Re: negotiate_wrapper: fgets() failed! dying..

Donny Vibianto <l4ng1t@xxxxxxxxx> · Sat, 14 Mar 2015 10:19:28 +0700

hi markus,

unfortunately i move to centos but i still got same error after 9 hours running.

2015/03/14 10:05:43| negotiate_wrapper: received Kerberos token
2015/03/14 10:05:43| negotiate_wrapper: Starting version 1.0.1
2015/03/14 10:05:43| negotiate_wrapper: NTLM command: /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp 
2015/03/14 10:05:43| negotiate_wrapper: Kerberos command: /usr/lib64/squid/negotiate_kerberos_auth -k /etc/squid/PROXY.keytab -s GSS_C_NO_NAME 
FATAL: Received Bus Error...dying.
2015/03/14 10:05:43 kid2| ctx: enter level  0: 'http://citrine.gundam-dc.com/lng/common/cocos/GameView_v2/res/Battle/radar/radar_b_ring.png?ver=1'
2015/03/14 10:05:43 kid2| Closing HTTP port [::]:8000
2015/03/14 10:05:43 kid2| storeDirWriteCleanLogs: Starting...
2015/03/14 10:05:43 kid2|   Finished.  Wrote 0 entries.
2015/03/14 10:05:43 kid2|   Took 0.00 seconds (  0.00 entries/sec).
CPU Usage: 0.133 seconds = 0.066 user + 0.067 sys
Maximum Resident Size: 70224 KB
Page faults with physical i/o: 0
2015/03/14 10:05:43| negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not permitted)
2015/03/14 10:05:43| negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not permitted)

thanks for reply

donny

On Fri, Mar 13, 2015 at 3:43 AM, Markus Moeller <huaraz@xxxxxxxxxxxxxxxx> wrote:

Do you get any more details when you start the wrapper with –d ? 

Markus

"Donny Vibianto" <donny.vibianto@xxxxxxxxx> wrote in message 
news:CAC49LV6SRXbiFcGxqZgAoaHPj1qeifERtSN63ZrDsa_b=iW+1Q@xxxxxxxxxxxxxx...

anyone 
please...? 

On Sat, Mar 7, 2015 at 10:02 PM, Donny Vibianto <donny.vibianto@xxxxxxxxx> wrote:

  Hi 
  Guys,

  After 
  two weeks successful running several authentication in my development 
  environment with average 10-20 users, i encourage myself to put in my 
  production. it was up and ran with +-1000 users but only took 3-5 hours then 
  squid suddenly stopped with error:

  2015/03/06 15:07:59| 
  negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not 
  permitted)
  2015/03/06 15:07:59| 
  negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not 
  permitted)
  2015/03/06 15:07:59| 
  negotiate_wrapper: fgets() failed! dying..... errno=1 (Operation not 
  permitted)
  2015/03/06 15:07:59| 
  negotiate_wrapper: Return 'AF 
  oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARupdwIysaz6zjRSqsI8V4K0X67z4t5a9aOT7WPlyWRrp+1ol2zL6CYTcfZIyAq8q3D00mf+vpIeoiDDmkUkr+vXN+xkpXkWdX5pMD1hBrF4EDOL1RIp9XjpkdfIcEgg8Oia0Ay153sPK3+Tif4bGE= 
  RickyC@company.local
  '
  2015/03/06 15:07:59| 
  negotiate_wrapper: Return 'AF 
  oYG1MIGyoAMKAQChCwYJKoZIhvcSAQICooGdBIGaYIGXBgkqhkiG9xIBAgICAG+BhzCBhKADAgEFoQMCAQ+ieDB2oAMCARKibwRtX5xuxTxrgsKQpg3Y+kUXLOng15XJ7eDByao5YtNPZByv/zRtrz13QgKkCuk+VkXnCAzaii0ri4Mxvd+4BoskIrjf5FuPP3W59wMTCtkPJD85igR/OmQ4Ch09DJ51WGwnOizMuCW+9jg6EsFa1Q== 
  JanTS@company.local

