[squid-users] Kerberos negotiate slow avg service time

erdosain9 erdosain9 at gmail.com
Tue Feb 27 18:43:48 UTC 2018


Thank you Amos (sorry again Yuri).

And yes, the user are complains.

The problem is this (and sorry for be recurrent with this).

That value avg ms for some times goes up to 3000... and in that moment all
stop.

in the cache.log sometimes, im getting this.

support_sasl.cc(276): pid=3729 :2018/02/27 14:44:35| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=3729 :2018/02/27 14:44:35| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server
2018/02/27 14:44:49 kid1| Error negotiating SSL on FD 45:
error:00000000:lib(0):func(0):reason(0) (5/-1/104)
support_sasl.cc(276): pid=3719 :2018/02/27 14:46:56| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=3719 :2018/02/27 14:46:56| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server
support_sasl.cc(276): pid=3719 :2018/02/27 14:47:18| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=3719 :2018/02/27 14:47:18| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server
support_sasl.cc(276): pid=3729 :2018/02/27 14:47:28| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=3729 :2018/02/27 14:47:28| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server
support_sasl.cc(276): pid=3719 :2018/02/27 14:47:36| kerberos_ldap_group:
ERROR: ldap_sasl_interactive_bind_s error: Can't contact LDAP server
support_ldap.cc(957): pid=3719 :2018/02/27 14:47:36| kerberos_ldap_group:
ERROR: Error while binding to ldap server with SASL/GSSAPI: Can't contact
LDAP server


Is impossible that this problem happend from the squid side? Im thinking
that is a problem in the AD (windows server 2012). 

