[squid-users] (squid): nss_ldap: reconnecting to LDAP server...

Hi all,

We're experiencing an unusual problem with squid. Our squid box was
being used for 500 users of It department (not concurrent). No problems
at all. Yesterday we expand the use of squid for the whole main office
of my company (3000 users total, not concurrent). After 1 hour the users
were being prompted for username and password for Squid (we use NTLM
authentication against AD 2000). Due to lots of complaining we had to
move back the users except ones from IT department.
Access.log and Cache.log (even with debug enabled) don't show nothing
relevant. But I found this in /var/log/messages:

May 30 16:11:08 SquidServer (squid): nss_ldap: reconnecting to LDAP
server...
May 30 16:11:08 SquidServer (squid): nss_ldap: reconnected to LDAP
server after 1 attempt(s)
May 30 17:04:21 SquidServer (squid): nss_ldap: reconnecting to LDAP
server...
May 30 17:04:21 SquidServer (squid): nss_ldap: reconnected to LDAP
server after 1 attempt(s)

None of the above messages were found in /var/log/messages before we
increased the number of users of squid.
Does anyone know what those messages mean?

Below is my squid.conf file.
Thaks in advance,

Carlos Eduardo.

#
http_port 3128 8080
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
coredump_dir /cache

# TAG: icon_directory
# Where the icons are stored. These are normally kept in
# /usr/local/squid/share/icons
#
#Default:
 icon_directory /usr/local/squid/share/icons

# TAG: short_icon_urls
# If this is enabled Squid will use short URLs for icons.
#
# If off the URLs for icons will always be absolute URLs
# including the proxy name and port.
#
#Default:
short_icon_urls off

auth_param ntlm program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 65
#auth_param ntlm max_challenge_reuses 0
auth_param ntlm use_ntlm_negotiate on
auth_param ntlm max_challenge_lifetime 15 minutes

auth_param basic program /usr/local/samba/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 8
auth_param basic realm Bacen
auth_param basic credentialsttl 2 hours

external_acl_type NTGroup children=35 %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl

acl PURGE method PURGE
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl to_localhost dst 127.0.0.0/8
acl RSFN_port port 1414
acl IWSS_port port 1812
acl SSL_ports port 443
acl Safe_ports port 80 21 443 8080 81 4505 82 # http
acl CONNECT method CONNECT

acl SNMP_SQUID snmp_community squidbc
acl USUARIOS_PERMITIDOS external NTGroup @BACEN_INTERNET
acl TERMO external NTGroup @DEINF_TERMO
acl DOMINIOS_FECHADOS dstdomain "/usr/local/squid/etc/dominios_fechados"
acl SUBDOM_LIBERADOS url_regex -i
"/usr/local/squid/etc/subdom_liberados"
acl PRE_TERMO url_regex "/usr/local/squid/etc/pre_termo"
acl SITES_FECHADOS url_regex -i "/usr/local/squid/etc/sites_fechados"
acl BB url_regex -i "/usr/local/squid/etc/banco_do_brasil"
acl WINDOWS_UPDATE url_regex -i .windowsupdate.microsoft.com
acl ANTIVIRUS urlpath_regex -i "/usr/local/squid/etc/lista_antivirus"
acl Downloads_Proibidos urlpath_regex -i \.(scr)($|\?)
acl JAVA_BROWSER browser Java

http_access allow PURGE localhost
http_access allow manager localhost
http_access allow JAVA_BROWSER PRE_TERMO
http_access deny manager
http_access deny TERMO
http_access allow SUBDOM_LIBERADOS
http_access deny Downloads_Proibidos
deny_info ACESSO_NEGADO Download_Proibidos
http_access deny DOMINIOS_FECHADOS
deny_info ACESSO_NEGADO DOMINIOS_FECHADOS
http_access deny SITES_FECHADOS
deny_info ACESSO_NEGADO SITES_FECHADOS
http_access allow RSFN_port RSFN
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow BB
http_access allow ANTIVIRUS
http_access allow WINDOWS_UPDATE
http_access allow USUARIOS_PERMITIDOS

http_reply_access allow all

http_access deny PURGE
http_access deny all
icp_access deny all

always_direct allow BB
always_direct allow WINDOWS_UPDATE
always_direct deny ANTIVIRUS

never_direct allow all

strip_query_terms off

cache_effective_user nobody
visible_hostname squid
cache_peer 172.17.205.101 parent 8088 7 no-query default

cache_mem 8 MB #Default
cache_dir diskd /cache 10000 16 256 Q1=64 Q2=72

cache_access_log /var/log/squid/access.log
#useragent_log /var/log/squid/user_agent.log
cache_log /var/log/squid/cache.log
cache_store_log none

#debug_options ALL,2
#debug_options ALL,1 33,2 28,9

# Configuracoes SNMP
snmp_port 3401
snmp_access allow squid_snmp_comunity localhost
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0
Received on Tue May 31 2005 - 13:42:13 MDT