[squid-users] [squid ] externalAclLookup: 'wbinfo_group_helper' queue overload.
Jagannath Naidu
jagannath.naidu at fosteringlinux.com
Mon Apr 20 07:31:21 UTC 2015
Hi,
I am having this issue very frequently. Please help on this.
I get these errors randomly, mostly when usage is at very peak. (800 users)
/var/log/squid/cache.log
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2ce518)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2cf038)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99ada7ce8)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e247b28)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e247b28)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99c25a578)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2daae8)
got NTLMSSP command 3, expected 1
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2eb108)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2f0798)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2f3c58)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e2ff3a8)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99adbba48)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99adbba48)
2015/04/20 12:37:40| externalAclLookup: 'wbinfo_group_helper' queue
overload (ch=0x7fc99e323d18)
Then squid stops working. For squid to start work again, I have to dlete
the cache and restart the squid "squid -k reconfigure", and then squid
restart.
squid.conf
max_filedesc 17192
acl manager proto cache_object
acl localhost src 172.16.50.61/24
http_access allow manager localhost
dns_nameservers 172.16.3.34 10.1.2.91
acl allowips src 172.16.58.187 172.16.16.192 172.16.58.113 172.16.58.63
172.16.58.98 172.16.60.244 172.16.58.165 172.16.58.157
http_access allow allowips
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours external_acl_type nt_group ttl=0
children=60 %LOGIN /usr/lib64/squid/wbinfo_group.pl
acl localnet src 172.16.0.0/24
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics
--helper-protocol=squid-2.5-ntlmssp --domain=HTMEDIA.NET
auth_param ntlm children 600
auth_param ntlm keep_alive off
auth_param negotiate children 150
auth_param negotiate keep_alive off
visible_hostname GGNPROXY01.HTMEDIA.NET
external_acl_type wbinfo_group_helper ttl=0 children=40 %LOGIN
/usr/lib64/squid/wbinfo_group.pl -d
auth_param negotiate keep_alive off
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --domain=HTMEDIA.NET
acl Safe_ports port 8080 #https
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl auth proxy_auth REQUIRED
acl google dstdomain -i "/etc/squid/google_site.com"
http_access allow google
acl sq1 external wbinfo_group_helper "/etc/squid/HT/sq1"
acl sq2 external wbinfo_group_helper "/etc/squid/HT/sq2"
acl sq3 external wbinfo_group_helper "/etc/squid/HT/sq3"
acl sq4 external wbinfo_group_helper "/etc/squid/HT/sq4"
acl sq5 external wbinfo_group_helper "/etc/squid/HT/sq5"
acl pro1 external wbinfo_group_helper "/etc/squid/HT/pro1"
acl pro2 external wbinfo_group_helper "/etc/squid/HT/pro2"
acl pro3 external wbinfo_group_helper "/etc/squid/HT/pro3"
acl pro4 external wbinfo_group_helper "/etc/squid/HT/pro4"
acl pro5 external wbinfo_group_helper "/etc/squid/HT/pro5"
acl pro6 external wbinfo_group_helper "/etc/squid/HT/pro6"
acl webvip external wbinfo_group_helper "/etc/squid/HT/webvip"
acl allgroup external wbinfo_group_helper "/etc/squid/HT/allgreop"
acl restricted external wbinfo_group_helper "/etc/squid/HT/restricted"
acl ad_auth proxy_auth REQUIRE
acl allowwebsites dstdomain -i "/blacklists/allowedwebsite/domains"
acl allowwebsites_url url_regex -i "/blacklists/allowedwebsite/url"
http_access allow allowwebsites
http_access allow allowwebsites_url
acl shopping dstdomain -i "/etc/squid/shopping.txt"
acl social_networking dstdomain -i "/blacklists/social/social.networking"
acl youtube dstdomain -i .youtube.com
http_access allow Safe_ports pro1 pro2 pro3 pro4 pro5 pro6 webvip
http_access allow youtube pro5
http_access allow youtube pro6
http_access allow youtube webvip
http_access deny youtube
http_access allow shopping pro5
http_access allow shopping pro6
http_access allow shopping webvip
http_access deny shopping
http_access allow social_networking pro2
http_access allow social_networking pro4
http_access allow social_networking pro6
http_access allow social_networking webvip
http_access deny social_networking
acl porn_site1 dstdomain "/etc/squid/blacklists/porn/domains.txt"
acl porn_site2 dstdom_regex -i "/etc/squid/blacklists/porn/expressions"
acl porn_site3 dstdom_regex -i "/etc/squid/blacklists/porn/urls.txt"
acl audio_video1 dstdomain "/etc/squid/blacklists/audio-video/urls.txt"
###################### THERE ARE TOO MANY acls and http_access , so not
bothering with vast linux
http_access allow liquorinfo webvip
http_access deny liquorinfo
http_access allow ad_auth
http_access allow auth
http_access allow sq1 sq2
acl NTLMUsers proxy_auth REQUIRED
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_port 8080
hierarchy_stoplist cgi-bin ?
cache_effective_user squid
cache_dir aufs /var/spool/squid 20384 32 512
cache_mem 50 MB
cache_replacement_policy heap LFUDA
cache_swap_low 85
cache_swap_high 95
maximum_object_size 5 MB
maximum_object_size_in_memory 50 KB
ipcache_size 5240
ipcache_low 90
ipcache_high 95
cache_mgr amit
cachemgr_passwd keenable at 123
acl SSL_ports port 443
http_access allow CONNECT SSL_ports
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
url_rewrite_program /usr/local/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
in /var/log/messages, I get the following errors
pr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.329841, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.333903, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.334474, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.339318, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.339710, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.351705, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.352065, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.358560, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: winbindd: Exceeding 200 client
connections, no idle connection found
Apr 20 12:59:15 GGNPROXY01 winbindd[1910]: [2015/04/20 12:59:15.358913, 0]
winbindd/winbindd.c:975(winbindd_listen_fde_handler)
/var/log/squid/cache.log
2015/04/20 12:59:50| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2015/04/20 12:59:50| /var/spool/squid/00/91/000122E6
2015/04/20 12:59:50| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2015/04/20 12:59:50| /var/spool/squid/00/C6/00018D9D
2015/04/20 12:59:50| /var/spool/squid/00/C6/00018D9D
2015/04/20 12:59:50| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2015/04/20 12:59:50| /var/spool/squid/00/F7/0001EE64
2015/04/20 12:59:50| /var/spool/squid/00/F7/0001EE64
2015/04/20 12:59:50| storeSwapOutFileClosed: dirno 0, swapfile 0001EE64,
errflag=FFFFFFFF
2015/04/20 12:59:50| storeSwapOutFileClosed: dirno 0, swapfile 0001EE64,
errflag=FFFFFFFF
2015/04/20 12:59:50| (2) No such file or directory
2015/04/20 12:59:50| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2015/04/20 12:59:50| /var/spool/squid/00/F7/0001EE65
2015/04/20 12:59:50| /var/spool/squid/00/F7/0001EE65
2015/04/20 12:59:50| storeSwapOutFileClosed: dirno 0, swapfile 0001EE65,
errflag=FFFFFFFF
2015/04/20 12:59:50| (2) No such file or directory
2015/04/20 12:59:50| DiskThreadsDiskFile::openDone: (2) No such file or
directory
2015/04/20 12:59:50| /var/spool/squid/00/F7/0001EE66
2015/04/20 12:59:50| storeSwapOutFileClosed: dirno 0, swapfile 0001EE66,
errflag=FFFFFFFF
2015/04/20 12:59:50| (2) No such file or directory
--
Thanks & Regards
B Jagannath
Keen & Able Computers Pvt. Ltd.
+919871324006
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150420/d833c500/attachment-0001.html>
More information about the squid-users
mailing list