Problème squid ntlm

Question

Bonjour,

nous utilisons un proxy squid avec différentes instances:

une instance squid qui authentifie les utilisateurs en automatique
une instance dansguardian pour la gestion de contenu
une instance IWSS (antivirus Trendmicro)
une dernière instance squid pour la mise en cache

la première instance de squid plante régulièrement

squid monte à 100% du cpu et plus aucune requette http ne fonctionne :'(

il n'y à pas de message d'erreur dans le cache.log et je n'arrive pas à trouver la source de mon problème

voici mon fichier squid.conf (instance d'authentification):


http_port 10.100.69.10:8080
cache_peer 127.0.0.1 parent 8081 7 proxy-only no-query no-digest no-netdb-exchange login=*:nopasswd default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 8 MB
cache_swap_low 90
cache_swap_high 95
cache_log /squid_logs/cache_1.log
cache_store_log none
dns_defnames on
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 80
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 5 hour
external_acl_type NT_global_group %LOGIN /usr/lib/squid/wbinfo_group.pl
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 10000 # multiling http
acl Safe_ports port 50000 # multiling http
acl CONNECT method CONNECT
acl GRP-accesinternet external NT_global_group AI-PROXY
acl LanIP dst 10.0.0.0/255.0.0.0
acl proxyHTTP dst 10.100.69.10/255.255.255.255
acl WL_url url_regex gl-events gl-srv-planning expediacorporate.fr webcastors.net webcastor.fr pepss.com www.anae.org tva.dgi.minefi.gouv.fr www.macromedia.com expandsolutions.fr veille-referencement.com :443 java.sun.com www.trucking-online.com xiti.com generale-location.fr mappy sncf.com equitalyon.com viamichelin pagesjaunes www.google.fr euronext.com update.adobe.com barcelona2004.org exhibitions.com exhibitions-world.com iaee.com promosalons.com salons-online.com eventsource.net tsnn.com agendaonline.com ccip.fr ffme.org foiresalon.com reunir.tm.fr ufinet.org grandehalle-auvergne.com ccib.es polydome.org esprit-public.fr europa-organisation.com fagga.com.br gl-events-mobilier.com hungexpo.hu isf.fr kobe.fr circuitpaulricard.com pv.viewsurf.com batterseaevolution.co.uk ccc-lyon.com chateau-de-saint-priest.com marketplace.fr nice-acropolis.com owen-brown.co.uk package.fr fim-metz.com padovafiere.it parcfloraldeparis.com performanceorganisation.fr profil.fr pudongexpo.com.cn riocentro.com.br sodemsystem.com spaciotempo.fr standard-deco.com congres-saint-etienne.com centre-congres-toulouse.fr toulousexpo.com vachon-decoration.com lechorus.com zenith-auvergne.com ameinfo.com exponews.fr expoworld.net middleeastevents.com tscentral.com viafrance.com
acl IM dstdomain gateway.messenger.hotmail.com http.pager.yahoo.com http.proxy.icq.com login.icq.com login.oscar.aol.com messenger.yahoo.com msg.edit.yahoo.com
acl GRP-accesinternet-Limite external NT_global_group AI-RESTREINT
acl snmpnagios snmp_community nagios
http_access allow manager localhost
http_access deny manager
http_access allow Safe_ports LanIP
http_access deny !Safe_ports
http_access allow localhost
http_access allow proxyHTTP
http_access deny IM
http_access allow WL_url
http_access allow GRP-accesinternet !GRP-accesinternet-Limite
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr root
cache_effective_user squid
cache_effective_group squid
visible_hostname squid_auth
snmp_access allow snmpnagios
snmp_port 3401 
deny_info http://gl-vir-proxy/denied.html all
err_html_text www.toto.com


je constate tout de même dans le cache.log que l'instance d'authentification redémarre régulièrement quand c'est le cas, sa ne plante pas le serveur.

