled.
2010/08/16 14:43:04| WCCP Disabled.
2010/08/16 14:43:04| Ready to serve requests.
2010/08/16 14:43:04| WARNING: basicauthenticator #1 (FD 7) exited
2010/08/16 14:43:04| WARNING: basicauthenticator #2 (FD 8) exited
2010/08/16 14:43:04| WARNING: basicauthenticator #3 (FD 9) exited
2010/08/16 14:43:04| WARNING: basicauthenticator #4 (FD 10) exited
2010/08/16 14:43:04| WARNING: basicauthenticator #6 (FD 13) exited
2010/08/16 14:43:04| Too few basicauthenticator processes are running
FATAL: The basicauthenticator helpers are crashing too rapidly, need help!
Usage: squid_ldap_auth -b basedn [options] [ldap_server_name[:port]]...
-b basedn (REQUIRED) base dn under which to search
-f filter search filter to locate user DN
-u userattr username DN attribute
-s base|one|sub search scope
-D binddn DN to bind as to perform searches
-w bindpasswd password for binddn
-W secretfile read password for binddn from file secretfile
-H URI LDAPURI (defaults to ldap://localhost)
-h server LDAP server (defaults to localhost)
-p port LDAP server port
-P persistent LDAP connection
-c timeout connect timeout
-t timelimit search time limit
-R do not follow referrals
-a never|always|search|find
when to dereference aliases
-v 2|3 LDAP version
-Z TLS encrypt the LDAP connection, requires LDAP version 3
-d enable debug mode
If no search filter is specified, then the dn <userattr>=user,basedn
will be used (same as specifying a search filter of '<userattr>=',
but quicker as as there is no need to search for the user DN)
If you need to bind as a user to perform searches then use the
-D binddn -w bindpasswd or -D binddn -W secretfile options
2010/08/16 14:43:11| Unlinkd pipe opened on FD 22
2010/08/16 14:43:11| Swap maxSize 8290304 + 524288 KB, estimated 678045 objects
2010/08/16 14:43:11| Target number of buckets: 33902
2010/08/16 14:43:11| Using 65536 Store buckets
2010/08/16 14:43:11| Max Mem size: 524288 KB
2010/08/16 14:43:11| Max Swap size: 8290304 KB
2010/08/16 14:43:11| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2010/08/16 14:43:11| logfileOpen: opening log /var/log/squid/store.log
2010/08/16 14:43:11| Rebuilding storage in /var/cache/squid (DIRTY)
2010/08/16 14:43:11| Using Least Load store dir selection
2010/08/16 14:43:11| Set Current Directory to /var/cache/squid
2010/08/16 14:43:11| Loaded Icons.
2010/08/16 14:43:11| Accepting proxy HTTP connections at 0.0.0.0, port 3128, FD 23.
2010/08/16 14:43:11| Accepting ICP messages at 0.0.0.0, port 3130, FD 24.
2010/08/16 14:43:11| HTCP Disabled.
2010/08/16 14:43:11| WCCP Disabled.
2010/08/16 14:43:11| Ready to serve requests.
2010/08/16 14:43:11| WARNING: basicauthenticator #1 (FD 7) exited
2010/08/16 14:43:11| WARNING: basicauthenticator #2 (FD 8) exited
2010/08/16 14:43:11| WARNING: basicauthenticator #4 (FD 10) exited
2010/08/16 14:43:11| WARNING: basicauthenticator #5 (FD 12) exited
2010/08/16 14:43:11| WARNING: basicauthenticator #3 (FD 9) exited
2010/08/16 14:43:11| Too few basicauthenticator processes are running
FATAL: The basicauthenticator helpers are crashing too rapidly, need help!
Squid Cache (Version 2.7.STABLE7): Terminated abnormally.
CPU Usage: 0.040 seconds = 0.012 user + 0.028 sys
Maximum Resident Size: 20256 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2244 KB
Ordinary blocks: 2154 KB 6 blks
Small blocks: 0 KB 0 blks
Holding blocks: 932 KB 3 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 89 KB
Total in use: 3086 KB 97%
Total free: 89 KB 3%
PS.: Não criei nenhuma OU dentro do AD, todo o controle de acesso eu faço pelo squid.conf atraves de acl´s, não existem grupos de usuários dentro do AD, estão todos no mesmo local...
Agradeço todas as informações que possam me ajudar...to com a corda no pesqcoço aqui...
ffischer_@hotmail.com = msn
ffischerb@gmail.com = email
Vlw pessoal
Fábio Fischer