[squid-users] désolé de vous avoir spammé
sorry for spamming you... desolé de vous avoir spammé here is the video that should explains the origin of the word "SPAM" Pour vous consoler : l'origine du mot spam viendrait d'ici ( merci Luc) http://www.youtube.com/watch?v=anwy2MPT5RE&feature=youtube_gdata_player Alex
[squid-users] squid 3.2.11 in opensuse 12.3 and error about creating IPv6 socket
Good morning, In the syslog squid complains about error with creating IPv6 socket : 2013-06-03T07:00:01.856497+02:00 proxyad1 squid[6189]: commBind: Cannot bind socket FD 21 to [::1]: (99) Cannot assign requested address 2013-06-03T07:00:01.856969+02:00 proxyad1 squid[6189]: commBind: Cannot bind socket FD 25 to [::1]: (99) Cannot assign requested address Of course, I've IPv6 disabled (server is in LAN), but I couldn't find a configuration directive in the squid that could want to use IPv6 localhost. Squid works under his user: root 1082 1 0 May28 ?00:00:00 /usr/sbin/squid -F -sY -f /etc/squid/squid.conf squid 5658 6189 0 07:00 ?00:00:00 (basic_radius_auth) -f /etc/radius_config squid 6189 1082 0 May31 ?00:09:05 (squid-1) -F -sY -f /etc/squid/squid.conf squid 6190 6189 0 May31 ?00:00:00 (unlinkd) squid 6191 6189 0 May31 ?00:00:06 diskd 6337540 6337541 6337542 What did I missed ? Thanks and best regads J.Karliak. P.S. Enabling IPv6 is a last option ... -- Ma domena pouziva zabezpeceni a kontrolu SPF (www.openspf.org) a DomainKeys/DKIM (with ADSP) . Pokud mate problemy s dorucenim emailu, zacnete pouzivat metody overeni puvody emailu zminene vyse. Dekuji. My domain use SPF (www.openspf.org) and DomainKeys/DKIM (with ADSP) policy and check. If you've problem with sending emails to me, start using email origin methods mentioned above. Thank you. This message was sent using IMP, the Internet Messaging Program.
[squid-users] Re: squid 3.2.11 in opensuse 12.3 and error about creating IPv6 socket
Sounds familar to me on Suse. Somehow I was not able to completely disable all IPv6 support on my openSuSE, too, and had similar effects like you. Try ./configure --disable-ipv6 to compile squid from source as a workaround. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-3-2-11-in-opensuse-12-3-and-error-about-creating-IPv6-socket-tp4660392p4660393.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] squid 3.2.11 in opensuse 12.3 and error about creating IPv6 socket
On 3/06/2013 7:45 p.m., Josef Karliak wrote: Good morning, In the syslog squid complains about error with creating IPv6 socket : 2013-06-03T07:00:01.856497+02:00 proxyad1 squid[6189]: commBind: Cannot bind socket FD 21 to [::1]: (99) Cannot assign requested address 2013-06-03T07:00:01.856969+02:00 proxyad1 squid[6189]: commBind: Cannot bind socket FD 25 to [::1]: (99) Cannot assign requested address Of course, I've IPv6 disabled (server is in LAN), but I couldn't find a configuration directive in the squid that could want to use IPv6 localhost. Uhm. Server being in the LAN is the best place to *enable* IPv6. For testing and fixing the internal systems before you are faced with global IPv6. Squid works under his user: root 1082 1 0 May28 ?00:00:00 /usr/sbin/squid -F -sY -f /etc/squid/squid.conf squid 5658 6189 0 07:00 ?00:00:00 (basic_radius_auth) -f /etc/radius_config squid 6189 1082 0 May31 ?00:09:05 (squid-1) -F -sY -f /etc/squid/squid.conf squid 6190 6189 0 May31 ?00:00:00 (unlinkd) squid 6191 6189 0 May31 ?00:00:06 diskd 6337540 6337541 6337542 What did I missed ? You have external ACL helpers? they default to using ::1 unless you add the "ipv4" option to external_acl_type in Squid-3.2. Amos
Re: [squid-users] cant build squid 3.3.5 with external_acl_helper ldap_group on CentOS 6.4 64bits
Yes it works. If you need some SHM thing just change the ownership of the directory. it will solve most of the problems. If there is some SPEC expert here I will be happy to get some help to do this change in the SPEC file instead of doing it manually. Eliezer On 6/1/2013 11:50 PM, Ricardo Klein wrote: Eliezer, nice, you already have the package I need... Did you package works with ldap_group external acl? I will try it and check if your package works with my conf, this SHM error is driving me crazy. -- Att... Ricardo Felipe Klein klein@gmail.com On Sat, Jun 1, 2013 at 5:28 PM, Eliezer Croitoru wrote: Hey Ricardo, If you can build an RPM and store it it will be helpful for many people. it will also add redundancy to my RPM and an alternative to mine. http://www1.ngtech.co.il/rpm/centos/6/x86_64/ if you want the SRPM this is where mine is stored: http://www1.ngtech.co.il/rpm/centos/6/x86_64/SRPM/ Eliezer On 6/1/2013 3:01 PM, Ricardo Klein wrote: Amos, great thanks, I will fix this mess I did in the ./configure and try again. If I can build an RPM package for CentOS 6.4 (and it should work in RHEL 6.4 too) there is any interest I put this in somewhere people can download it? -- Att... Ricardo Felipe Klein klein@gmail.com On Sat, Jun 1, 2013 at 12:39 AM, Amos Jeffries wrote: On 1/06/2013 7:40 a.m., Ricardo Klein wrote: Hi there, I am trying to build squid on CentOS 6.4 64bits with external_acl_helper "ldap_group", but my ./configure log says: configure: external acl helper ldap_group ... found but cannot be built I have fired a but in the bugtrack, but, if any of you know what is wrong, please tell me so I can cancel that bugtracker. The script detecting external-acl-helpers entries has a bug displaying the wrong message for the error. It will report "found but cannot be built" for both the found and not-found error cases. In your situation I believe the helpers as named cannot be found at all due to incorrect ./configure options. Details inline with your options... Here is my ./configure options: ./configure \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=/usr/lib64 \ --libexecdir=/usr/libexec \ --sharedstatedir=/var/lib \ --mandir=/usr/share/man \ --infodir=/usr/share/info \ --enable-internal-dns \ internal-dns is enabeld by default. You can omit this. --disable-strict-error-checking \ --exec_prefix=/usr \ --libexecdir=/usr/lib64/squid \ --localstatedir=/var \ --datadir=/usr/share/squid \ --sysconfdir=/etc/squid \ You already specified several of the above batch of options (datadir, sysconfdir, libexecdir) with different values. This may cause unexpected results when installing. And "--exec_prefix" does not exist. There is a different "--exec-prefix" option earlier which will be used ... so more unexpected results when installing. --with-logdir=$LOCALSTATEDIR/log/squid \ --with-pidfile=$LOCALSTATEDIR/run/squid.pid \ --disable-dependency-tracking \ --enable-arp-acl \ "--enable-arp-acl" does not exit. The replacement --enable-eui is already enabled by default, so all you need do is to remove the above option. --enable-follow-x-forwarded-for \ --enable-auth \ NP: auth is enabled by default, and when omitted will be auto-enabled by the below helpers options anyway. You can omit "--enable-auth" entirely. --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,squid_radius_auth --enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth \ --enable-digest-auth-helpers=password,ldap,eDirectory \ --enable-negotiate-auth-helpers=squid_kerb_auth \ The auth build options underwent a major change in the squid-3.2 series. --enable-X-auth-helpers options no longer exist. Squid ./configure script is ignoring the above auth helper options and using the default versions of the new --enable-auth-X options. For example your basic auth helpers line should be: --enable-auth-basic="LDAP,MSNT,NCSA,PAM,SMB,NIS,getpwnam,MSNT-multi-domain,SASL,DB,RADIUS" --enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group You are not getting build problems with the auth helpers because the entire configure --enable-* option name changed and the broken ones above are ignored in favour of the auto-detected helpers. The external-acl-helpers option however did not change, so you hit error messages trying to build the differently named helpers. Run "ls -1 helpers/*/" to see all the new helper names. Note that the list here is case sensitive. --enable-cache-digests \ --enable-cachemgr-hostname=localhost \ --enable-delay-pools \ --enable-epoll \ --enable-icap-client \ --enable-ident-lookups \ --enable-linux-netfilter \ --enable-referer-log \ --enable-referer-log no longer exists. It is a built-in squid.conf logformat type instead now. --enable-removal-policies=heap,lru \ --enable-snmp \ --enable
[squid-users] Re: TPROXY
Hi, I have followed the same steps that in the previous case but changing the Operating System. Tried on: - Fedora 18 - Kernel 3.6.10 - IPtables 1.4.16 - Squid 3.3.5 with Tproxy Unfortunately, is the same situation that when I was using Ubuntu. The users can reach Internet only if Squid is working, but any activity is registered in the file access.log. Is it possible that Fedora's kernel has the same problem than Ubuntu? Regards, Alvaro -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/TPROXY-tp4658393p4660396.html Sent from the Squid - Users mailing list archive at Nabble.com.
