freebsd 5.3 установил samba3 из портов с winbind, ads, ldap поддержкой. smb.conf: [global] workgroup = TG server string = SQUID Server security = ads hosts allow = 192.168.111. 127.0.0.1 log file = /var/log/samba/log.%m max log size = 500 password server = server.tg.local realm = tg.local passdb backend = tdbsam socket options = TCP_NODELAY local master = no os level = 0 domain master = no preferred master = no domain logons = no display charset = koi8-r unix charset = koi8-r dos charset = cp866 encrypt passwords = yes winbind use default domain = no winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind separator = + установил squid squid.conf: http_port 3128 icp_port 0 hierarchy_stoplist cgi-bin ? chat acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_mem 32 MB maximum_object_size 8092 KB maximum_object_size_in_memory 512 KB cache_dir ufs /usr/local/squid/cache 1024 16 64 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log none cache_mgr it@tg.local emulate_httpd_log on ftp_user anonymous@qwerty logfile_rotate 3 quick_abort_pct 60 #negative_ttl 1 #half_closed_clients on #http_reply_access allow all redirect_children 20 redirect_program /usr/local/bin/squidGuard #redirector_bypass off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 icap_enable on icap_preview_enable on icap_preview_size 128 icap_send_client_ip on #log_icp_queries off # TAG: auth_param auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off # TAG: acl acl USERS1 proxy_auth REQUIRED acl localhost src 127.0.0.1/255.255.255.255 acl Safe_ports port 80 443 210 119 70 21 1025-65535 acl CONNECT method CONNECT acl all src 0.0.0.0/0.0.0.0 http_access deny !Safe_ports http_access deny CONNECT http_access allow USERS1 http_access allow localhost http_access deny all icap_service service_1 reqmod_precache 0 icap://localhost:1344/srv_clamav icap_service service_2 respmod_precache 1 icap://localhost:1344/srv_clamav icap_class class_antivirus service_2 service_1 icap_access class_antivirus allow all coredump_dir /usr/local/squid/cache pid_filename /usr/local/squid/logs/squid.pid Все wbinfo -p.-t,-u,-g и авторизации по керберосу работают. запускаем winbind -d 9 запускаю сквид на виндовсе прописываю прокси и пытаюсь зайти куда нибудь. сквид падает. логи: access.log: 192.168.111.1 - - [20/Feb/2006:16:23:19 +0300] "GET http://www.ru/ HTTP/1.0" 407 1694 TCP_DENIED:NONE cache.log: 2006/02/20 16:23:15| Starting Squid Cache version 2.5.STABLE12 for i386-portbld-freebsd5.3... ... 2006/02/20 16:23:19| storeDirWriteCleanLogs: Starting... 2006/02/20 16:23:19| WARNING: Closing open FD 34 2006/02/20 16:23:19| Finished. Wrote 0 entries. 2006/02/20 16:23:19| Took 0.0 seconds ( 0.0 entries/sec). FATAL: authenticateNTLMHandleReply: *** Unsupported helper response ***, 'ERR' Squid Cache (Version 2.5.STABLE12): Terminated abnormally. CPU Usage: 0.111 seconds = 0.037 user + 0.074 sys Maximum Resident Size: 7996 KB Page faults with physical i/o: 0 почему сквид падает? как заставить его нормально авторизоваться в AD?
Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.