RE: [squid-users] Problem with NTLM authentication - please help!

Hello, my friend.

First of all, thanks for the attention.

It seems that we may have found the cause of the error
(of NTLM). :)

One of the groups that must be checked has changed its
name. So, as it couldn't be found at AD, the
wbinfo_group check was queueing the requests for this
group, but never having an answer, making the requests
get those states (R or B).

We changed the name of the group checked at Squid, and
apparently it stopped happening. We are still
observing it, but we think that it may have solved the
problem.

The other issue (about invalid SID), we have not found
any solution, but if we notice something about it,
sure post to the list.

Thanks for the help!

André

PS: I'll check my Gmail config again! :)

--- Steve Wilson Jr <SWilsonJr@loxias.com> escreveu:

> I've been having the same problem but it hasn't been
> as bad as yours. Every once in awhile I'll see the
> R(reserved) flag. I was told to check the connection
> to the Active Directory. Whatever it is it sounds
> like a Samba issue.
>
> I get the same issue with the invalid sid string
> format too. If you figure this out please let me
> know.
>
> PS: Gmail may not be using Plain Text.
>
> -----Original Message-----
> From: André Marques
> [mailto:andre_sesred@yahoo.com.br]
> Sent: Friday, October 06, 2006 9:45 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] Problem with NTLM
> authentication - please help!
>
> Hi!!
>
> We have two squid proxies running at our site, both
> of
> them with the same versions and configurations
> (Fedora
> Core 5, Samba 3.0.22-1.fc5, installed through rpm,
> and
> Squid 2.5.STABLE13. Both are running on Dell servers
> with the same configuration.
>
> Samba on both machines is configured with "security
> =
> ads", and the testes "wbinfo -t", "wbinfo -u" and
> "wbinfo -g" all runs ok.
>
> One of them is running just fine, but the other is
> crashing every day, due to ntlm authentication
> problems.
>
> The only difference is that the proxy that is
> running
> ok is installed with 64 bits version of Fedora, and
> the other one is running with the 32 bits version.
>
> Squid´s compile options are the following:
>
> configure options: --enable-auth=ntlm,basic
> --enable-delay-pools --enable-snmp
> --enable-useragent-log --prefix=/usr/local/squid
> --enable-ssl --enable-underscores
> --enable-storeio=ufs,aufs,diskd
> --enable-external-acl-helpers=wbinfo_group
>
> The problem we are facing is that ntlm helpers begin
> to enter in "R" and "B" states, until every one of
> them stops authenticating, and then Squid dies. The
> error message associated to the crash is this: " Too
> many queued ntlmauthenticator requests (301 on 60)".
>
>
> During all day, we get the following message as
> well:
> " string_to_sid: Sid S-0-0 is not in a valid
> format."
>
> Does anybody know what could be the problem, or how
> could we trace it? Wich one should be the best
> squid´s
> debug_level for this problem?
>
> Thanks in Advance,
>
> André
>
> PS: By the way, not related to this question, how do
> you users of Gmail can send messages to the list? I
> always try, but even with the option for sending
> messages not in HTML format chosen, i can't send
> messages to the list. If anyone has a hint about
> this
> also, it would be very appreciated. Thanks!
>
>
>
>
>
>
>
>
>
_______________________________________________________
>
> Você quer respostas para suas perguntas? Ou você
> sabe muito e quer compartilhar seu conhecimento?
> Experimente o Yahoo! Respostas !
> http://br.answers.yahoo.com/
>

                
_______________________________________________________
Yahoo! Acesso Grátis - Internet rápida e grátis. Instale
o discador agora!
http://br.acesso.yahoo.com
Received on Mon Oct 09 2006 - 06:27:50 MDT