Voici le message affiché:

2008/05/20 13:42:38| Starting Squid Cache version 2.6.STABLE6 for i686-redhat-linux-gnu...
2008/05/20 13:42:38| Process ID 22335
2008/05/20 13:42:38| With 1024 file descriptors available
2008/05/20 13:42:38| Using epoll for the IO loop
2008/05/20 13:42:38| DNS Socket created at 0.0.0.0, port 51574, FD 5
2008/05/20 13:42:38| Adding domain generale-location.fr from /etc/resolv.conf
2008/05/20 13:42:38| Adding nameserver 10.100.65.1 from /etc/resolv.conf
2008/05/20 13:42:38| Adding nameserver 10.100.65.2 from /etc/resolv.conf
2008/05/20 13:42:38| helperStatefulOpenServers: Starting 80 'ntlm_auth' processes
2008/05/20 13:42:39| helperOpenServers: Starting 10 'ntlm_auth' processes
2008/05/20 13:42:39| helperOpenServers: Starting 5 'wbinfo_group.pl' processes
2008/05/20 13:42:39| User-Agent logging is disabled.
2008/05/20 13:42:39| Referer logging is disabled.
2008/05/20 13:42:39| Unlinkd pipe opened on FD 105
2008/05/20 13:42:39| Swap maxSize 102400 KB, estimated 7876 objects
2008/05/20 13:42:39| Target number of buckets: 393
2008/05/20 13:42:39| Using 8192 Store buckets
2008/05/20 13:42:39| Max Mem  size: 8192 KB
2008/05/20 13:42:39| Max Swap size: 102400 KB
2008/05/20 13:42:39| Store logging disabled
2008/05/20 13:42:39| Rebuilding storage in /var/spool/squid (DIRTY)
2008/05/20 13:42:39| Using Least Load store dir selection
2008/05/20 13:42:39| Current Directory is /
2008/05/20 13:42:39| Loaded Icons.
2008/05/20 13:42:39| Accepting proxy HTTP connections at 10.100.69.10, port 8080, FD 106.
2008/05/20 13:42:39| Accepting ICP messages at 0.0.0.0, port 3130, FD 107.
2008/05/20 13:42:39| Accepting SNMP messages on port 3401, FD 108.
2008/05/20 13:42:39| WCCP Disabled.
2008/05/20 13:42:39| Configuring Parent 127.0.0.1/8081/7
2008/05/20 13:42:39| Ready to serve requests.
2008/05/20 13:42:39| Store rebuilding is 44.0% complete
2008/05/20 13:42:39| WARNING: newer swaplog entry for dirno 0, fileno 00000029
2008/05/20 13:42:39| Done reading /var/spool/squid swaplog (9308 entries)
2008/05/20 13:42:39| Finished rebuilding storage from disk.
2008/05/20 13:42:39|      7331 Entries scanned
2008/05/20 13:42:39|         0 Invalid entries.
2008/05/20 13:42:39|         0 With invalid flags.
2008/05/20 13:42:39|      7325 Objects loaded.
2008/05/20 13:42:39|         0 Objects expired.
2008/05/20 13:42:39|       124 Objects cancelled.
2008/05/20 13:42:39|      1844 Duplicate URLs purged.
2008/05/20 13:42:39|         2 Swapfile clashes avoided.
2008/05/20 13:42:39|   Took 0.4 seconds (20564.6 objects/sec).
2008/05/20 13:42:39| Beginning Validation Procedure
2008/05/20 13:42:39|   Completed Validation Procedure
2008/05/20 13:42:39|   Validated 5361 Entries
2008/05/20 13:42:39|   store_swap_size = 70964k
2008/05/20 13:42:40| storeLateRelease: released 0 objects


j'ai tout de même ce message qui revient régulièrement:

[2008/05/20 12:58:54, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
  got NTLMSSP command 3, expected 1
[2008/05/20 12:59:42, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
  got NTLMSSP command 3, expected 1


ainsi que des erreurs de ce type:


2008/05/20 13:42:54| WARNING: found whitespace in HTTP header name {Content Type: text/html}
2008/05/20 13:42:54| WARNING: found whitespace in HTTP header name {Cache Control: private}
2008/05/20 13:42:54| ctx: exit level  0
2008/05/20 13:42:54| WARNING: found whitespace in HTTP header name {Content Type: text/html}
2008/05/20 13:42:54| WARNING: found whitespace in HTTP header name {Cache Control: private}


2008/05/20 13:51:03| parseHttpRequest: Requestheader contains NULL characters
2008/05/20 13:51:03| Failed to parse request headers: http://activate.pdfcreator-toolbar.org/toolbar/activate.php
POST http://activate.pdfcreator-toolbar.org/toolbar/activate.php HTTP/1.0^M
Accept: */*^M


j'ai beaucoup de mal à cerner le problème, si vous avez une idée, elle est la bienvenue :)

Merci d'avance

DonKiShoot · Answer

Essais "KeepAlive ON" dans la conf d'apache, chez moi cela a supprimer l'erreur "got NTLMSSP command 3, expected 1"

Problème squid ntlm

1 réponse

Votre réponse

Discussions similaires

Newsletters