With more log (-d) i got a lot of this... (just a little). This is working
negotiate_kerberos_pac.cc(376): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: INFO: Got PAC data of lengh 584
negotiate_kerberos_pac.cc(180): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: INFO: Found 4 rids
negotiate_kerberos_pac.cc(188): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: Info: Got rid: 1168
negotiate_kerberos_pac.cc(188): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: Info: Got rid: 512
negotiate_kerberos_pac.cc(188): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: Info: Got rid: 513
negotiate_kerberos_pac.cc(188): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: Info: Got rid: 1132
negotiate_kerberos_pac.cc(256): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: INFO: Got DomainLogonId
S-1-5-21-3939648023-1419124151
-3306617744
negotiate_kerberos_pac.cc(278): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: INFO: Found 1 ExtraSIDs
negotiate_kerberos_pac.cc(327): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: INFO: Got ExtraSid S-1-18-1
negotiate_kerberos_pac.cc(456): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: INFO: Read 540 of 584 bytes 
negotiate_kerberos_auth.cc(778): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: DEBUG: Groups
group=AQUAAAAAAAUVAAAAF0LS6rcdllSQ+xbFk
AQAAA== group=AQUAAAAAAAUVAAAAF0LS6rcdllSQ+xbFAAIAAA==
group=AQUAAAAAAAUVAAAAF0LS6rcdllSQ+xbFAQIAAA==
group=AQUAAAAAAAUVAAAAF0LS6rcdllSQ+xbFbA
QAAA== group=AQEAAAAAABIBAAAA
negotiate_kerberos_auth.cc(783): pid=3973 :2018/02/27 12:08:33|
negotiate_kerberos_auth: DEBUG: AF
oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIG
YBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARub5MOjpO177M/gXJcAdluTnj+29wfwmcbZJVIFDyiXBKLScmwPhaPd2sH4IvcEiBhgddiTbURTRfM7OsWlql7+
uS2I4WWSke5bcRYRIaprvgl3wtCoX9PjSQEmYL0H8LIBL0sQh2fbYftAXyxMGs=
user at MYDOMAIN.LAN
negotiate_kerberos_auth.cc(610): pid=3973 :2018/02/27 12:08:37|
negotiate_kerberos_auth: DEBUG: Got 'YR
YIIHJQYGKwYBBQUCoIIHGTCCBxWgMDAuBgkqhk
iC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBt8EggbbYIIG1wYJKoZIhvcSAQICAQBuggbGMIIGwqADAgEFoQMCAQ6iBwMFACAAAACjggUDYYIE/zCCBPug
AwIBBaEMGwpFTVBEREguTEFOoiMwIaADAgECoRowGBsESFRUUBsQcHJveHkuZW1wZGRoLmxhbqOCBL8wggS7oAMCARKhAwIBA6KCBK0EggSpV5Ofs3WVdVBcsFv+Hm0rIqwv8Lnra2qZOa
8cldCaPT4j6lGbmhe4JphrdI8H+dJbZI42SC1WLj6ettPI1OB5JPc340A6q3X7f9Zjp1rplc/6/n2mNooCah+Epq83CeI2w1bjX24sIwv5Vj5fNv9l5tzRI2vm5hry828+jNNGEamR0Vi5
1wy1HpFRVm39xExs9HiIdVRuVLC2sgXPf3PLLlmE5pKPATPW074v045VnrYXFERgyFN45Le4oBqavwtQ4yxdnVt/3wHzx9B2jYckYp0EMbS4yHMH8trwNJwYWji7zTINkD1s81EMCl0t0R
bQBwt8rLbcYLurOpj95nicRZbfSAkNozbVo1i4sYApjqxZG1xPK1JdNYc927kCayiTSa6emuD2LbXaY47phntoGg77k8JvaSeqL/yNMhPS8/k5PuE1qSaQjSvatAiqUF8fWQRu9O8f4uhQ
LyseKPkBiO6Ll/NgQFXhAQOwxyvunbLZhVz568UsP1EMw8IRU8m6CRXoyHB9xFQVS+QI3PBYXzD3eFtYfofbXJjYm97VZrB+CmmU5K72Azm/bQzwybSbDhqLo9FyKAR2K9lFp0q3/Gt/Gf
+A7z2JR02Nl0spHVjsvJpLJ9G7QeJ/N2ByUs6oHC+95RTIZzpnTi8o+0eRBeG1QXR08OymGsiHPe7QAG90KFe0bGbmS3Q/nVy2kvcBnmnrDpmgkO6Q5pXQmg/25+nw20Cp0nTKSdmaXhcZ
JqiHh8loktMJxwtx1OlOcqy+Rrn2z+Ebp5WRiaBUZA2x95Bxx8QAc6PnPO0jHNyYZBuHO6UPzm71EkC5Af6CEHmXJoIp+/ipCgnMi/8LVRti3RDd/g3tHyk7AvOeGznqfJk0u1feL0oC/v
hx6uUxEG42YTuo7kYEwcYzENFNuqKEWCW8pLPLuw0P6CX76mpwbMSikV9qRcjB1bzDtS5YCkPXYjrCEYam1PcWYC/df8n+364LDDHHGCVWN4dLDaOqGy5xiek7mA6xdR7F0DH4BmzF89Hu
ZHhearwgpOH2gQci8YCwCrZUYbb7VepoXRG1WhiCLXpItF1uC96ERZreCh3FMv9WsOvuZ9W5LkzM6gHtTMRgNi9jQF5Y/OqN9zbAJq2/pFg5CCJA2UMjyrOv+rDq0c48d1ECTc+RYy2ISL
VtvTIQyXe4mxQ7Lmzrej5a3JhMxbICvmVj9tNLoe8JKcbUP0/gV3x8QpRGK7yx7+Zn0v6DCEIyD2cX1LMp0++n5j7rKNjcx9Kq6bkwH1T5qecmScmWf57nVgASGcWtC5fFKW4qpjtC2A74
Nu5lC+z90iGKOIlfXdyJHeQW/LufQDm8h4p731wFR22WD2ki0Z1eavTVibafZOKZIZuMNBfPSmKY9f0rmzCbv9Syxel/tU0Z87tyDid/m8qC2t9krg4Yr/5bAoVXMcDW31PwlSwInxom16
E1aSMarQ0oLo7rx0TSrC1QZj0/DsMWsacy2L1qhylYRU+poQsJaGJhTgZqqIHfoklR0MKN6i0hWJe1PXhvH/QZr4Ftif483pxd8Koq9UYM1aHjw/KSdo2Y1q/KZ2gdH0gIDoVYQNOkggGk
MIIBoKADAgESooIBlwSCAZPiK9yyDUJajCbaipq/vKOjP2JAo4TWDL66hZ2p37D0Y7eLah8oxghut6psDK9rmoUnpgZjZ8uRLDa73+6tlEOpdTyAafyftG5egQXvDzCzluLEnjg4NpQ+Y0
NgrpOYSkUpOijbLrl4jdsAmg9TEDI3qpfSC4Vm22xcs/XUFIwoXGRBRsCriirSNPOqGaayDuP0wJsyq3ldMPYCHmN3K+gsOmuWeJqg5xmjOlCLWarJXg7ZKy9cbgfmFDZNNuq0ihXP7CvT
sH2LSAsr8XLFNbEfR8UQkfGVwnvDsl68FQzSzR4bVkKE5sFJOsloM51R2i2y60TA8q7O4GYmUEXBJEkLWElRc9X4EMq9XCN49+VRxZEFXYP/62gGXfr3kC9sbFm2r4KkozuEEqt5ngjXjHH5+5RklbSDwKhoqnMRmOn8mdPc6ZTqCMahmxbJEJNOvbhQQaI17H46MVt8uBxMbMGXor0i95SOKtnJGlbUkxP6/GDJu/KmzwdJQC7Oa8C7avx/QHKj2LYyVkFkB3kUE5CSJsR0'
from squid (length: 2447).


But, in some moments i get again the :
kerberos_ldap_group: ERROR: Error while binding to ldap server with
SASL/GSSAPI: Can't contact LDAP server

This is probably a Windows server, i repeat, but i ask for if someone know
what can i do. (and maybe ensure that is not a squid problem)

(Again sorry with continue with this).



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list