Re: [squid-users] cant build squid 3.3.5 with external_acl_helper ldap_group on CentOS 6.4 64bits
Eliezer, You mean change permissions on /dev/shm? It is already "world writeable" [root@theroutertwo ~]# ll /dev/shm total 0 drwxrwxrwt. 2 root root 40 Jun 1 12:16 . (maybe I am doing the hole shm thing wrong) Btw I will test your package this morning (it is monday morning here in Brazil now) and tell you how it goes. -- Att... Ricardo Felipe Klein klein@gmail.com On Mon, Jun 3, 2013 at 7:58 AM, Eliezer Croitoru wrote: > Yes it works. > If you need some SHM thing just change the ownership of the directory. > it will solve most of the problems. > If there is some SPEC expert here I will be happy to get some help to do > this change in the SPEC file instead of doing it manually. > > Eliezer > > > On 6/1/2013 11:50 PM, Ricardo Klein wrote: >> >> Eliezer, >> >> nice, you already have the package I need... Did you package works >> with ldap_group external acl? >> I will try it and check if your package works with my conf, this SHM >> error is driving me crazy. >> -- >> Att... >> >> Ricardo Felipe Klein >> klein@gmail.com >> >> >> On Sat, Jun 1, 2013 at 5:28 PM, Eliezer Croitoru >> wrote: >>> >>> Hey Ricardo, >>> >>> If you can build an RPM and store it it will be helpful for many people. >>> it will also add redundancy to my RPM and an alternative to mine. >>> http://www1.ngtech.co.il/rpm/centos/6/x86_64/ >>> if you want the SRPM this is where mine is stored: >>> http://www1.ngtech.co.il/rpm/centos/6/x86_64/SRPM/ >>> >>> Eliezer >>> >>> >>> On 6/1/2013 3:01 PM, Ricardo Klein wrote: Amos, great thanks, I will fix this mess I did in the ./configure and try again. If I can build an RPM package for CentOS 6.4 (and it should work in RHEL 6.4 too) there is any interest I put this in somewhere people can download it? -- Att... Ricardo Felipe Klein klein@gmail.com On Sat, Jun 1, 2013 at 12:39 AM, Amos Jeffries wrote: > > > On 1/06/2013 7:40 a.m., Ricardo Klein wrote: >> >> >> >> Hi there, >> >> I am trying to build squid on CentOS 6.4 64bits with >> external_acl_helper "ldap_group", but my ./configure log says: >> configure: external acl helper ldap_group ... found but cannot be >> built >> I have fired a but in the bugtrack, but, if any of you know what is >> wrong, please tell me so I can cancel that bugtracker. > > > > > The script detecting external-acl-helpers entries has a bug displaying > the > wrong message for the error. It will report "found but cannot be built" > for > both the found and not-found error cases. In your situation I believe > the > helpers as named cannot be found at all due to incorrect ./configure > options. > > Details inline with your options... > > >> Here is my ./configure options: >> ./configure \ >> --prefix=/usr \ >> --exec-prefix=/usr \ >> --bindir=/usr/bin \ >> --sbindir=/usr/sbin \ >> --sysconfdir=/etc \ >> --datadir=/usr/share \ >> --includedir=/usr/include \ >> --libdir=/usr/lib64 \ >> --libexecdir=/usr/libexec \ >> --sharedstatedir=/var/lib \ >> --mandir=/usr/share/man \ >> --infodir=/usr/share/info \ >> --enable-internal-dns \ > > > > > internal-dns is enabeld by default. You can omit this. > > >> --disable-strict-error-checking \ >> --exec_prefix=/usr \ >> --libexecdir=/usr/lib64/squid \ >> --localstatedir=/var \ >> --datadir=/usr/share/squid \ >> --sysconfdir=/etc/squid \ > > > > > You already specified several of the above batch of options (datadir, > sysconfdir, libexecdir) with different values. This may cause > unexpected > results when installing. > And "--exec_prefix" does not exist. There is a different > "--exec-prefix" > option earlier which will be used ... so more unexpected results when > installing. > >> --with-logdir=$LOCALSTATEDIR/log/squid \ >> --with-pidfile=$LOCALSTATEDIR/run/squid.pid \ > > > > >> --disable-dependency-tracking \ >> --enable-arp-acl \ > > > > "--enable-arp-acl" does not exit. The replacement --enable-eui is > already > enabled by default, so all you need do is to remove the above option. > >> --enable-follow-x-forwarded-for \ >> --enable-auth \ > > > > NP: auth is enabled by default, and when omitted will be auto-enabled > by > the > below helpers options anyway. You can omit "--enable-auth" entirely. > >> >> >> >> --enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,squid_radius_auth >> --enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth \ >> --enable-digest-auth-helpers=password,ldap,eDirectory \ >> --enable-negotiate-auth-helpers=squid_kerb_auth \ > > > > > The auth build
Re: [squid-users] cant build squid 3.3.5 with external_acl_helper ldap_group on CentOS 6.4 64bits
Eliezer, you didnt compiled LDAP_group external acl, see your ./configure line: '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' My: --enable-external-acl-helpers="file_userip,LDAP_group,kerberos_ldap_group,session,unix_group,wbinfo_group" But I will try to rebuild your package with LDAP_group enabled -- Att... Ricardo Felipe Klein klein@gmail.com On Mon, Jun 3, 2013 at 8:53 AM, Ricardo Klein wrote: > Eliezer, > > You mean change permissions on /dev/shm? It is already "world writeable" > [root@theroutertwo ~]# ll /dev/shm > total 0 > drwxrwxrwt. 2 root root 40 Jun 1 12:16 . > > (maybe I am doing the hole shm thing wrong) > > Btw I will test your package this morning (it is monday morning here in > Brazil now) and tell you how it goes. > > -- > Att... > > Ricardo Felipe Klein > klein@gmail.com > > > On Mon, Jun 3, 2013 at 7:58 AM, Eliezer Croitoru > wrote: >> >> Yes it works. >> If you need some SHM thing just change the ownership of the directory. >> it will solve most of the problems. >> If there is some SPEC expert here I will be happy to get some help to do >> this change in the SPEC file instead of doing it manually. >> >> Eliezer >> >> >> On 6/1/2013 11:50 PM, Ricardo Klein wrote: >>> >>> Eliezer, >>> >>> nice, you already have the package I need... Did you package works >>> with ldap_group external acl? >>> I will try it and check if your package works with my conf, this SHM >>> error is driving me crazy. >>> -- >>> Att... >>> >>> Ricardo Felipe Klein >>> klein@gmail.com >>> >>> >>> On Sat, Jun 1, 2013 at 5:28 PM, Eliezer Croitoru >>> wrote: Hey Ricardo, If you can build an RPM and store it it will be helpful for many people. it will also add redundancy to my RPM and an alternative to mine. http://www1.ngtech.co.il/rpm/centos/6/x86_64/ if you want the SRPM this is where mine is stored: http://www1.ngtech.co.il/rpm/centos/6/x86_64/SRPM/ Eliezer On 6/1/2013 3:01 PM, Ricardo Klein wrote: > > > Amos, > > great thanks, I will fix this mess I did in the ./configure and try > again. If I can build an RPM package for CentOS 6.4 (and it should > work in RHEL 6.4 too) there is any interest I put this in somewhere > people can download it? > -- > Att... > > Ricardo Felipe Klein > klein@gmail.com > > > On Sat, Jun 