  i use ubuntu server 14.04 
  with newest squid 3.5.2

  Squid Cache: Version 
  3.5.2
  Service Name: squid
  configure options:  
  '--enable-build-info' '--enable-removal-policies=lru,heap' 
  '--enable-ltdl-install' '--enable-storeio=ufs,aufs,rock' 
  '--enable-auth-basic=LDAP' '--enable-auth-negotiate=wrapper,kerberos' 
  '--enable-external-acl-helpers=LDAP_group' '--enable-translation' 
  '--enable-ssl-crtd' '--enable-gnuregex' '--enable-xmalloc-debug' 
  '--enable-xmalloc-debug-trace' '--enable-xmalloc-statistics' 
  '--enable-async-io' '--enable-icmp' '--enable-delay-pools' 
  '--enable-useragent-log' '--enable-kill-parent-hack' '--enable-htpc' 
  '--enable-forw-via-db' '--enable-cache-digests' '--enable-underscores' 
  '--enable-x-accelerator-vary' '--enable-esi' '--enable-inline' 
  '--enable-linux-netfilter' '--with-openssl' 
  '--with-large-files'

  here is my 
  squid.conf:

  # ===================== ACL 
  Cachemgr ============================================
  acl manager url_regex -i 
  ^cache_object:// /squid-internal-mgr/
  acl managerAdmin src 
  "/usr/local/squid/etc/mgradmin.txt"
  acl stream url_regex -i 
  "/usr/local/squid/etc/stream"

  acl download url_regex -i 
  "/usr/local/squid/etc/download"
  acl whitelist url_regex -i 
  "/usr/local/squid/etc/whitelist"
  acl blacklist url_regex -i 
  "/usr/local/squid/etc/blacklist"

  acl SSL_ports port 443
  acl Safe_ports port 80 # http
  acl Safe_ports port 21 # ftp
  acl Safe_ports port 443 # https
  acl Safe_ports port 70 # gopher
  acl Safe_ports port 210 # wais
  acl Safe_ports port 1025-65535 # unregistered ports
  acl Safe_ports port 280 # http-mgmt
  acl Safe_ports port 488 # gss-http
  acl Safe_ports port 591 # filemaker
  acl Safe_ports port 777 # multiling http
  acl http proto http
  acl CONNECT method 
  CONNECT

  # ==================== Authenticate 
  using negotiate_wrapper =====================
  auth_param negotiate program 
  /usr/local/squid/libexec/negotiate_wrapper_auth -d --ntlm /usr/bin/ntlm_auth 
  --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos 
  /usr/local/squid/libexec/negotiate_kerberos_auth -s GSS_C_NO_NAME
  auth_param negotiate children 50 
  startup=0 idle=1
  auth_param negotiate keep_alive 
  off
  # ==================== Authenticate 
  using NTLM ==================================
  auth_param ntlm program 
  /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp 

  auth_param ntlm children 20 
  startup=0 idle=1
  auth_param ntlm keep_alive 
  off
  # ==================== Authenticate 
  using Basic LDAP ============================
  auth_param basic program 
  /usr/local/squid/libexec/basic_ldap_auth -R -b "dc=company,dc=local" -D 
  squid@company.local -w "password" -f sAMAccountName=%s -h 
  idhqvdc01.company.local,idhqvdc02.company.local
  auth_param basic children 5 
  startup=0 idle=1
  auth_param basic realm AGDS Proxy: 
  Please enter your username and password domain
  auth_param basic credentialsttl 1 
  minute
  # ==================== Authenticate 
  to Group Security Actice Directory ==========
  external_acl_type memberof ipv4 
  children-max=10 children-startup=1 %LOGIN 
  /usr/local/squid/libexec/ext_ldap_group_acl -R -K -S -b "dc=company,dc=local" 
  -D squid@company.local -w "password" -f 
  "(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%g,ou=groups,ou=resources,dc=company,dc=local))" 
  -h idhqvdc01.company.local,idhqvdc02.company.local  

