[squid-users] negotiate_wrapper: fgets() failed! dying..

Donny Vibianto l4ng1t at gmail.com
Sat Mar 14 03:19:28 UTC 2015


hi markus,

unfortunately i move to centos but i still got same error after 9 hours
running.

2015/03/14 10:05:43| negotiate_wrapper: received Kerberos token
2015/03/14 10:05:43| negotiate_wrapper: Starting version 1.0.1
2015/03/14 10:05:43| negotiate_wrapper: NTLM command: /usr/bin/ntlm_auth
--diagnostics --helper-protocol=squid-2.5-ntlmssp
2015/03/14 10:05:43| negotiate_wrapper: Kerberos command:
/usr/lib64/squid/negotiate_kerberos_auth -k /etc/squid/PROXY.keytab -s
GSS_C_NO_NAME
FATAL: Received Bus Error...dying.
2015/03/14 10:05:43 kid2| ctx: enter level  0: '
http://citrine.gundam-dc.com/lng/common/cocos/GameView_v2/res/Battle/radar/radar_b_ring.png?ver=1
'
2015/03/14 10:05:43 kid2| Closing HTTP port [::]:8000
2015/03/14 10:05:43 kid2| storeDirWriteCleanLogs: Starting...
2015/03/14 10:05:43 kid2|   Finished.  Wrote 0 entries.
2015/03/14 10:05:43 kid2|   Took 0.00 seconds (  0.00 entries/sec).
CPU Usage: 0.133 seconds = 0.066 user + 0.067 sys
Maximum Resident Size: 70224 KB
Page faults with physical i/o: 0
2015/03/14 10:05:43| negotiate_wrapper: fgets() failed! dying..... errno=1
(Operation not permitted)
2015/03/14 10:05:43| negotiate_wrapper: fgets() failed! dying..... errno=1
(Operation not permitted)

thanks for reply


donny


On Fri, Mar 13, 2015 at 3:43 AM, Markus Moeller <huaraz at moeller.plus.com>
wrote:

>   Do you get any more details when you start the wrapper with –d ?
>
> Markus
>
>  "Donny Vibianto" <donny.vibianto at gmail.com> wrote in message
> news:CAC49LV6SRXbiFcGxqZgAoaHPj1qeifERtSN63ZrDsa_b=iW+1Q at mail.gmail.com...
>   anyone please...?
>
> On Sat, Mar 7, 2015 at 10:02 PM, Donny Vibianto <donny.vibianto at gmail.com>
> wrote:
>
>>  Hi Guys,
>>
>> After two weeks successful running several authentication in my
>> development environment with average 10-20 users, i encourage myself to put
>> in my production. it was up and ran with +-1000 users but only took 3-5
>> hours then squid suddenly stopped with error:
>>
>>  2015/03/06 15:07:59| negotiate_wrapper: fgets() failed! dying.....
>> errno=1 (Operation not permitted)
>> 2015/03/06 15:07:59| negotiate_wrapper: fgets() failed! dying.....
>> errno=1 (Operation not permitted)
>> 2015/03/06 15:07:59| negotiate_wrapper: fgets() failed! dying.....
>> errno=1 (Operation not permitted)
>> 2015/03/06 15:07:59| negotiate_wrapper: Return 'AF
>> oYG2MIGzoAMKAQChCwYJKoZIhvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARupdwIysaz6zjRSqsI8V4K0X67z4t5a9aOT7WPlyWRrp+1ol2zL6CYTcfZIyAq8q3D00mf+vpIeoiDDmkUkr+vXN+xkpXkWdX5pMD1hBrF4EDOL1RIp9XjpkdfIcEgg8Oia0Ay153sPK3+Tif4bGE=
>> RickyC at company.local
>> '
>> 2015/03/06 15:07:59| negotiate_wrapper: Return 'AF
>> oYG1MIGyoAMKAQChCwYJKoZIhvcSAQICooGdBIGaYIGXBgkqhkiG9xIBAgICAG+BhzCBhKADAgEFoQMCAQ+ieDB2oAMCARKibwRtX5xuxTxrgsKQpg3Y+kUXLOng15XJ7eDByao5YtNPZByv/zRtrz13QgKkCuk+VkXnCAzaii0ri4Mxvd+4BoskIrjf5FuPP3W59wMTCtkPJD85igR/OmQ4Ch09DJ51WGwnOizMuCW+9jg6EsFa1Q==
>> JanTS at company.local
>>
>> i use ubuntu server 14.04 with newest squid 3.5.2
>>
>>  Squid Cache: Version 3.5.2
>> Service Name: squid
>> configure options:  '--enable-build-info'
>> '--enable-removal-policies=lru,heap' '--enable-ltdl-install'
>> '--enable-storeio=ufs,aufs,rock' '--enable-auth-basic=LDAP'
>> '--enable-auth-negotiate=wrapper,kerberos'
>> '--enable-external-acl-helpers=LDAP_group' '--enable-translation'
>> '--enable-ssl-crtd' '--enable-gnuregex' '--enable-xmalloc-debug'
>> '--enable-xmalloc-debug-trace' '--enable-xmalloc-statistics'
>> '--enable-async-io' '--enable-icmp' '--enable-delay-pools'
>> '--enable-useragent-log' '--enable-kill-parent-hack' '--enable-htpc'
>> '--enable-forw-via-db' '--enable-cache-digests' '--enable-underscores'
>> '--enable-x-accelerator-vary' '--enable-esi' '--enable-inline'
>> '--enable-linux-netfilter' '--with-openssl' '--with-large-files'
>>
>> here is my squid.conf:
>>
>>  # ===================== ACL Cachemgr
>> ============================================
>> acl manager url_regex -i ^cache_object:// /squid-internal-mgr/
>> acl managerAdmin src "/usr/local/squid/etc/mgradmin.txt"
>> acl stream url_regex -i "/usr/local/squid/etc/stream"
>>
>> acl download url_regex -i "/usr/local/squid/etc/download"
>> acl whitelist url_regex -i "/usr/local/squid/etc/whitelist"
>> acl blacklist url_regex -i "/usr/local/squid/etc/blacklist"
>>
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl http proto http
>> acl CONNECT method CONNECT
>>
>> # ==================== Authenticate using negotiate_wrapper
>> =====================
>> auth_param negotiate program
>> /usr/local/squid/libexec/negotiate_wrapper_auth -d --ntlm
>> /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
>> --kerberos /usr/local/squid/libexec/negotiate_kerberos_auth -s GSS_C_NO_NAME
>> auth_param negotiate children 50 startup=0 idle=1
>> auth_param negotiate keep_alive off
>> # ==================== Authenticate using NTLM
>> ==================================
>> auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
>> --helper-protocol=squid-2.5-ntlmssp
>> auth_param ntlm children 20 startup=0 idle=1
>> auth_param ntlm keep_alive off
>> # ==================== Authenticate using Basic LDAP
>> ============================
>> auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -R -b
>> "dc=company,dc=local" -D squid at company.local -w "password" -f
>> sAMAccountName=%s -h idhqvdc01.company.local,idhqvdc02.company.local
>> auth_param basic children 5 startup=0 idle=1
>> auth_param basic realm AGDS Proxy: Please enter your username and
>> password domain
>> auth_param basic credentialsttl 1 minute
>> # ==================== Authenticate to Group Security Actice Directory
>> ==========
>> external_acl_type memberof ipv4 children-max=10 children-startup=1 %LOGIN
>> /usr/local/squid/libexec/ext_ldap_group_acl -R -K -S -b
>> "dc=company,dc=local" -D squid at company.local -w "password" -f
>> "(&(objectclass=person)(sAMAccountName=%v)(memberof=CN=%g,ou=groups,ou=resources,dc=company,dc=local))"
>> -h idhqvdc01.company.local,idhqvdc02.company.local
>>
>> acl auth proxy_auth REQUIRED
>> # ==================== ACL Access hour user
>> =====================================
>> acl ach1 external memberof "/usr/local/squid/etc/ach1.txt" # access hour
>> 1
>> acl ach2 external memberof "/usr/local/squid/etc/ach2.txt" # access hour
>> 2
>> acl ach3 external memberof "/usr/local/squid/etc/ach3.txt" # access hour
>> 3
>> acl ach4 external memberof "/usr/local/squid/etc/ach4.txt" # access hour
>> 4
>> acl ach2time time D 10:00-11:59
>> acl ach2time time D 13:00-14:59
>> acl ach3time time D 08:00-09:59
>> acl ach3time time D 15:00-16:59
>> acl ach4time time D 08:00-16:59
>> acl bebastime time D 00:01-07:59 12:00-13:59 17:00-23:59
>>
>> #
>> ==============================================================================
>> http_access deny !Safe_ports # Deny requests to certain unsafe ports
>> http_access deny CONNECT !SSL_ports # Deny CONNECT to other than secure
>> SSL ports
>> http_access allow manager localhost # Only allow cachemgr access from
>> localhost
>> http_access allow manager managerAdmin
>> http_access deny manager
>>
>> #
>> ==============================================================================
>> #http_access allow localnet
>> http_access allow localhost
>> http_access deny blacklist !bebastime
>>
>> http_access allow http Safe_ports whitelist
>> http_access allow CONNECT SSL_ports whitelist
>> #http_access deny all !auth
>>
>> #http_access allow http Safe_ports ach1
>> #http_access allow CONNECT SSL_ports ach1
>> #http_access allow http Safe_ports ach2 !ach2time
>> #http_access allow CONNECT SSL_ports ach2 !ach2time
>> #http_access allow http Safe_ports ach3 !ach3time
>> #http_access allow CONNECT SSL_ports ach3 !ach3time
>> #http_access allow http Safe_ports ach4 !ach4time
>> #http_access allow CONNECT SSL_ports ach4 !ach4time
>>
>> #http_access allow accesshours1
>> #http_access allow accesshours2 !ach2time
>> #http_access allow accesshours3 !ach3time
>> #http_access allow accesshours4 !ach3time
>>
>> http_access allow ach1
>> http_access allow ach2 !ach2time
>> http_access allow ach3 !ach3time
>> http_access allow ach4 !ach4time
>>
>> http_access deny all # Deny all other access to this proxy
>> #
>> ==============================================================================
>>
>> cache_dir rock /cache1/squid 97485 max-swap-rate=200 swap-timeout=300
>> cache_dir rock /cache2/squid 97485 max-swap-rate=200 swap-timeout=300
>> coredump_dir /usr/local/squid/var/cache/squid
>> # =============================== Refresh Pattern
>> ==============================
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>>
>> cache_effective_user proxy
>> visible_hostname proxy.company.local
>> cache_mgr proxyastragraphia
>> cachemgr_passwd secret all
>> #err_page_stylesheet /usr/local/squid/etc/default.css
>> pinger_enable off
>> #workers 2
>>
>> i was tried to put different acl and put my auth_param at the top of my
>> conf but still dying error. what should i do?
>> any assistant or hint would be very appreciate. thanks
>>
>>
>> Donny Vibianto
>>
>
>
> ------------------------------
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150314/a30e7421/attachment-0001.html>


More information about the squid-users mailing list