1, 2013 at 12:39 AM, Amos Jeffries > wrote: >> >> >> On 1/06/2013 7:40 a.m., Ricardo Klein wrote: >>> >>> >>> >>> Hi there, >>> >>> I am trying to build squid on CentOS 6.4 64bits with >>> external_acl_helper "ldap_group", but my ./configure log says: >>> configure: external acl helper ldap_group ... found but cannot be >>> built >>> I have fired a but in the bugtrack, but, if any of you know what is >>> wrong, please tell me so I can cancel that bugtracker. >> >> >> >> >> The script detecting external-acl-helpers entries has a bug displaying >> the >> wrong message for the error. It will report "found but cannot be >> built" >> for >> both the found and not-found error cases. In your situation I believe >> the >> helpers as named cannot be found at all due to incorrect ./configure >> options. >> >> Details inline with your options... >> >> >>> Here is my ./configure options: >>> ./configure \ >>> --prefix=/usr \ >>> --exec-prefix=/usr \ >>> --bindir=/usr/bin \ >>> --sbindir=/usr/sbin \ >>> --sysconfdir=/etc \ >>> --datadir=/usr/share \ >>> --includedir=/usr/include \ >>> --libdir=/usr/lib64 \ >>> --libexecdir=/usr/libexec \ >>> --sharedstatedir=/var/lib \ >>> --mandir=/usr/share/man \ >>> --infodir=/usr/share/info \ >>> --enable-internal-dns \ >> >> >> >> >> internal-dns is enabeld by default. You can omit this. >> >> >>> --disable-strict-error-checking \ >>> --exec_prefix=/usr \ >>> --libexecdir=/usr/lib64/squid \ >>> --localstatedir=/var \ >>> --datadir=/usr/share/squid \ >>> --sysconfdir=/etc/squid \ >> >> >> >> >> You already specified several of the above batch of options (datadir, >> sysconfdir, libexecdir) with different values. This may cause >> unexpected >> results when installing. >> And "--exec_prefix" does not exist. There is a different >> "--exec-prefix" >> option earlier which will be used ... so more unexpected results when >> installing. >> >>> --with-logdir=$LOCALSTATEDIR/log/squid \ >>> --with-pidfile=$LOCALSTATEDIR/run/squid.pid \ >> >> >> >> >>> --disable-dependency-tracking \ >>> --enable-arp-acl \ >> >> >> >> "--enable-arp-acl" does not exit. The replacement --enable-eui is >> already >> enabled by default, so all you need do is to remove the above option
Re: [squid-users] external_acl_type ttl,negative_ttl works as expected
> The latest 3.3 should be okay, although we have some reports of weirdness
> still going on as late as 3.3.4.
>
> Amos
I guess the weirdness is going on then:
Squid Cache: Version 3.3.4
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var'
'--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode'
'--disable-dependency-tracking' '--disable-silent-rules'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap'
'--enable-delay-pools' '--enable-cache-digests' '--enable-underscores'
'--enable-icap-client' '--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,smb_lm'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group'
'--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi'
'--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation'
'--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3'
'--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
'--with-large-files' '--with-default-user=proxy' '--enable-linux-netfilter'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
'CXXFLAGS=-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security'
Anyway to have a small value that works until it will be finally fixed?
