Chris, the squid denies access yes, see below: I shut down the computer normally yesterday evening ... this morning when I called the computer performed the following procedures in a .sh file: RunCache & RunAccel & squid my acces.log 2009/04/16 08:52:51| Squid Cache (Version 3.0.STABLE13): Exiting normally. 2009/04/16 08:53:01| Starting Squid Cache version 3.0.STABLE13 for i686-pc-linux-gnu... 2009/04/16 08:53:01| Process ID 2854 2009/04/16 08:53:01| With 1024 file descriptors available 2009/04/16 08:53:01| Performing DNS Tests... 2009/04/16 08:53:01| Successful DNS name lookup tests... 2009/04/16 08:53:01| DNS Socket created at 0.0.0.0, port 42522, FD 6 2009/04/16 08:53:01| Adding domain cashinfo from /etc/resolv.conf 2009/04/16 08:53:01| Adding nameserver 192.168.1.254 from /etc/resolv.conf 2009/04/16 08:53:01| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes 2009/04/16 08:53:01| helperOpenServers: Starting 5 'wbinfo_group.pl' processes [2009/04/16 08:53:02, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:02, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:02, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:02, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:02, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! 2009/04/16 08:53:02| Unlinkd pipe opened on FD 22 2009/04/16 08:53:02| Swap maxSize 1536000 KB, estimated 118153 objects 2009/04/16 08:53:02| Target number of buckets: 5907 2009/04/16 08:53:02| Using 8192 Store buckets 2009/04/16 08:53:02| Max Mem size: 512000 KB 2009/04/16 08:53:02| Max Swap size: 1536000 KB 2009/04/16 08:53:02| Version 1 of swap file with LFS support detected... 2009/04/16 08:53:02| Rebuilding storage in /usr/local/squid/cache (CLEAN) 2009/04/16 08:53:02| Using Least Load store dir selection 2009/04/16 08:53:02| Current Directory is / 2009/04/16 08:53:02| Loaded Icons. 2009/04/16 08:53:02| Accepting HTTP connections at 0.0.0.0, port 3128, FD 24. 2009/04/16 08:53:02| Accepting ICP messages at 0.0.0.0, port 3128, FD 25. 2009/04/16 08:53:02| HTCP Disabled. 2009/04/16 08:53:02| Ready to serve requests. 2009/04/16 08:53:02| Done reading /usr/local/squid/cache swaplog (2385 entries) 2009/04/16 08:53:02| Finished rebuilding storage from disk. 2009/04/16 08:53:02| 2385 Entries scanned 2009/04/16 08:53:02| 0 Invalid entries. 2009/04/16 08:53:02| 0 With invalid flags. 2009/04/16 08:53:02| 2385 Objects loaded. 2009/04/16 08:53:02| 0 Objects expired. 2009/04/16 08:53:02| 0 Objects cancelled. 2009/04/16 08:53:02| 0 Duplicate URLs purged. 2009/04/16 08:53:02| 0 Swapfile clashes avoided. 2009/04/16 08:53:02| Took 0.59 seconds (4044.94 objects/sec). 2009/04/16 08:53:02| Beginning Validation Procedure 2009/04/16 08:53:02| Completed Validation Procedure 2009/04/16 08:53:02| Validated 4795 Entries 2009/04/16 08:53:02| store_swap_size = 22976 2009/04/16 08:53:03| storeLateRelease: released 0 objects [2009/04/16 08:53:05, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:05, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) could not obtain winbind netbios name! [2009/04/16 08:53:28, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:28, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) could not obtain winbind netbios name! [2009/04/16 08:53:30, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:53:30, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) could not obtain winbind netbios name! [2009/04/16 08:53:47, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login for user [CASHINFO]\[luciano.rangel]@[INFO-LUCIANO] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /usr/local/samba/var/locks/winbindd_privileged are set correctly.] [2009/04/16 08:53:47, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2009/04/16 08:53:47| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2009/04/16 08:54:02, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login for user [CASHINFO]\[luciano.rangel]@[INFO-LUCIANO] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /usr/local/samba/var/locks/winbindd_privileged are set correctly.] [2009/04/16 08:54:02, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2009/04/16 