[squid-users] Negotiate Authenticator and DNS
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Sep 26 04:59:00 UTC 2017
Hey,
How about using a local bind\unbound DNS server that has a forwarding zone defined only for the local domains?
For me it's a bit hard to understand the root cause for the issue but this is the best solution I can think about.
If you need some help about with bind\unbound DNS configurations just send me an email and I will try to help you with that.
All The Bests,
Eliezer
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of erdosain9
Sent: Friday, September 22, 2017 17:37
To: squid-users at lists.squid-cache.org
Subject: [squid-users] Negotiate Authenticator and DNS
Hi.
Im traying to improve the dns response because im having this times:
Negotiate Authenticator Statistics:
program: /lib64/squid/negotiate_kerberos_auth
number active: 32 of 32 (0 shutting down)
requests sent: 72241
replies received: 72241
queue length: 0
avg service time: 56 msec
ID # FD PID # Requests # Replies Flags Time Offset
Request
16 30 22242 38896 38896 0.368 0 (none)
17 32 22243 13404 13404 0.388 0 (none)
18 38 22244 6962 6962 0.126 0 (none)
19 61 22245 3895 3895 0.344 0 (none)
20 65 22246 2636 2636 0.369 0 (none)
21 74 22247 1879 1879 0.124 0 (none)
22 76 22248 1177 1177 0.340 0 (none)
23 78 22249 809 809 0.307 0 (none)
24 79 22250 592 592 0.364 0 (none)
25 81 22251 436 436 0.265 0 (none)
26 94 22252 320 320 0.244 0 (none)
27 96 22253 243 243 0.243 0 (none)
28 98 22254 184 184 0.299 0 (none)
29 109 22255 142 142 0.285 0 (none)
30 111 22256 112 112 0.308 0 (none)
31 113 22257 85 85 0.308 0 (none)
45 473 22285 69 69 0.789 0 (none)
46 475 22286 60 60 0.756 0 (none)
47 480 22287 52 52 1.504 0 (none)
48 495 22288 48 48 1.611 0 (none)
49 499 22289 44 44 1.611 0 (none)
50 580 22291 36 36 1.598 0 (none)
51 596 22292 31 31 1.099 0 (none)
52 593 22293 26 26 0.916 0 (none)
53 547 22308 20 20 0.916 0 (none)
54 550 22309 18 18 0.602 0 (none)
55 551 22310 14 14 0.397 0 (none)
56 553 22311 12 12 0.567 0 (none)
57 552 22312 12 12 0.567 0 (none)
58 397 22313 11 11 0.567 0 (none)
59 407 22314 10 10 0.584 0 (none)
67 436 22355 6 6 1.035 0 (none)
Sometimes much more time, sometimes go to avg service time: 560 msec...
Sorry for my ignorance...
This Negotiate Authenticator is for users??? i mean this is related to, for
example, go to google.com, or is just the time that the user (client pc)
wait for be authenticate??
I think, that is related to go to a web (now i have my doubts). so i make a
dns with bind. and put that dns in squid config, and let the dns from the AD
in second place... but, when i restart this happend:
support_resolv.cc(289): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group:
ERROR: Error while resolving service record _ldap._tcp.DOMAIN.LAN with r
es_search
support_resolv.cc(71): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group:
ERROR: res_search: Unknown service record: _ldap._tcp.DOMAIN.LAN
support_resolv.cc(183): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group:
ERROR: Error while resolving hostname with getaddrinfo: Name or service
not known
support_sasl.cc(276): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=24587 :2017/09/22 11:16:35| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server
So, this post is for two question.
1- The thing about Negotiate Authenticator (that value what represent?)
2- Can i improve making my own dns (apart from the the dns from the domain)?
(i prefer make other dns, than fix the dns from the domain, because i dont
manage that).
Thanks to all, and sorry for the ignorance, and my bad writing (i dont speak
english)
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list