KR,
Oliver
smime.p7s
Description: S/MIME cryptographic signature
Re: [squid-users] cant build squid 3.3.5 with external_acl_helper ldap_group on CentOS 6.4 64bits
Hi Eliezer, I ended up making some changes on my /etc/init.d/squid to force pidfiles exclusion on /var/run/squid, because when I restart squid it does not always kill that files (but it end all processes). My new packages now have the init.d script with that changes and I have uploaded them here: http://webfiles.klein.inf.br/centos/squid-3.3.5-2.el6.src.rpm http://webfiles.klein.inf.br/centos/squid-3.3.5-2.el6.x86_64.rpm And, my selinux policyes too: http://webfiles.klein.inf.br/centos/squid_selinuxpolicy.tar.bz2 if you use any RHEL flavor. Btw, I have good performance when added some optins on ext_ldap_group_acl (children-max=50 children-startup=25 children-idle=25), and here is all the interesting part about it: SQUID.CONF parts cache_mem 2048 MB workers 6 cache_dir rock /var/spool/squid/cache1 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache2 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache3 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache4 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache5 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache6 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_replacement_policy heap LFUDA logfile_daemon /usr/lib64/squid/log_file_daemon access_log daemon:/var/log/squid/access.log squid auth_param basic credentialsttl 20 minutes auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic external_acl_type ldap_group children-max=50 children-startup=25 children-idle=25 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -P -S -R -b "DC=MYDOMAIN,DC=local" -D "CN=squid,OU=Internet,OU=Infra-estrutura,DC=MYDOMAIN,DC=local" -w MYPASSWORD -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,OU=Internet,OU=Infra-estrutura,DC=MYDOMAIN,DC=local))" -h authenticate_ttl 600 seconds /SQUID.CONF parts Anyway, I still have some errors like this one when using more then 2 workers (but squid still working): Squid Cache (Version 3.3.5): Terminated abnormally. CPU Usage: 0.068 seconds = 0.054 user + 0.014 sys Maximum Resident Size: 76000 KB Page faults with physical i/o: 0 FATAL: Ipc::Mem::Segment::open failed to shm_open(/squid-squid-page-pool.shm): (2) No such file or directory I am going to test it in production to see how it perform and tell you here ok? -- Att... Ricardo Felipe Klein klein@gmail.com On Mon, Jun 3, 2013 at 9:37 AM, Ricardo Klein wrote: > Eliezer, > > you didnt compiled LDAP_group external acl, see your ./configure line: > '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' > > My: > --enable-external-acl-helpers="file_userip,LDAP_group,kerberos_ldap_group,session,unix_group,wbinfo_group" > > But I will try to rebuild your package with LDAP_group enabled > -- > Att... > > Ricardo Felipe Klein > klein@gmail.com > > > On Mon, Jun 3, 2013 at 8:53 AM, Ricardo Klein wrote: >> Eliezer, >> >> You mean change permissions on /dev/shm? It is already "world writeable" >> [root@theroutertwo ~]# ll /dev/shm >> total 0 >> drwxrwxrwt. 2 root root 40 Jun 1 12:16 . >> >> (maybe I am doing the hole shm thing wrong) >> >> Btw I will test your package this morning (it is monday morning here in >> Brazil now) and tell you how it goes. >> >> -- >> Att... >> >> Ricardo Felipe Klein >> klein@gmail.com >> >> >> On Mon, Jun 3, 2013 at 7:58 AM, Eliezer Croitoru >> wrote: >>> >>> Yes it works. >>> If you need some SHM thing just change the ownership of the directory. >>> it will solve most of the problems. >>> If there is some SPEC expert here I will be happy to get some help to do >>> this change in the SPEC file instead of doing it manually. >>> >>> Eliezer >>> >>> >>> On 6/1/2013 11:50 PM, Ricardo Klein wrote: Eliezer, nice, you already have the package I need... Did you package works with ldap_group external acl? I will try it and check if your package works with my conf, this SHM error is driving me crazy. -- Att... Ricardo Felipe Klein klein@gmail.com On Sat, Jun 1, 2013 at 5:28 PM, Eliezer Croitoru wrote: > > Hey Ricardo, > > If you can build an RPM and store it it will be helpful for many people. > it will also add redundancy to my RPM and an alternative to mine. > http://www1.ngtech.co.il/rpm/centos/6/x86_64/ > if you want the SRPM this is where mine is stored: > http://www1.ngtech.co.il/rpm/centos/6/x86_64/SRPM/ > > Eliezer > > > On 6/1/2013 3:01 PM, Ricardo Klein wrote: >> >> >> Amos, >> >> great thanks, I will fix this mess I did in the ./configure and try >> again. If I can
Re: [squid-users] cant build squid 3.3.5 with external_acl_helper ldap_group on CentOS 6.4 64bits