08:54:02| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2009/04/16 08:54:04, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login for user [CASHINFO]\[luciano.rangel]@[INFO-LUCIANO] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /usr/local/samba/var/locks/winbindd_privileged are set correctly.] [2009/04/16 08:54:04, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2009/04/16 08:54:04| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' [2009/04/16 08:54:05, 0] utils/ntlm_auth.c:winbind_pw_check(515) Login for user [CASHINFO]\[luciano.rangel]@[INFO-LUCIANO] failed due to [winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /usr/local/samba/var/locks/winbindd_privileged are set correctly.] [2009/04/16 08:54:05, 0] utils/ntlm_auth.c:manage_squid_ntlmssp_request(776) NTLMSSP BH: NT_STATUS_ACCESS_DENIED 2009/04/16 08:54:05| authenticateNTLMHandleReply: Error validating user via NTLM. Error returned 'BH NT_STATUS_ACCESS_DENIED' in this moment the acces to sites is blocked. i did the following procedures: # kinit administrador@xxxxxxxxxxxx # net ads join -U administrador -S domain.local # smbd #winbindd and, this acces to sites continues blocked with the error in access.log: 2009/04/16 08:51:19| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes 2009/04/16 08:51:19| helperOpenServers: Starting 5 'wbinfo_group.pl' processes [2009/04/16 08:51:19, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:51:19, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:51:19, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:51:19, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! [2009/04/16 08:51:19, 0] utils/ntlm_auth.c:get_winbind_domain(146) could not obtain winbind domain name! finally, i did the following procedures: # rm -rf /usr/local/squid/cache/* # squid -k kill # squid -z # chmod 777 /usr/local/squid/cache/* # squid # RunCache # RunAccel and in the access.log: 2009/04/16 08:54:53| Starting Squid Cache version 3.0.STABLE13 for i686-pc-linux-gnu... 2009/04/16 08:54:53| Process ID 2891 2009/04/16 08:54:53| With 1024 file descriptors available 2009/04/16 08:54:53| Performing DNS Tests... 2009/04/16 08:54:53| Successful DNS name lookup tests... 2009/04/16 08:54:53| DNS Socket created at 0.0.0.0, port 55366, FD 6 2009/04/16 08:54:53| Adding domain cashinfo from /etc/resolv.conf 2009/04/16 08:54:53| Adding nameserver 192.168.1.254 from /etc/resolv.conf 2009/04/16 08:54:53| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes 2009/04/16 08:54:53| helperOpenServers: Starting 5 'wbinfo_group.pl' processes 2009/04/16 08:54:53| Unlinkd pipe opened on FD 22 2009/04/16 08:54:53| Swap maxSize 1536000 KB, estimated 118153 objects 2009/04/16 08:54:53| Target number of buckets: 5907 2009/04/16 08:54:53| Using 8192 Store buckets 2009/04/16 08:54:53| Max Mem size: 512000 KB 2009/04/16 08:54:53| Max Swap size: 1536000 KB 2009/04/16 08:54:53| Rebuilding storage in /usr/local/squid/cache (DIRTY) 2009/04/16 08:54:53| Using Least Load store dir selection 2009/04/16 08:54:53| Current Directory is / 2009/04/16 08:54:53| Loaded Icons. 2009/04/16 08:54:53| Accepting HTTP connections at 0.0.0.0, port 3128, FD 23. 2009/04/16 08:54:53| Accepting ICP messages at 0.0.0.0, port 3128, FD 24. 2009/04/16 08:54:53| HTCP Disabled. 2009/04/16 08:54:53| Ready to serve requests. 2009/04/16 08:54:54| Done scanning /usr/local/squid/cache swaplog (0 entries) 2009/04/16 08:54:54| Finished rebuilding storage from disk. 2009/04/16 08:54:54| 0 Entries scanned 2009/04/16 08:54:54| 0 Invalid entries. 2009/04/16 08:54:54| 0 With invalid flags. 2009/04/16 08:54:54| 0 Objects loaded. 2009/04/16 08:54:54| 0 Objects expired. 2009/04/16 08:54:54| 0 Objects cancelled. 2009/04/16 08:54:54| 0 Duplicate URLs purged. 2009/04/16 08:54:54| 0 Swapfile clashes avoided. 2009/04/16 08:54:54| Took 1.10 seconds ( 0.00 objects/sec). 