Squid com erro FATAL [RESOLVIDO]

carlosleosouza
(usa Debian)

Enviado em 28/04/2014 - 11:30h

Pessoal, bom dia.

Meu squid de uma hora pra outra não inicia. Já dei o comando squid -NCd1 pra depurar e a mensagem de erro que ocorre é com a autenticação dos usuários.

FATAL: The ldap_group helpers are crashing too rapidly, need help!

Alguém poderia me ajudar? Já tentei de tudo aqui e nada.

danniel-lara
(usa Fedora)

Enviado em 28/04/2014 - 13:41h

tem como postar seu squid.conf ?

carlosleosouza
(usa Debian)

Enviado em 28/04/2014 - 13:53h

Claro que sim. Tá um pouco extenso por causa da quantidade de ACLs.
Meu squid é versão 3
Obrigado!
Segue:

http_port 8082
cache_mem 1 GB
ipcache_low 90
ipcache_high 95
cache_dir aufs /var/spool/squid 8096 16 256
debug_options ALL,1
error_directory /usr/share/squid/errors/pt-br/
minimum_object_size 0 KB
maximum_object_size 102400 KB
maximum_object_size_in_memory 8 MB
memory_pools on
memory_pools_limit 64 MB

access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid

cache_mgr otaviana@viacaoregional.com.br
memory_pools off

diskd_program /usr/lib64/squid/diskd
unlinkd_program /usr/lib64/squid/unlinkd

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
quick_abort_max 16 KB
quick_abort_pct 95
quick_abort_min 16 KB
request_header_max_size 20 KB
reply_header_max_size 20 KB
request_body_max_size 0 KB
mail_program mail
cache_effective_user squid
cache_effective_group squid
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
httpd_suppress_version_string off
visible_hostname WEBSERVER.rj.com.local
half_closed_clients off
hierarchy_stoplist cgi-bin ?

# Autenticacao integrada com a base do SaMBa
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b dc=rj,dc=com,dc=local -f sAMAccountName=%s -h 10.10.10.250 -D cn=administrator,cn=Users,dc=rj,dc=com,dc=local -w $3nh@F0rt3$
auth_param basic children 5
auth_param basic realm Viação Regional & Jauá
auth_param basic credentialsttl 2 hour
auth_param basic casesensitive off

# acl para obter grupos do AD
external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group -R -b "dc=rj,dc=com,dc=local" -D cn=Administrator,cn=Users,dc=rj,dc=com,dc=local -w  -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,cn=Users,dc=rj,dc=com,dc=local))" -h 10.10.10.250

# Grupos do AD
acl InternetCompleto external ldap_group InternetCompleto
acl InternetBasico external ldap_group InternetBasico
acl InternetIntermediario external ldap_group InternetIntermediario
acl Authenticated proxy_auth REQUIRED

# Liberações do SRVP e Java
acl libjava url_regex java.com sun.com
http_access allow libjava
acl libdljava url_regex javadl-esd.sun.com
http_access allow libdljava
acl libsrvp url_regex http://189.3.216.130/pv/rotat/SRVP_AUpdate.exe/* www.srvp.com.br
http_access allow libsrvp
#acl nfe dstdomain "/etc/squid/rules/blacklists/nfe/urls"
#http_access allow nfe

#Cria uma access control list, baseando-se na url e utilizando exp. regulares
#nesta situação foi criado uma exp. regular para cgi e ?.
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# ACLs restritivas
acl whitelist dstdomain "/etc/squid/rules/blacklists/whitelist/domains"
acl whitelist_urls dstdomain "/etc/squid/rules/blacklists/whitelist/urls"
acl socialnetworks dstdomain "/etc/squid/rules/blacklists/social_networks/domains"
acl social_networks urlpath_regex -i "/etc/squid/rules/blacklists/social_networks/urls"
acl adult dstdomain "/etc/squid/rules/blacklists/adult/domains"
acl [*****] dstdomain "/etc/squid/rules/blacklists/[*****]/domains"
acl socialnetworking dstdomain "/etc/squid/rules/blacklists/socialnetworking/domains"
acl social_networking urlpath_regex -i "/etc/squid/rules/blacklists/socialnetworking/urls"
acl mixed_adult dstdomain "/etc/squid/rules/blacklists/mixed_adult/domains"
acl audio-video dstdomain "/etc/squid/rules/blacklists/audio-video/domains"
acl audiovideo urlpath_regex -i "/etc/squid/rules/blacklists/audio-video/urls"
acl filehosting dstdomain "/etc/squid/rules/blacklists/filehosting/domains"
acl filesharing dstdomain "/etc/squid/rules/blacklists/filesharing/domains"
acl onlinegames dstdomain "/etc/squid/rules/blacklists/onlinegames/domains"
acl games dstdomain "/etc/squid/rules/blacklists/games/domains"
acl phishing dstdomain "/etc/squid/rules/blacklists/phishing/domains"
acl malware dstdomain "/etc/squid/rules/blacklists/malware/domains"
acl virusinfected dstdomain "/etc/squid/rules/blacklists/virusinfected/domains"
acl proxy dstdomain "/etc/squid/rules/blacklists/proxy/domains"
acl warez dstdomain "/etc/squid/rules/blacklists/warez/domains"
acl hacking dstdomain "/etc/squid/rules/blacklists/hacking/domains"
acl spyware dstdomain "/etc/squid/rules/blacklists/spyware/domains"
acl gambling dstdomain "/etc/squid/rules/blacklists/gambling/domains"
acl blogs dstdomain "/etc/squid/rules/blacklists/blog/domains"
acl search dstdomain "/etc/squid/rules/blacklists/searchs/domains"
acl negados arp "/etc/squid/rules/negados.txt"
acl vetofiles url_regex -i "/etc/squid/rules/blacklists/files/types"
acl almoco time SMTWHFA 11:55-13:35
acl tarde time SMTWHFA 18:00-20:00

#acl html rep_mime_type text/html

#ACLs padrão
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.10.10.0/24
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 8080 #http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 1863 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1120 1121 #SRVP
acl CONNECT method CONNECT
acl POST method POST

# Negar cache de POST
#acl POSTS method POST
#cache deny POSTS
acl FTP proto FTP
always_direct allow FTP

http_access allow manager localhost
http_access deny manager
http_access allow POST
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Authenticated InternetCompleto !adult ![*****] !mixed_adult !phishing !malware !virusinfected !proxy !hacking !spyware
http_access allow Authenticated InternetIntermediario !socialnetworks !social_networks !socialnetworking !social_networking !adult ![*****] !mixed_adult !audio-video !audiovideo !filesharing !filehosting !onlinegames !games !phishing !malware !virusinfected !proxy !warez !hacking !spyware !gambling !blogs
#http_access deny vetofiles
http_access deny negados
http_access allow whitelist
http_access allow whitelist_urls
#reply_body_max_size 1024 MB html
reply_body_max_size 10 MB InternetBasico
#reply_body_max_size 10 MB InternetIntermediario
reply_body_max_size 5 MB almoco
reply_body_max_size 5 MB tarde
http_access allow Authenticated InternetBasico whitelist whitelist_urls !vetofiles
http_access allow Authenticated almoco ![*****] !adult !mixed_adult !filesharing !filehosting !phishing !malware !virusinfected !proxy !warez !hacking !spyware !gambling !audio-video !audiovideo !vetofiles
http_access allow Authenticated tarde ![*****] !adult !mixed_adult !filesharing !filehosting !phishing !malware !virusinfected !proxy !warez !hacking !spyware !gambling !vetofiles
http_access deny all