  acl auth proxy_auth 
  REQUIRED
  # ==================== ACL Access 
  hour user =====================================
  acl ach1 external memberof 
  "/usr/local/squid/etc/ach1.txt" # 
  access hour 1
  acl ach2 external memberof 
  "/usr/local/squid/etc/ach2.txt" # 
  access hour 2
  acl ach3 external memberof 
  "/usr/local/squid/etc/ach3.txt" # 
  access hour 3
  acl ach4 external memberof 
  "/usr/local/squid/etc/ach4.txt" # 
  access hour 4
  acl ach2time time D 10:00-11:59
  acl ach2time time D 13:00-14:59
  acl ach3time time D 08:00-09:59 
  acl ach3time time D 15:00-16:59
  acl ach4time time D 08:00-16:59
  acl bebastime time D 00:01-07:59 12:00-13:59 
  17:00-23:59

  # 
  ==============================================================================
  http_access deny !Safe_ports # Deny requests to certain unsafe 
  ports
  http_access deny CONNECT 
  !SSL_ports # Deny CONNECT to other 
  than secure SSL ports
  http_access allow manager 
  localhost # Only allow cachemgr 
  access from localhost
  http_access allow manager 
  managerAdmin
  http_access deny 
  manager

  # 
  ==============================================================================
  #http_access allow 
  localnet
  http_access allow 
  localhost
  http_access deny blacklist 
  !bebastime

  http_access allow http Safe_ports 
  whitelist
  http_access allow CONNECT SSL_ports 
  whitelist
  #http_access deny all 
  !auth

  #http_access allow http Safe_ports 
  ach1
  #http_access allow CONNECT 
  SSL_ports ach1
  #http_access allow http Safe_ports 
  ach2 !ach2time
  #http_access allow CONNECT 
  SSL_ports ach2 !ach2time
  #http_access allow http Safe_ports 
  ach3 !ach3time
  #http_access allow CONNECT 
  SSL_ports ach3 !ach3time
  #http_access allow http Safe_ports 
  ach4 !ach4time
  #http_access allow CONNECT 
  SSL_ports ach4 !ach4time

  #http_access allow 
  accesshours1
  #http_access allow accesshours2 
  !ach2time
  #http_access allow 
  accesshours3 !ach3time
  #http_access allow 
  accesshours4 !ach3time

  http_access allow ach1
  http_access allow ach2 
  !ach2time
  http_access allow ach3 
  !ach3time
  http_access allow ach4 
  !ach4time

  http_access deny all # Deny all other access to this 
  proxy
  # 
  ==============================================================================

  cache_dir rock 
  /cache1/squid 97485 max-swap-rate=200 swap-timeout=300

  cache_dir rock /cache2/squid 97485 
  max-swap-rate=200 swap-timeout=300
  coredump_dir 
  /usr/local/squid/var/cache/squid
  # 
  =============================== Refresh Pattern 
  ==============================

  refresh_pattern ^ftp: 1440 
  20% 10080
  refresh_pattern ^gopher: 1440 
  0% 1440
  refresh_pattern -i (/cgi-bin/|\?) 
  0 0% 0
  refresh_pattern . 0 
  20% 4320

  cache_effective_user 
  proxy
  visible_hostname 
  proxy.company.local
  cache_mgr 
  proxyastragraphia
  cachemgr_passwd secret 
  all
  #err_page_stylesheet 
  /usr/local/squid/etc/default.css
  pinger_enable off
  #workers 2

  i was tried to put different acl 
  and put my auth_param at the top of my conf but still dying error. what should 
  i do?
  any assistant or hint would be very 
  appreciate. thanks

  Donny Vibianto

_______________________________________________
squid-users mailing 
list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________

squid-users mailing list

squid-users@xxxxxxxxxxxxxxxxxxxxx

http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users