2009/04/16 08:54:54| Beginning Validation Procedure 2009/04/16 08:54:54| Completed Validation Procedure 2009/04/16 08:54:54| Validated 25 Entries 2009/04/16 08:54:54| store_swap_size = 0 2009/04/16 08:54:54| storeLateRelease: released 0 objects 2009/04/16 08:54:58| Squid is already running! Process ID 2891 2009/04/16 08:55:01| Squid is already running! Process ID 2891 2009/04/16 08:55:06| Squid is already running! Process ID 2891 2009/04/16 09:55:20| WARNING: All ntlmauthenticator processes are busy. 2009/04/16 09:55:20| WARNING: 5 pending requests queued 2009/04/16 09:55:20| Consider increasing the number of ntlmauthenticator processes in your config file. 2009/04/16 10:38:36.253| connReadWasError: FD 27: got flag -1 2009/04/16 10:39:44.805| connReadWasError: FD 35: got flag -1 2009/04/16 10:47:59.235| connReadWasError: FD 50: got flag -1 2009/04/16 10:54:59.238| connReadWasError: FD 25: got flag -1 2009/04/16 10:55:02.321| connReadWasError: FD 33: got flag -1 2009/04/16 11:10:59.048| connReadWasError: FD 30: got flag -1 2009/04/16 11:11:07.158| connReadWasError: FD 52: got flag -1 2009/04/16 11:11:20.714| connReadWasError: FD 53: got flag -1 2009/04/16 11:44:55.833| connReadWasError: FD 25: got flag -1 2009/04/16 11:44:55.841| connReadWasError: FD 34: got flag -1 2009/04/16 11:44:55.842| connReadWasError: FD 30: got flag -1 2009/04/16 11:45:11.604| connReadWasError: FD 33: got flag -1 2009/04/16 11:45:11.616| connReadWasError: FD 35: got flag -1 2009/04/16 11:45:11.629| connReadWasError: FD 34: got flag -1 2009/04/16 11:45:15.782| connReadWasError: FD 38: got flag -1 2009/04/16 11:45:15.783| connReadWasError: FD 39: got flag -1 2009/04/16 11:45:15.792| connReadWasError: FD 40: got flag -1 2009/04/16 12:37:08.458| connReadWasError: FD 30: got flag -1 what i do; remove the .sh to boot; create a new .sh for starter the squid, because if the computer is disconnected in a way inappropriate, when it is switched on the squid will run normally ... how should I proceed? -----Mensagem original----- De: Chris Robertson [mailto:crobertson@xxxxxxx] Enviada em: quarta-feira, 15 de abril de 2009 15:16 Para: squid-users@xxxxxxxxxxxxxxx Assunto: Re: squid cache problem Luciano Sousa wrote: > hello. > > i'm having a problem with idiot. > at least once every two days I have to clear the cache of my squid, > because it begins to deny all access, probably because it is full ... > Your cache.log (/usr/local/squid/logs/cache.log) might give more information on what's going on. > my squid.conf > > http_port 3128 > icp_port 3128 > hierarchy_stoplist cgi-bin ? > cache_mem 500 MB > cache_swap_low 90 > cache_swap_high 95 > maximum_object_size 4096 KB > ipcache_size 1024 > ipcache_low 90 > ipcache_high 95 > cache_dir ufs /usr/local/squid/cache 1500 32 256 > cache_access_log /usr/local/squid/logs/access.log > pid_filename /usr/local/squid/logs/squid.pid > acl manager proto cache_object > cache_log /usr/local/squid/logs/cache.log > cache_store_log /usr/local/squid/logs/store.log > > logformat logluciano IP do cliente: %>a - Username: %un - Horario: > [%tl] - Metodo: %rm - URL: %ru - Status HTTP: %Hs - Status Squid: %Ss > - Porta: %>p > cache_access_log /usr/local/squid/logs/logteste.log logluciano > > auth_param ntlm program /usr/bin/ntlm_auth domain/pdc > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 5 > auth_param basic children 5 > auth_param basic realm Digite o LOGIN/SENHA > auth_param basic credentialsttl 1 minute > auth_param basic casesensitive off > > external_acl_type nt_group %LOGIN /usr/local/squid/etc/wbinfo_group.pl > acl AllowedWindowsGroups external nt_group testnet > http_access allow AllowedWindowsGroups > > acl localhost src 127.0.0.1/255.255.255.255 > acl redelocal src 192.168.1.0/24 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 6959 #mirc > acl Safe_ports port 900 #mirc > acl Safe_ports port 23 #smtp > acl Safe_ports port 143 #imap > > acl CONNECT method CONNECT > acl acesso proxy_auth REQUIRED > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow acesso > http_access allow redelocal > For what it's worth, you are allowing unauthenticated requests from your local network. Authentication is requested, the client is allowed if authentication is provided (but not denied if it's not). The next step checks the client's source IP and allows based on that (with an implicit deny following). Perhaps that's to plan, but I thought it might be worth a mention. > icp_access allow all > debug_options ALL,1 33,2 > > > thank's. > Chris
