Hi Team.
I'm using SQUID 5.9 + windbindd 4.9.5, the authentication method
is NTLM.
Every day, around 5pm, the internet speed becomes very slow, with
users reporting that websites takes too long to open.
Also, the time that the issue occur is very strange, since is
when most of the users are not in the office anymore
By doing a deep analyze on Proxy server, I manage to find this
error that could be related with this issue.
Cache.log
GENSEC login failed: NT_STATUS_LOGON_FAILURE
GENSEC login failed: NT_STATUS_LOGON_FAILURE
GENSEC login failed: NT_STATUS_LOGON_FAILURE
GENSEC login failed: NT_STATUS_LOGON_FAILURE
Windbindd.log
[2024/07/22 17:06:48.220216, 2]
../source3/winbindd/winbindd.c:1121(remove_client)
final write to client failed: Broken pipe
[2024/07/22 17:06:48.220319, 0]
../source3/winbindd/winbindd.c:1246(winbindd_listen_fde_handler)
winbindd: Exceeding 500 client connections, no idle connection
found
[2024/07/22 17:06:48.261482, 0]
../source3/winbindd/winbindd.c:1246(winbindd_listen_fde_handler)
winbindd: Exceeding 500 client connections, no idle connection
found
[2024/07/22 17:06:48.261857, 2]
../source3/winbindd/winbindd.c:1121(remove_client)
final write to client failed: Broken pipe
[2024/07/22 17:06:48.261926, 0]
../source3/winbindd/winbindd.c:1246(winbindd_listen_fde_handler)
winbindd: Exceeding 500 client connections, no idle connection
found
[2024/07/22 17:06:48.276216, 0]
../source3/winbindd/winbindd.c:1246(winbindd_listen_fde_handler)
winbindd: Exceeding 500 client connections, no idle connection
found
[2024/07/22 17:06:48.276507, 2]
../source3/winbindd/winbindd.c:1121(remove_client)
final write to client failed: Broken pipe
[2024/07/22 17:06:48.276568, 0]
../source3/winbindd/winbindd.c:1246(winbindd_listen_fde_handler)
winbindd: Exceeding 500 client connections, no idle connection
found
[2024/07/22 17:09:02.512093, 1]
../source4/lib/messaging/messaging.c:83(ping_message)
INFO: Received PING message from server 10301 []
[2024/07/22 17:09:02.512159, 1]
../source3/lib/messages.c:131(ping_message)
INFO: Received PING message from PID 10301 []
[2024/07/22 17:11:27.979681, 1]
../source3/winbindd/winbindd_util.c:440(trustdom_list_done)
trustdom_list_done: Could not receive trusts for domain BANK
[2024/07/22 17:11:27.979756, 1]
../source3/winbindd/winbindd_util.c:440(trustdom_list_done)
trustdom_list_done: Could not receive trusts for domain HLGROUP
[2024/07/22 17:12:02.612725, 1]
../source4/lib/messaging/messaging.c:83(ping_message)
INFO: Received PING message from server 4706 []
[2024/07/22 17:12:02.612794, 1]
../source3/lib/messages.c:131(ping_message)
INFO: Received PING message from PID 4706 []
[2024/07/22 17:15:03.307322, 1]
../source4/lib/messaging/messaging.c:83(ping_message)
INFO: Received PING message from server 13541 []
[2024/07/22 17:15:03.307477, 1]
../source3/lib/messages.c:131(ping_message)
INFO: Received PING message from PID 13541 []
[2024/07/22 17:18:02.603927, 1]
../source4/lib/messaging/messaging.c:83(ping_message)
INFO: Received PING message from server 27640 []
[2024/07/22 17:18:02.603983, 1]
../source3/lib/messages.c:131(ping_message)
INFO: Received PING message from PID 27640 []
smb.conf
[global]
netbios name = ASP02
log level = 2
workgroup = mydom
kerberos method = dedicated keytab
dedicated keytab file = /etc/krb5.keytab
realm = mydom.MY
password server = 10.150.1.62
security = ads
winbind enum groups = No
winbind enum users = No
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config mydom:backend = ad
idmap config mydom:schema_mode = rfc2307
idmap config mydom:range = 10000-999999
idmap config mydom:unix_nss_info = yes
tls enabled = yes
ldap ssl = start tls
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
client ldap sasl wrapping = plain
client ntlmv2 auth = Yes
client lanman auth = No
client ldap sasl wrapping = sign
winbind normalize names = No
winbind separator = /
winbind use default domain = yes
winbind nested groups = Yes
winbind reconnect delay = 30
winbind offline logon = true
winbind cache time = 1800
winbind refresh tickets = true
winbind refresh tickets = true
winbind max clients = 500
allow trusted domains = Yes
server signing = auto
client signing = auto
lm announce = No
ntlm auth = No
lanman auth = No
preferred master = No
local master = No
wins support = No
encrypt passwords = yes
printing = bsd
load printers = no
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
min protocol = SMB2
client min protocol = SMB2
client max protocol = SMB3
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
Squid.conf
# kerberos_conf() LockActiveDirectoryToKerberos = 0
#
#KerbAuthMethod = 0/1 and NOT_NTLM = False
auth_param ntlm program /usr/bin/ntlm_auth --domain=mydom.MY
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 500 startup=5 idle=1 concurrency=0
queue-size=2000 on-persistent-overload=ERR
auth_param ntlm keep_alive off
#
# ads groups OK
#Other settings
auth_param basic credentialsttl 7200 seconds
authenticate_ttl 3600 seconds
authenticate_ip_ttl 1 seconds
authenticate_cache_garbage_interval 3600 seconds
acl authFailed src all
acl AUTHENTICATED proxy_auth REQUIRED
# END NTLM Parameters --------------------------------
# Basic authentication for other browser that did not supports
NTLM
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 60 startup=2 idle=1
auth_param basic realm Active Directory Basic Identification
auth_param basic credentialsttl 7200 seconds
authenticate_ttl 3600 seconds
authenticate_ip_ttl 1 seconds
authenticate_cache_garbage_interval 3600 seconds
# ldap_auth_ad() EnableAdLDAPAuth = 0 - SKIP
# ads groups OK
# --------------------------------------------------
|