hey Ricardo. GOOD and Thanks! I have seen this issue before but didn't had much time to handle it. So now the ldap helper works fine?? If I understand right there is something odd about the helpers code which forces the admin to use more helpers then it used to be in 2.7 and 3.1. How about testing it and making sure it's a *bug* and file a bug together on it? Why do you use couple rock store caches if they are all available to all the workers? Eliezer On 6/3/2013 8:15 PM, Ricardo Klein wrote: Hi Eliezer, I ended up making some changes on my /etc/init.d/squid to force pidfiles exclusion on /var/run/squid, because when I restart squid it does not always kill that files (but it end all processes). My new packages now have the init.d script with that changes and I have uploaded them here: http://webfiles.klein.inf.br/centos/squid-3.3.5-2.el6.src.rpm http://webfiles.klein.inf.br/centos/squid-3.3.5-2.el6.x86_64.rpm And, my selinux policyes too: http://webfiles.klein.inf.br/centos/squid_selinuxpolicy.tar.bz2 if you use any RHEL flavor. Btw, I have good performance when added some optins on ext_ldap_group_acl (children-max=50 children-startup=25 children-idle=25), and here is all the interesting part about it: SQUID.CONF parts cache_mem 2048 MB workers 6 cache_dir rock /var/spool/squid/cache1 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache2 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache3 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache4 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache5 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_dir rock /var/spool/squid/cache6 4096 max-size=31000 swap-timeout=1000 max-swap-rate=100 cache_replacement_policy heap LFUDA logfile_daemon /usr/lib64/squid/log_file_daemon access_log daemon:/var/log/squid/access.log squid auth_param basic credentialsttl 20 minutes auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 15 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic external_acl_type ldap_group children-max=50 children-startup=25 children-idle=25 %LOGIN /usr/lib64/squid/ext_ldap_group_acl -P -S -R -b "DC=MYDOMAIN,DC=local" -D "CN=squid,OU=Internet,OU=Infra-estrutura,DC=MYDOMAIN,DC=local" -w MYPASSWORD -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,OU=Internet,OU=Infra-estrutura,DC=MYDOMAIN,DC=local))" -h authenticate_ttl 600 seconds /SQUID.CONF parts Anyway, I still have some errors like this one when using more then 2 workers (but squid still working): Squid Cache (Version 3.3.5): Terminated abnormally. CPU Usage: 0.068 seconds = 0.054 user + 0.014 sys Maximum Resident Size: 76000 KB Page faults with physical i/o: 0 FATAL: Ipc::Mem::Segment::open failed to shm_open(/squid-squid-page-pool.shm): (2) No such file or directory I am going to test it in production to see how it perform and tell you here ok? -- Att... Ricardo Felipe Klein klein@gmail.com On Mon, Jun 3, 2013 at 9:37 AM, Ricardo Klein wrote: Eliezer, you didnt compiled LDAP_group external acl, see your ./configure line: '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' My: --enable-external-acl-helpers="file_userip,LDAP_group,kerberos_ldap_group,session,unix_group,wbinfo_group" But I will try to rebuild your package with LDAP_group enabled -- Att... Ricardo Felipe Klein klein@gmail.com On Mon, Jun 3, 2013 at 8:53 AM, Ricardo Klein wrote: Eliezer, You mean change permissions on /dev/shm? It is already "world writeable" [root@theroutertwo ~]# ll /dev/shm total 0 drwxrwxrwt. 2 root root 40 Jun 1 12:16 . (maybe I am doing the hole shm thing wrong) Btw I will test your package this morning (it is monday morning here in Brazil now) and tell you how it goes. -- Att... Ricardo Felipe Klein klein@gmail.com On Mon, Jun 3, 2013 at 7:58 AM, Eliezer Croitoru wrote: Yes it works. If you need some SHM thing just change the ownership of the directory. it will solve most of the problems. If there is some SPEC expert here I will be happy to get some help to do this change in the SPEC file instead of doing it manually. Eliezer On 6/1/2013 11:50 PM, Ricardo Klein wrote: Eliezer, nice, you already have the package I need... Did you package works with ldap_group external acl? I will try it and check if your package works with my conf, this SHM error is driving me crazy. -- Att... Ricardo Felipe Klein klein@gmail.com On Sat, Jun 1, 2013 at 5:28 PM, Eliezer Croitoru wrote: Hey Ricardo, If you can build an RPM and store it it will be helpful for many people. it will also add redundancy to my RPM and an alternative to mine. http://www1.ngtech.co.il/rpm/centos/6/x86_64/ if you want the SRPM this is where mine is
