Dawie Pretorius wrote:
Hello Amos
"I'm afraid you may need to rebuild your Squid with a newer ntlmssp
Library"
Where would I find this library, is this a rpm form the Centos repo's or something I have to compile ?
Ok going to upgrade to squid-3.0.STABLE19
Dawie Pretorius
Can't help I'm afraid. That datum is the edge limit of my knowledge in
the area other than several replies to that suggestion of "got it working".
Amos
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: 27 January 2010 01:01 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Squid TCP_MISS/502
Dawie Pretorius wrote:
Hello Amos
Here is the output that you required, please accept my apologies for sending this so late.
<snip>
2010/01/27 11:49:28.770| httpBuildRequestHeader: Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAABAAEABIAAAAHgAeAFgAAAASABIAdgAAAAAAAAC4AAAABYKIogUBKAoAAAAPVABCAEEARgBSAEkAQwBBAGQAYQB3AGkAZQAuAHAAcgBlAHQAbwByAGkAdQBzAEQAQQBXAEkARQBQAC0ATABUAJAlDcVFx5d7AAAAAAAAAAAAAAAAAAAAAGbCKlx2YoJXXKoFml2B890s8ifalh6QmA==
2010/01/27 11:49:28.770| httpSendRequest: FD 174:
GET http://old.nabble.com/Linux-mod_auth_ntlm_winbind-and-TortoiseSVN-td19756507.html HTTP/1.0
Host: old.nabble.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: identity,gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Referer: http://www.google.co.za/url?sa=t&source=web&ct=res&cd=7&ved=0CBkQFjAG&url=http%3A%2F%2Fold.nabble.com%2FLinux-mod_auth_ntlm_winbind-and-TortoiseSVN-td19756507.html&rct=j&q=libsmb%2Fntlmssp.c%3Antlmssp_update(334)+++got+NTLMSSP+command+3%2C+expected+1&ei=RgtgS8nyC5Cx4Qad54j1Cw&usg=AFQjCNFRdfKkzLzhmxGgQpNDXJs-jiOwNg
Cookie: __qca=P0-1811217371-1264161407178; anonymousId=joe-181842; tview=classic; customStyle=10677; searchterms=libsmb%7Cntlmssp%7Cc%7Cntlmssp_update%7C334%7Cgot%7CNTLMSSP%7Ccommand%7C3%7Cexpected%7C1; JSESSIONID=127r1nirx8s9t; prev=%3Cbig%3E%3Ca%20id%3D%22nabble.prev_search%22%20href%3D%22/forum/Search.jtp%3Fquery%3Dlibsmb%252Fntlmssp.c%253Antlmssp_update%28334%29%2520%2520%2520got%2520NTLMSSP%2520command%25203%252C%2520expected%25201%22%3ESearch%20Nabble%20for%20%22%3Cb%3Elibsmb/ntlmssp.c%3Antlmssp_update%28334%29%20%20%20got%20NTLMSSP%20command%203%2C%20expected%201%3C/b%3E%22%3C/a%3E; channels=4893802913; __utma=151598183.1597776309.1264578545.1264578545.1264585654.2; __utmc=151598183; __utmz=151598183.1264585654.2.2.utmccn=(organic)|utmcsr=google|utmctr=libsmb%2Fntlmssp.c%3Antlmssp_update(334)+++got+NTLMSSP+command+3%2C+expected+1|utmcmd=organic; tview=dump; __utmb=151598183; v=x
If-Modified-Since: Wed, 27 Jan 2010 08:37:19 GMT
If-None-Match: 11:19756507~1:10677~1:10676~1:10547
Via: 1.0 ZATBIMPROXY02 (squid/3.0.STABLE10)
X-Forwarded-For: unknown
Cache-Control: max-age=0
2010/01/27 11:49:28.770| httpSendComplete: FD 174: size 1879: errflag 0.
[2010/01/27 11:51:28, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
got NTLMSSP command 3, expected 1
I have noticed that I'm getting this error in my cache.log:
[2010/01/27 11:53:40, 1] libsmb/ntlmssp.c:ntlmssp_update(334)
got NTLMSSP command 3, expected 1
Please can you tell me what this is and how to correct this ?
Aha. Yes.
The NTLM/SSPI library built into the NTLM helper is dying when receiving
that NTLM blob. I've seen that command 3, expected 1 before and think
its related to NTLMv1/NTLMv2 support.
I'm afraid you may need to rebuild your Squid with a newer ntlmssp
library. While you are doing that you may as well build a current
release and get away from some of the NTLM handling bugs we solved in
3.0.STABLE19+.
Amos
Dawie Pretorius
-----Original Message-----
From: Dawie Pretorius
Sent: 21 January 2010 07:28 AM
To: 'Amos Jeffries'; squid-users@xxxxxxxxxxxxxxx
Subject: RE: Squid TCP_MISS/502
Hello Amos
We have a windows internal DNS server, I used those DNS servers to resolve my IP's
I changed the dns_nameserver to my ISP dns servers, and the problem went away, loaded ads and the complete page.
