Search squid archive

Re: Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think helper tries to access the IPv6 of the server (I'am not sure!), but IPv6 is disabled:
/etc/sysctl.conf

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

#Enable IPv4 forward
net.ipv4.ip_forward = 1
net.ipv4.conf_all.rp_filter=1

Here is the log without ipv4, well debug_options:82,9 84,9, I do not know what is meaning of FD socket (No info on inet):

2013/11/13 20:29:13| helperOpenServers: Starting 0/20 'basic_ldap_auth' processes 2013/11/13 20:29:13| helperOpenServers: No 'basic_ldap_auth' processes needed. 2013/11/13 20:29:13.689| helper.cc(1180) GetFirstAvailable: GetFirstAvailable: Running servers 0 2013/11/13 20:29:13.689| helperOpenServers: Starting 5/5 'ext_ldap_group_acl' processes 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 7 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 8 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP [::1] 2013/11/13 20:29:13.689| WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process. 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 9 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 10 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP [::1] 2013/11/13 20:29:13.689| WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process. 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 11 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 12 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP [::1] 2013/11/13 20:29:13.689| WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process. 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 13 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 14 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP [::1] 2013/11/13 20:29:13.689| WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process. 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 15 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 16 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP [::1] 2013/11/13 20:29:13.689| WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process. 2013/11/13 20:29:13.690| helper.cc(1180) GetFirstAvailable: GetFirstAvailable: Running servers 0 2013/11/13 20:29:13.690| commBind: Cannot bind socket FD 25 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.690| commBind: Cannot bind socket FD 26 to [::1]: (99) Cannot assign requested address 2013/11/13 20:29:13.690| ERROR: Failed to create helper child read FD: UDP[::1] 2013/11/13 20:29:36.841| helper.cc(1180) GetFirstAvailable: GetFirstAvailable: Running servers 0
2013/11/13 20:29:36.841| Starting new basicauthenticator helpers...
2013/11/13 20:29:36.841| helperOpenServers: Starting 1/20 'basic_ldap_auth' processes 2013/11/13 20:29:36.853| helper.cc(1180) GetFirstAvailable: GetFirstAvailable: Running servers 1 2013/11/13 20:29:36.855| helper.cc(1322) helperDispatch: helperDispatch: Request sent to basicauthenticator #1, 23 bytes 2013/11/13 20:29:36.856| helper.cc(1180) GetFirstAvailable: GetFirstAvailable: Running servers 1 2013/11/13 20:29:36.856| helper.cc(1213) GetFirstAvailable: GetFirstAvailable: Least-loaded helper is overloaded! 2013/11/13 20:29:36.856| helper.cc(418) helperSubmit: helperSubmit: administrator Pa77w0rd

2013/11/13 20:29:36.906| helper.cc(901) helperHandleRead: helperHandleRead: 3 bytes from basicauthenticator #1 2013/11/13 20:29:36.906| helper.cc(910) helperHandleRead: helperHandleRead: 'OK
'
2013/11/13 20:29:36.906| helper.cc(926) helperHandleRead: helperHandleRead: end of reply found 2013/11/13 20:29:36.907| external_acl.cc(793) aclMatchExternal: acl="memberof" 2013/11/13 20:29:36.907| external_acl.cc(822) aclMatchExternal: No helper entry available 2013/11/13 20:29:36.907| external_acl.cc(826) aclMatchExternal: memberof check user authenticated. 2013/11/13 20:29:36.907| external_acl.cc(832) aclMatchExternal: memberof user is authenticated. 2013/11/13 20:29:36.907| external_acl.cc(856) aclMatchExternal: memberof("administrator InternetAccess") = lookup needed 2013/11/13 20:29:36.907| external_acl.cc(858) aclMatchExternal: "administrator InternetAccess": entry=@0, age=0 2013/11/13 20:29:36.907| WARNING: external ACL 'memberof' queue overload. Request rejected 'administrator InternetAccess'. 2013/11/13 20:29:36.907| helper.cc(1180) GetFirstAvailable: GetFirstAvailable: Running servers 1

-----Oorspronkelijk bericht----- From: Eliezer Croitoru
Sent: Wednesday, November 13, 2013 7:15 PM
To: Andrey ‪ ; squid-users@xxxxxxxxxxxxxxx
Subject: Re: Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

Thanks Andrey,

On 11/13/2013 07:54 PM, Andrey ‪ wrote:
I found a solution!

Problem was with IPv6.
When squid tries to run the helper he asks IPv6, which I have disabled.
Therefore, in logs appears following line of code:
WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process.

Just to get a more accurate data:
What ipv6? do the helper got an IPV6 in the request? ipv6 of the client?

Thanks,
Eliezer







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux