Search squid archive

Re: Squid TCP_MISS/502

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dawie Pretorius wrote:
Hello Amos

"I'm afraid you may need to rebuild your Squid with a newer ntlmssp Library"

Where would I find this library, is this a rpm form the Centos repo's or something I have to compile ?

Ok going to upgrade to squid-3.0.STABLE19

Dawie Pretorius

Can't help I'm afraid. That datum is the edge limit of my knowledge in the area other than several replies to that suggestion of "got it working".

Amos

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: 27 January 2010 01:01 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  Squid TCP_MISS/502

Dawie Pretorius wrote:
Hello Amos

Here is the output that you required, please accept my apologies for sending this so late.

<snip>
2010/01/27 11:49:28.770| httpBuildRequestHeader: Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAABAAEABIAAAAHgAeAFgAAAASABIAdgAAAAAAAAC4AAAABYKIogUBKAoAAAAPVABCAEEARgBSAEkAQwBBAGQAYQB3AGkAZQAuAHAAcgBlAHQAbwByAGkAdQBzAEQAQQBXAEkARQBQAC0ATABUAJAlDcVFx5d7AAAAAAAAAAAAAAAAAAAAAGbCKlx2YoJXXKoFml2B890s8ifalh6QmA==
2010/01/27 11:49:28.770| httpSendRequest: FD 174:
GET http://old.nabble.com/Linux-mod_auth_ntlm_winbind-and-TortoiseSVN-td19756507.html HTTP/1.0
Host: old.nabble.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: identity,gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.google.co.za/url?sa=t&source=web&ct=res&cd=7&ved=0CBkQFjAG&url=http%3A%2F%2Fold.nabble.com%2FLinux-mod_auth_ntlm_winbind-and-TortoiseSVN-td19756507.html&rct=j&q=libsmb%2Fntlmssp.c%3Antlmssp_update(334)+++got+NTLMSSP+command+3%2C+expected+1&ei=RgtgS8nyC5Cx4Qad54j1Cw&usg=AFQjCNFRdfKkzLzhmxGgQpNDXJs-jiOwNg
Cookie: __qca=P0-1811217371-1264161407178; anonymousId=joe-181842; tview=classic; customStyle=10677; searchterms=libsmb%7Cntlmssp%7Cc%7Cntlmssp_update%7C334%7Cgot%7CNTLMSSP%7Ccommand%7C3%7Cexpected%7C1; JSESSIONID=127r1nirx8s9t; prev=%3Cbig%3E%3Ca%20id%3D%22nabble.prev_search%22%20href%3D%22/forum/Search.jtp%3Fquery%3Dlibsmb%252Fntlmssp.c%253Antlmssp_update%28334%29%2520%2520%2520got%2520NTLMSSP%2520command%25203%252C%2520expected%25201%22%3ESearch%20Nabble%20for%20%22%3Cb%3Elibsmb/ntlmssp.c%3Antlmssp_update%28334%29%20%20%20got%20NTLMSSP%20command%203%2C%20expected%201%3C/b%3E%22%3C/a%3E; channels=4893802913; __utma=151598183.1597776309.1264578545.1264578545.1264585654.2; __utmc=151598183; __utmz=151598183.1264585654.2.2.utmccn=(organic)|utmcsr=google|utmctr=libsmb%2Fntlmssp.c%3Antlmssp_update(334)+++got+NTLMSSP+command+3%2C+expected+1|utmcmd=organic; tview=dump; __utmb=151598183; v=x
If-Modified-Since: Wed, 27 Jan 2010 08:37:19 GMT
If-None-Match: 11:19756507~1:10677~1:10676~1:10547
Via: 1.0 ZATBIMPROXY02 (squid/3.0.STABLE10)
X-Forwarded-For: unknown
Cache-Control: max-age=0


2010/01/27 11:49:28.770| httpSendComplete: FD 174: size 1879: errflag 0.
[2010/01/27 11:51:28, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
  got NTLMSSP command 3, expected 1


I have noticed that I'm getting this error in my cache.log:

[2010/01/27 11:53:40, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
  got NTLMSSP command 3, expected 1

Please can you tell me what this is and how to correct this ?

Aha. Yes.
The NTLM/SSPI library built into the NTLM helper is dying when receiving that NTLM blob. I've seen that command 3, expected 1 before and think its related to NTLMv1/NTLMv2 support.

I'm afraid you may need to rebuild your Squid with a newer ntlmssp library. While you are doing that you may as well build a current release and get away from some of the NTLM handling bugs we solved in 3.0.STABLE19+.

Amos

Dawie Pretorius


-----Original Message-----
From: Dawie Pretorius
Sent: 21 January 2010 07:28 AM
To: 'Amos Jeffries'; squid-users@xxxxxxxxxxxxxxx
Subject: RE:  Squid TCP_MISS/502

Hello Amos

We have a windows internal DNS server, I used those DNS servers to resolve my IP's

I changed the dns_nameserver to my ISP dns servers, and the problem went away, loaded ads and the complete page.

