hi markus, unfortunately i move to centos but i still got same error after 9 hours running.
2015/03/14 10:05:43| negotiate_wrapper: received Kerberos token 2015/03/14 10:05:43| negotiate_wrapper: Starting version 1.0.1 2015/03/14 10:05:43| negotiate_wrapper: NTLM command: /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp 2015/03/14 10:05:43| negotiate_wrapper: Kerberos command: /usr/lib64/squid/negotiate_kerberos_auth -k /etc/squid/PROXY.keytab -s GSS_C_NO_NAME FATAL: Received Bus Error...dying. 2015/03/14 10:05:43 kid2| ctx: enter level 0: ' http://citrine.gundam-dc.com/lng/common/cocos/GameView_v2/res/Battle/radar/radar_b_ring.png?ver=1 ' 2015/03/14 10:05:43 kid2| Closing HTTP port [::]:8000 2015/03/14 10:05:43 kid2| storeDirWriteCleanLogs: Starting... 2015/03/14 10:05:43 kid2| Finished. Wrote 0 entries. 2015/03/14 10:05:43 kid2| Took 0.00 seconds ( 0.00 entries/sec). CPU Usage: 0.133 seconds = 0.066 user + 0.067 sys Maximum Resident Size: 70224 KB Page faults with physical i/o: 0 2015/03/14 10:05:43| negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not permitted) 2015/03/14 10:05:43| negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not permitted) thanks for reply donny On Fri, Mar 13, 2015 at 3:43 AM, Markus Moeller <hua...@moeller.plus.com> wrote: > Do you get any more details when you start the wrapper with –d ? > > Markus > > "Donny Vibianto" <donny.vibia...@gmail.com> wrote in message > news:CAC49LV6SRXbiFcGxqZgAoaHPj1qeifERtSN63ZrDsa_b=iw...@mail.gmail.com... > anyone please...? > > On Sat, Mar 7, 2015 at 10:02 PM, Donny Vibianto <donny.vibia...@gmail.com> > wrote: > >> Hi Guys, >> >> After two weeks successful running several authentication in my >> development environment with average 10-20 users, i encourage myself to put >> in my production. it was up and ran with +-1000 users but only took 3-5 >> hours then squid suddenly stopped with error: >> >> 2015/03/06 15:07:59| negotiate_wrapper: fgets() failed! dying..... >> errno=1 (Operation not permitted) >> 2015/03/06 15:07:59| negotiate_wrapper: fgets() failed! dying..... >> errno=1 (Operation not permitted) >> 2015/03/06 15:07:59| negotiate_wrapper: fgets() failed! dying..... >> errno=1 (Operation not permitted) >> 2015/03/06 15:07:59| negotiate_wrapper: Return 'AF >> oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARupdwIysaz6zjRSqsI8V4K0X67z4t5a9aOT7WPlyWRrp+1ol2zL6CYTcfZIyAq8q3D00mf+vpIeoiDDmkUkr+vXN+xkpXkWdX5pMD1hBrF4EDOL1RIp9XjpkdfIcEgg8Oia0Ay153sPK3+Tif4bGE= >> RickyC@company.local >> ' >> 2015/03/06 15:07:59| negotiate_wrapper: Return 'AF >> oYG1MIGyoAMKAQChCwYJKoZIhvcSAQICooGdBIGaYIGXBgkqhkiG9xIBAgICAG+BhzCBhKADAgEFoQMCAQ+ieDB2oAMCARKibwRtX5xuxTxrgsKQpg3Y+kUXLOng15XJ7eDByao5YtNPZByv/zRtrz13QgKkCuk+VkXnCAzaii0ri4Mxvd+4BoskIrjf5FuPP3W59wMTCtkPJD85igR/OmQ4Ch09DJ51WGwnOizMuCW+9jg6EsFa1Q== >> JanTS@company.local >> >> i use ubuntu server 14.04 with newest squid 3.5.2 >> >> Squid Cache: Version 3.5.2 >> Service Name: squid >> configure options: '--enable-build-info' >> '--enable-removal-policies=lru,heap' '--enable-ltdl-install' >> '--enable-storeio=ufs,aufs,rock' '--enable-auth-basic=LDAP' >> '--enable-auth-negotiate=wrapper,kerberos' >> '--enable-external-acl-helpers=LDAP_group' '--enable-translation' >> '--enable-ssl-crtd' '--enable-gnuregex' '--enable-xmalloc-debug' >> '--enable-xmalloc-debug-trace' '--enable-xmalloc-statistics' >> '--enable-async-io' '--enable-icmp' '--enable-delay-pools' >> '--enable-useragent-log' '--enable-kill-parent-hack' '--enable-htpc' >> '--enable-forw-via-db' '--enable-cache-digests' '--enable-underscores' >> '--enable-x-accelerator-vary' '--enable-esi' '--enable-inline' >> '--enable-linux-netfilter' '--with-openssl' '--with-large-files' >> >> here is my squid.conf: >> >> # ===================== ACL Cachemgr >> ============================================ >> acl manager url_regex -i ^cache_object:// /squid-internal-mgr/ >> acl managerAdmin src "/usr/local/squid/etc/mgradmin.txt" >> acl stream url_regex -i "/usr/local/squid/etc/stream" >> >> acl download url_regex -i "/usr/local/squid/etc/download" >> acl whitelist url_regex -i "/usr/local/squid/etc/whitelist" >> acl blacklist url_regex -i "/usr/local/squid/etc/blacklist" >> >> acl SSL_ports port 443 >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> acl Safe_ports port 70 # gopher >> acl Safe_ports port 210 # wais >> acl Safe_ports port 1025-65535 # unregistered ports >> acl Safe_ports port 280 # http-mgmt >> acl Safe_ports port 488 # gss-http >> acl Safe_ports port 591 # filemaker >> acl Safe_ports port 777 # multiling http >> acl http proto http >> acl CONNECT method CONNECT >> >> # ==================== Authenticate using negotiate_wrapper >> ===================== >> auth_param negotiate program >> /usr/local/squid/libexec/negotiate_wrapper_auth -d --ntlm >> /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp >> --kerberos /usr/local/squid/libexec/negotiate_kerberos_auth -s GSS_C_NO_NAME >> auth_param negotiate children 50 startup=0 idle=1 >> auth_param negotiate keep_alive off >> # ==================== Authenticate using NTLM >> ================================== >> auth_param ntlm program /usr/bin/ntlm_auth --diagnostics >> --helper-protocol=squid-2.5-ntlmssp >> auth_param ntlm children 20 startup=0 idle=1 >> auth_param ntlm keep_alive off >> # ==================== Authenticate using Basic LDAP >> ============================ >> auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -R -b >> "dc=company,dc=local" -D squid@company.local -w "password" -f >> sAMAccountName=%s -h idhqvdc01.company.local,idhqvdc02.company.local >> auth_param basic children 5 startup=0 idle=1 >> auth_param basic realm AGDS Proxy: Please enter your username and >> password domain >> auth_param basic credentialsttl 1 minute >> # ==================== Authenticate to Group Security Actice Directory >> ========== >> external_acl_type memberof ipv4 children-max=10 children-startup=1 %LOGIN >> /usr/local/squid/libexec/ext_ldap_group_acl -R -K -S -b >> "dc=company,dc=local" -D squid@company.local -w "password" -f >> "(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%g,ou=groups,ou=resources,dc=company,dc=local))" >> -h idhqvdc01.company.local,idhqvdc02.company.local >> >> acl auth proxy_auth REQUIRED >> # ==================== ACL Access hour user >> ===================================== >> acl ach1 external memberof "/usr/local/squid/etc/ach1.txt" # access hour >> 1 >> acl ach2 external memberof "/usr/local/squid/etc/ach2.txt" # access hour >> 2 >> acl ach3 external memberof "/usr/local/squid/etc/ach3.txt" # access hour >> 3 >> acl ach4 external memberof "/usr/local/squid/etc/ach4.txt" # access hour >> 4 >> acl ach2time time D 10:00-11:59 >> acl ach2time time D 13:00-14:59 >> acl ach3time time D 08:00-09:59 >> acl ach3time time D 15:00-16:59 >> acl ach4time time D 08:00-16:59 >> acl bebastime time D 00:01-07:59 12:00-13:59 17:00-23:59 >> >> # >> ============================================================================== >> http_access deny !Safe_ports # Deny requests to certain unsafe ports >> http_access deny CONNECT !SSL_ports # Deny CONNECT to other than secure >> SSL ports >> http_access allow manager localhost # Only allow cachemgr access from >> localhost >> http_access allow manager managerAdmin >> http_access deny manager >> >> # >> ============================================================================== >> #http_access allow localnet >> http_access allow localhost >> http_access deny blacklist !bebastime >> >> http_access allow http Safe_ports whitelist >> http_access allow CONNECT SSL_ports whitelist >> #http_access deny all !auth >> >> #http_access allow http Safe_ports ach1 >> #http_access allow CONNECT SSL_ports ach1 >> #http_access allow http Safe_ports ach2 !ach2time >> #http_access allow CONNECT SSL_ports ach2 !ach2time >> #http_access allow http Safe_ports ach3 !ach3time >> #http_access allow CONNECT SSL_ports ach3 !ach3time >> #http_access allow http Safe_ports ach4 !ach4time >> #http_access allow CONNECT SSL_ports ach4 !ach4time >> >> #http_access allow accesshours1 >> #http_access allow accesshours2 !ach2time >> #http_access allow accesshours3 !ach3time >> #http_access allow accesshours4 !ach3time >> >> http_access allow ach1 >> http_access allow ach2 !ach2time >> http_access allow ach3 !ach3time >> http_access allow ach4 !ach4time >> >> http_access deny all # Deny all other access to this proxy >> # >> ============================================================================== >> >> cache_dir rock /cache1/squid 97485 max-swap-rate=200 swap-timeout=300 >> cache_dir rock /cache2/squid 97485 max-swap-rate=200 swap-timeout=300 >> coredump_dir /usr/local/squid/var/cache/squid >> # =============================== Refresh Pattern >> ============================== >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >> refresh_pattern . 0 20% 4320 >> >> cache_effective_user proxy >> visible_hostname proxy.company.local >> cache_mgr proxyastragraphia >> cachemgr_passwd secret all >> #err_page_stylesheet /usr/local/squid/etc/default.css >> pinger_enable off >> #workers 2 >> >> i was tried to put different acl and put my auth_param at the top of my >> conf but still dying error. what should i do? >> any assistant or hint would be very appreciate. thanks >> >> >> Donny Vibianto >> > > > ------------------------------ > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users