I tried this morning eary before most of the staff came in to replicate the problem, but to no avail.
I will try again when the office is busy again. Will send you the logs asap.
Regards,
Dawie Pretorius wrote:
Hello Amos
The problem was DNS, my apologies for wasting your time.
? how so?
"Meanwhile can you add debug_options 11,9 to your squid.conf and run a
test please. The resulting cache.log file will have a lot of garbage,
but amongst that some messages about what headers were received back
and what happened in the processing"
I can still run this for you and send you the output?
I think yes. I'm intrigued how that came out of a DNS problem.
I'd expect connection or DNs errors to show up.
Amos.
Again thanks! :D
Regards
Dawie
Dawie Pretorius wrote:
Hello Amos
Thanks for coming back to me,
I upgraded to squid Beta Squid 3.1.0.15, /var/log/squid/access.log now has this error:
1263975667.799 92 172.16.9.158 TCP_MISS/302 1361 GET http://googleads.g.doubleclick.net/pagead/ads? Xxxxxxxxxxxxxxx DIRECT/72.14.204.154 text/html
<snip repeats>
302 with that content? Thats a not-modified response from the server.
Here is the cache.log
<snip>
Not even a hint of problems.
Here is the page that I get back from the browser:
ERROR
The requested URL could not be retrieved
Invalid Response error was encountered while trying to process the request:
GET
/pagead/ads?client=ca-pub-7266757337600734&format=336x280_as&output=h
tml&h=280&w=336&lmt=1199983288&channel=5629109116%2B6771450170%2B2275
486144&ad_type=text_image&alternate_ad_url=http%3A%2F%2Fwww.mail-arch
ive.com%2Fblank.png&color_bg=FFFFFF&color_border=FFFFFF&color_link=00
6792&color_text=000000&color_url=006792&flash=10.0.32&url=http%3A%2F%
2Fwww.mail-archive.com%2Fsquid-users%40squid-cache.org%2Fmsg51945.htm
l&dt=1263975312151&correlator=1263975312153&frm=0&ga_vid=866186005.12
63975312&ga_sid=1263975312&ga_hid=523487483&ga_fc=0&u_tz=120&u_his=1&
u_java=0&u_h=1024&u_w=1280&u_ah=1024&u_aw=1280&u_cd=32&u_nplug=8&u_nm
ime=24&biw=1280&bih=862&ref=http%3A%2F%2Fwww.google.co.za%2Furl%3Fsa%
3Dt%26source%3Dweb%26ct%3Dres%26cd%3D1%26ved%3D0CAcQFjAA%26url%3Dhttp
%253A%252F%252Fwww.mail-archive.com%252Fsquid-users%2540squid-cache.o
rg%252Fmsg51945.html%26rct%3Dj%26q%3DTCP_MISS%252F502%2Bsquid%26ei%3D
V7tWS7yqK4S9lAeP-dz3Aw%26usg%3DAFQjCNGZUlUd4iFBeTKD1KXThtG3w31cLQ&fu=
0&ifi=1&dtd=3
1
&xpc=WgwVHxdvOD&p=http%3A//www.mail-archive.com HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg51945.html
Cookie: test_cookie=CheckForPermission; id=22ac216e0800009b||t=1263975130|et=730|cs=mr_u8kmr
Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAIgAAAAYABgAoAAAABAAEABIAAAAHgAeAFgAAAASABIAdgAAA
AAAAAC4AAAABYKIogUBKAoAAAAPVABCAEEARgBSAEkAQwBBAGQAYQB3AGkAZQAuAHAAcg
BlAHQAbwByAGkAdQBzAEQAQQBXAEkARQBQAC0ATABUACncpJrZCLgCAAAAAAAAAAAAAAA
AAAAAAOpZoYZfwwoauJ0u1F2AVKjAm/c35ZRlVw==
The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator.
Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed.
Your cache administrator is webmaster.
Generated Wed, 20 Jan 2010 08:19:13 GMT by XXXXXXXXXXXXX
(squid/3.1.0.15)
Is this something in squid causing this? Or is this something on the network?
> If you are not getting this errors, then this has to be something
on my side?
I'm not sure at this point.
There is no indication yet what error Squid thinks exists in the reply.
Comparing the two error pages it looks like 3.0 was barfing on the
Cookie. 3.1 seems to find something else.
I'm adding some debug to Squid permanently that should help track
these down in future.
Meanwhile can you add debug_options 11,9 to your squid.conf and run a
test please. The resulting cache.log file will have a lot of garbage,
but amongst that some messages about what headers were received back
and what happened in the processing.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21
Current Beta Squid 3.1.0.15