I tried this morning eary before most of the staff came in to replicate the problem, but to no avail.

I will try again when the office is busy again. Will send you the logs asap.

Regards,

Dawie Pretorius wrote:
Hello Amos

The problem was DNS, my apologies for wasting your time.
? how so?

"Meanwhile can you add debug_options 11,9 to your squid.conf and run a test please. The resulting cache.log file will have a lot of garbage, but amongst that some messages about what headers were received back and what happened in the processing"

I can still run this for you and send you the output?
I think yes. I'm intrigued how that came out of a DNS problem.
I'd expect connection or DNs errors to show up.

Amos.

Again thanks! :D

Regards
Dawie




Dawie Pretorius wrote:
Hello Amos

Thanks for coming back to me,

I upgraded to squid Beta Squid 3.1.0.15, /var/log/squid/access.log now has this error:

1263975667.799     92 172.16.9.158 TCP_MISS/302 1361 GET http://googleads.g.doubleclick.net/pagead/ads? Xxxxxxxxxxxxxxx DIRECT/72.14.204.154 text/html
<snip repeats>

302 with that content? Thats a not-modified response from the server.

Here is the cache.log

<snip>

Not even a hint of problems.

Here is the page that I get back from the browser:

ERROR
The requested URL could not be retrieved

Invalid Response error was encountered while trying to process the request:

GET /pagead/ads?client=ca-pub-7266757337600734&format=336x280_as&output=h
tml&h=280&w=336&lmt=1199983288&channel=5629109116%2B6771450170%2B2275
486144&ad_type=text_image&alternate_ad_url=http%3A%2F%2Fwww.mail-arch
ive.com%2Fblank.png&color_bg=FFFFFF&color_border=FFFFFF&color_link=00
6792&color_text=000000&color_url=006792&flash=10.0.32&url=http%3A%2F%
2Fwww.mail-archive.com%2Fsquid-users%40squid-cache.org%2Fmsg51945.htm
l&dt=1263975312151&correlator=1263975312153&frm=0&ga_vid=866186005.12
63975312&ga_sid=1263975312&ga_hid=523487483&ga_fc=0&u_tz=120&u_his=1&
u_java=0&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=32&u_nplug=8&u_nm
ime=24&biw=1280&bih=862&ref=http%3A%2F%2Fwww.google.co.za%2Furl%3Fsa%
3Dt%26source%3Dweb%26ct%3Dres%26cd%3D1%26ved%3D0CAcQFjAA%26url%3Dhttp
%253A%252F%252Fwww.mail-archive.com%252Fsquid-users%2540squid-cache.o
rg%252Fmsg51945.html%26rct%3Dj%26q%3DTCP_MISS%252F502%2Bsquid%26ei%3D
V7tWS7yqK4S9lAeP-dz3Aw%26usg%3DAFQjCNGZUlUd4iFBeTKD1KXThtG3w31cLQ&fu=
0&ifi=1&dtd=3
1
&xpc=WgwVHxdvOD&p=http%3A//www.mail-archive.com HTTP/1.1
    Host: googleads.g.doubleclick.net
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip,deflate
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    Keep-Alive: 300
    Proxy-Connection: keep-alive
    Referer: http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg51945.html
    Cookie: test_cookie=CheckForPermission; id=22ac216e0800009b||t=1263975130|et=730|cs=mr_u8kmr
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAABAAEABIAAAAHgAeAFgAAAASABIAdgAAA
AAAAAC4AAAABYKIogUBKAoAAAAPVABCAEEARgBSAEkAQwBBAGQAYQB3AGkAZQAuAHAAcg
BlAHQAbwByAGkAdQBzAEQAQQBXAEkARQBQAC0ATABUACncpJrZCLgCAAAAAAAAAAAAAAA
AAAAAAOpZoYZfwwoauJ0u1F2AVKjAm/c35ZRlVw==

The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator.

Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed.

Your cache administrator is webmaster.

Generated Wed, 20 Jan 2010 08:19:13 GMT by XXXXXXXXXXXXX (squid/3.1.0.15)

Is this something in squid causing this? Or is this something on the network?
> If you are not getting this errors, then this has to be something on my side?

I'm not sure at this point.
There is no indication yet what error Squid thinks exists in the reply.

Comparing the two error pages it looks like 3.0 was barfing on the Cookie. 3.1 seems to find something else.

I'm adding some debug to Squid permanently that should help track these down in future.

Meanwhile can you add debug_options 11,9 to your squid.conf and run a test please. The resulting cache.log file will have a lot of garbage, but amongst that some messages about what headers were received back and what happened in the processing.

Amos

--
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
   Current Beta Squid 3.1.0.15




--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
  Current Beta Squid 3.1.0.15

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux