Hi squid users, i installed squid after this how-to guide: http://serverfault.com/questions/66556/getting-squid-to-authenticate-with-kerberos-and-windows-2008-2003-7-xp/105857#105857 (Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP) Domain/Server Info: Domain Name: homebase.local Squid Server: squid 192.168.100.55 windows server 2008: srv-ads-001 192.168.100.130 DNS Name Resolution is working in both directions. If i start the squid init script, squid tries to start, but i get the following error message in the cache.log : 2010/02/03 19:55:25| Starting Squid Cache version 3.0.STABLE18 for i686-pc-linux-gnu... 2010/02/03 19:55:25| Process ID 2470 2010/02/03 19:55:25| With 1024 file descriptors available 2010/02/03 19:55:25| DNS Socket created at 0.0.0.0, port 54300, FD 7 2010/02/03 19:55:25| Adding domain homebase.local from /etc/resolv.conf 2010/02/03 19:55:25| Adding domain homebase.local from /etc/resolv.conf 2010/02/03 19:55:25| Adding nameserver 192.168.100.130 from /etc/resolv.conf 2010/02/03 19:55:25| Adding nameserver 192.168.100.1 from /etc/resolv.conf 2010/02/03 19:55:25| Adding nameserver 192.168.100.254 from /etc/resolv.conf 2010/02/03 19:55:25| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes 2010/02/03 19:55:25| helperOpenServers: Starting 5/5 'squid_kerb_ldap' processes 2010/02/03 19:55:26| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied 2010/02/03 19:55:26| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied 2010/02/03 19:55:26| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied 2010/02/03 19:55:26| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied 2010/02/03 19:55:26| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied 2010/02/03 19:55:26| Unlinkd pipe opened on FD 27 2010/02/03 19:55:26| Swap maxSize 102400 + 8192 KB, estimated 8507 objects 2010/02/03 19:55:26| Target number of buckets: 425 2010/02/03 19:55:26| Using 8192 Store buckets 2010/02/03 19:55:26| Max Mem size: 8192 KB 2010/02/03 19:55:26| Max Swap size: 102400 KB 2010/02/03 19:55:26| Rebuilding storage in /var/cache/squid-3.0 (DIRTY) 2010/02/03 19:55:26| Using Least Load store dir selection 2010/02/03 19:55:26| chdir: /opt/squid-3.0/var/cache: (2) No such file or directory 2010/02/03 19:55:26| Current Directory is / 2010/02/03 19:55:26| Loaded Icons. 2010/02/03 19:55:26| Accepting HTTP connections at 0.0.0.0, port 3128, FD 28. 2010/02/03 19:55:26| Accepting ICP messages at 0.0.0.0, port 3130, FD 29. 2010/02/03 19:55:26| HTCP Disabled. 2010/02/03 19:55:26| Ready to serve requests. 2010/02/03 19:55:26| WARNING: SQUID_KERB_LDAP #1 (FD 19) exited 2010/02/03 19:55:26| WARNING: SQUID_KERB_LDAP #2 (FD 20) exited 2010/02/03 19:55:26| WARNING: SQUID_KERB_LDAP #3 (FD 21) exited 2010/02/03 19:55:26| WARNING: SQUID_KERB_LDAP #4 (FD 22) exited 2010/02/03 19:55:26| Too few SQUID_KERB_LDAP processes are running FATAL: The SQUID_KERB_LDAP helpers are crashing too rapidly, need help! Squid Cache (Version 3.0.STABLE18): Terminated abnormally. CPU Usage: 0.404 seconds = 0.004 user + 0.400 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena: 2984 KB Ordinary blocks: 2970 KB 3 blks Small blocks: 0 KB 0 blks Holding blocks: 1508 KB 7 blks Free Small blocks: 0 KB Free Ordinary blocks: 13 KB Total in use: 4478 KB 150% Total free: 13 KB 0% ________________________________________________________________________________________________ The user squid has however rights on this folder: squid:/opt/squid-3.0/sbin# la insgesamt 9,2M drwxr-xr-x 3 squid squid 1,0K 7. Jan 21:02 . drwxr-xr-x 8 squid squid 1,0K 20. Jan 21:02 .. -rwxr-xr-x 1 squid squid 9,2M 3. Nov 23:16 squid -rwxr-xr-x 1 squid squid 31K 7. Jan 21:02 squid_kerb_auth drwxrwxrwx 5 squid squid 1,0K 3. Nov 23:56 squid_kerb_ldap squid:/opt/squid-3.0/sbin# ________________________________________________________________________________________________ Here is my squid.conf: auth_param negotiate program /opt/squid-3.0/sbin/squid_kerb_auth -d -s HTTP/squid.homebase.local auth_param negotiate children 10 auth_param negotiate keep_alive on external_acl_type SQUID_KERB_LDAP ttl=3600 negative_ttl=3600 %LOGIN /opt/squid-3.0/sbin/squid_kerb_ldap -d -g SQUID_USERS acl AUTHENTICATED proxy_auth REQUIRED acl LDAP_GROUP_CHECK external SQUID_KERB_LDAP acl localnet src 192.168.100.0/24 # RFC1918 possible internal network http_access allow LDAP_GROUP_CHECK acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny all icp_access allow localnet icp_access deny all htcp_access allow localnet htcp_access deny all http_port 3128 cache_dir ufs /var/cache/squid-3.0 100 16 256 access_log /var/log/squid-3.0/access.log squid cache_log /var/log/squid-3.0/cache.log cache_store_log /var/log/squid-3.0/store.log pid_filename /var/run/squid-3.0.pid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 cache_effective_user squid cache_effective_group squid ________________________________________________________________________________________________ After start the init script, i check the status immediately with htop, and for a short moment, htop show me the last 6 lines with: (squid_kerb_auth) -d -s HTTP/squid.homebase.local What do I have to make, to solve the problem? Thanks for any ideas. Bye, Rainer
