squid+ntlm (winbind)

uHk · Непрочитанное сообщение **uHk** » 2009-03-03 14:51:02

что происходит?

1236080472.651      8 192.168.0.137 TCP_MISS/200 192 GET http://clck.yandex.ru/click/dtype=stred/pid=30/cid=2121/path=map.hands.moscow/rnd=123608045992/*http://ya.ru m.xoxlov DIRECT/213.180.204.14 image/gif
1236080472.846      4 192.168.0.137 TCP_MISS/302 482 GET http://bs.yandex.ru/count/0NsArrB3GYS40000ZhjqqPe4MmYL0Pi2RrybYAJdNGMUAPAdQBq6YgGv4WIHlD19P0QJXGsBfBsP645_1G00? m.xoxlov DIRECT/213.180.204.90 -
1236080478.823     60 192.168.0.137 TCP_MISS/200 3645 GET http://base04.maps.yandex.net/tiles/2000? m.xoxlov DIRECT/87.250.251.62 image/png
1236080478.825      1 192.168.0.137 TCP_DENIED/407 2812 GET http://base04.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080478.825      1 192.168.0.137 TCP_DENIED/407 2812 GET http://base02.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080478.825     59 192.168.0.137 TCP_HIT/200 8706 GET http://base02.maps.yandex.net/tiles/2000? m.xoxlov NONE/- image/png
1236080479.575      0 192.168.0.137 TCP_DENIED/407 2812 GET http://base01.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.610      0 192.168.0.137 TCP_DENIED/407 2812 GET http://base02.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.626      0 192.168.0.137 TCP_DENIED/407 2812 GET http://base01.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.627      1 192.168.0.137 TCP_DENIED/407 2812 GET http://base02.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.632      1 192.168.0.137 TCP_DENIED/407 3026 GET http://base01.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.633      1 192.168.0.137 TCP_DENIED/407 3026 GET http://base02.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.635      1 192.168.0.137 TCP_DENIED/407 3026 GET http://base01.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.638      2 192.168.0.137 TCP_DENIED/407 3026 GET http://base02.maps.yandex.net/tiles/2000? - NONE/- text/html
1236080479.826    190 192.168.0.137 TCP_MISS/200 16460 GET http://base02.maps.yandex.net/tiles/2000? m.xoxlov DIRECT/87.250.251.62 image/png
1236080479.829    193 192.168.0.137 TCP_MISS/200 12468 GET http://base01.maps.yandex.net/tiles/2000? m.xoxlov DIRECT/87.250.251.62 image/png
1236080479.832    158 192.168.0.137 TCP_MISS/200 10426 GET http://base01.maps.yandex.net/tiles/2000? m.xoxlov DIRECT/87.250.251.62 image/png
1236080479.841    134 192.168.0.137 TCP_MISS/200 12092 GET http://base02.maps.yandex.net/tiles/2000? m.xoxlov DIRECT/87.250.251.62 image/png

Код: Выделить всё

TCP_DENIED/407

- требует авторизацию? почему? при этом в браузере логин не запрашивается, но связь рвется. браузер IE 6.
в логах cache.log

Код: Выделить всё

[2009/03/03 14:05:48, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:48, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:49, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:49, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:49, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:49, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:49, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:49, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!
[2009/03/03 14:05:48, 0] utils/ntlm_auth.c:get_winbind_domain(146)
  could not obtain winbind domain name!

в логе /var/log/samba/log.winbindd-dc-connect

Код: Выделить всё

[2009/03/03 14:35:51, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x805d to machine dc.domain.ru.  Error was SUCCESS - 0
[2009/03/03 14:35:51, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x402c to machine dc.domain.ru.  Error was SUCCESS - 0
[2009/03/03 14:41:12, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x805d to machine dc.domain.ru.  Error was SUCCESS - 0
[2009/03/03 14:41:12, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x402c to machine dc.domain.ru.  Error was SUCCESS - 0
[2009/03/03 14:46:15, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \lsarpc, fnum 0x805d to machine dc.domain.ru.  Error was SUCCESS - 0
[2009/03/03 14:46:15, 1] libsmb/clientgen.c:cli_rpc_pipe_close(386)
  cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x402c to machine dc.domain.ru.  Error was SUCCESS - 0

лог /var/log/log.wb-DOMAIN

Код: Выделить всё

[2009/03/03 14:36:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
  rpccli_netlogon_sam_network_logon: credentials chain check failed
[2009/03/03 14:41:19, 0] libsmb/credentials.c:creds_client_check(324)
  creds_client_check: credentials check failed.
[2009/03/03 14:41:19, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
  rpccli_netlogon_sam_network_logon: credentials chain check failed
[2009/03/03 14:46:36, 0] libsmb/credentials.c:creds_client_check(324)
  creds_client_check: credentials check failed.
[2009/03/03 14:46:36, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(1030)
  rpccli_netlogon_sam_network_logon: credentials chain check failed

Хостинг HostFood.ru · **Хостинг HostFood.ru**

Тарифы на хостинг в России, от 12 рублей: https://www.host-food.ru/tariffs/hosting/
Тарифы на виртуальные сервера (VPS/VDS/KVM) в РФ, от 189 руб.: https://www.host-food.ru/tariffs/virtualny-server-vps/
Выделенные сервера, Россия, Москва, от 2000 рублей (HP Proliant G5, Intel Xeon E5430 (2.66GHz, Quad-Core, 12Mb), 8Gb RAM, 2x300Gb SAS HDD, P400i, 512Mb, BBU):
https://www.host-food.ru/tariffs/vydelennyi-server-ds/
Недорогие домены в популярных зонах: https://www.host-food.ru/domains/

Tabu13 · Непрочитанное сообщение **Tabu13** » 2009-04-10 13:12:36

Up
у меня похожая ситуация. Есть решение проблемы?

snorlov · Непрочитанное сообщение **snorlov** » 2009-04-10 22:57:53

Я думаю телепатов здесь нет

Код: Выделить всё

uname -a

Да и версию samba хотя бы, и вообще машинка в домене хоть?

uHk · Непрочитанное сообщение **uHk** » 2009-04-11 14:36:16

uname -a
FreeBSD int2.ud.ru 7.1-RELEASE FreeBSD 7.1-RELEASE #0: Sat Mar 21 13:03:37 MSK 2009 root@int2.ud.ru:/usr/obj/usr/src/sys/unident_v4 i386

Alex Keda

79 сообщения - а так и не научились оформлять их...

corwax · Непрочитанное сообщение **corwax** » 2010-04-02 10:09:06

все уже прочитал (что смог найти) однако решения так и не нашел проблема похожая, squid не разграничивает права по групам AD пускает всех на все кроме того что определено правилами deny

Squid ставлю первый раз по етому не судите строго

помогите плз решить проблему, скажите плз какие логи и какую инфу выложить для решения проблемы, я зделаю

настраивал по статьеhttp://www.lissyara.su/articles/freebsd ... /squid+ad/

лог сквида

Код: Выделить всё

2010/04/02 15:26:46| WARNING: nt_group #2 (FD 71) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #2 (FD 10) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #1 (FD 8) exited
2010/04/02 15:26:46| WARNING: nt_group #1 (FD 69) exited
2010/04/02 15:26:46| WARNING: basicauthenticator #1 (FD 58) exited
2010/04/02 15:26:46| WARNING: nt_group #5 (FD 77) exited
2010/04/02 15:26:46| WARNING: nt_group #4 (FD 75) exited
2010/04/02 15:26:46| Too few nt_group processes are running
2010/04/02 15:26:46| Starting new helpers
2010/04/02 15:26:46| helperOpenServers: Starting 4/5 'wbinfo_group.pl' processes
2010/04/02 15:26:46| WARNING: nt_group #3 (FD 73) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #24 (FD 54) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #23 (FD 52) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #22 (FD 50) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #21 (FD 48) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #20 (FD 46) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #19 (FD 44) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #18 (FD 42) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #17 (FD 40) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #16 (FD 38) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #15 (FD 36) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #14 (FD 34) exited
2010/04/02 15:26:46| Too few ntlmauthenticator processes are running
2010/04/02 15:26:46| Starting new helpers
2010/04/02 15:26:46| helperOpenServers: Starting 13/25 'ntlm_auth' processes
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
2010/04/02 15:26:46| WARNING: basicauthenticator #5 (FD 66) exited
2010/04/02 15:26:46| WARNING: basicauthenticator #4 (FD 64) exited
2010/04/02 15:26:46| WARNING: basicauthenticator #3 (FD 62) exited
2010/04/02 15:26:46| Too few basicauthenticator processes are running
2010/04/02 15:26:46| Starting new helpers
2010/04/02 15:26:46| helperOpenServers: Starting 4/5 'ntlm_auth' processes
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
[2010/04/02 15:26:46,  0] utils/ntlm_auth.c:174(get_winbind_domain)
  could not obtain winbind domain name!
2010/04/02 15:26:46| WARNING: basicauthenticator #2 (FD 60) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #25 (FD 56) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #12 (FD 30) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #11 (FD 28) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #10 (FD 26) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #9 (FD 24) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #8 (FD 22) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #7 (FD 20) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #6 (FD 18) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #5 (FD 16) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #4 (FD 14) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #3 (FD 12) exited
2010/04/02 15:26:46| WARNING: ntlmauthenticator #13 (FD 32) exited
2010/04/02 15:27:59| Starting Squid Cache version 3.1.0.17 for i386-portbld-freebsd8.0...
2010/04/02 15:27:59| Process ID 1093
2010/04/02 15:27:59| With 7040 file descriptors available
2010/04/02 15:27:59| Initializing IP Cache...
2010/04/02 15:27:59| ipcacheAddEntryFromHosts: Bad IP address '::1'
2010/04/02 15:27:59| DNS Socket created at 0.0.0.0, FD 7
2010/04/02 15:27:59| Adding domain enerprom.ru from /etc/resolv.conf
2010/04/02 15:27:59| Adding nameserver 192.168.1.1 from /etc/resolv.conf
2010/04/02 15:27:59| helperOpenServers: Starting 25/25 'ntlm_auth' processes
2010/04/02 15:27:59| helperOpenServers: Starting 5/5 'ntlm_auth' processes
2010/04/02 15:27:59| helperOpenServers: Starting 5/5 'wbinfo_group.pl' processes
2010/04/02 15:28:01| Unlinkd pipe opened on FD 82
2010/04/02 15:28:01| Store logging disabled
2010/04/02 15:28:01| Swap maxSize 15360000 + 524288 KB, estimated 1221868 objects
2010/04/02 15:28:01| Target number of buckets: 61093
2010/04/02 15:28:01| Using 65536 Store buckets
2010/04/02 15:28:01| Max Mem  size: 524288 KB
2010/04/02 15:28:01| Max Swap size: 15360000 KB
2010/04/02 15:28:01| Version 1 of swap file with LFS support detected...
2010/04/02 15:28:01| Rebuilding storage in /usr/local/squid/cache (DIRTY)
2010/04/02 15:28:01| Using Least Load store dir selection
2010/04/02 15:28:01| Set Current Directory to /usr/local/squid/cache
2010/04/02 15:28:02| Loaded Icons.
2010/04/02 15:28:02| Accepting  HTTP connections at 0.0.0.0:3128, FD 85.
2010/04/02 15:28:02| HTCP Disabled.
2010/04/02 15:28:02| /usr/local/squid/squid.pid: (13) Permission denied
2010/04/02 15:28:02| WARNING: Could not write pid file
2010/04/02 15:28:02| Squid modules loaded: 0
2010/04/02 15:28:02| Ready to serve requests.
2010/04/02 15:28:02| Done reading /usr/local/squid/cache swaplog (391 entries)
2010/04/02 15:28:02| Finished rebuilding storage from disk.
2010/04/02 15:28:02|       384 Entries scanned
2010/04/02 15:28:02|         0 Invalid entries.
2010/04/02 15:28:02|         0 With invalid flags.
2010/04/02 15:28:02|       377 Objects loaded.
2010/04/02 15:28:02|         0 Objects expired.
2010/04/02 15:28:02|         7 Objects cancelled.
2010/04/02 15:28:02|         0 Duplicate URLs purged.
2010/04/02 15:28:02|         0 Swapfile clashes avoided.
2010/04/02 15:28:02|   Took 0.28 seconds (1352.02 objects/sec).
2010/04/02 15:28:02| Beginning Validation Procedure
2010/04/02 15:28:02|   Completed Validation Procedure
2010/04/02 15:28:02|   Validated 779 Entries
2010/04/02 15:28:02|   store_swap_size = 4898
2010/04/02 15:28:02| storeLateRelease: released 0 objects

snorlov · Непрочитанное сообщение **snorlov** » 2010-04-02 10:46:32

Начните для начала с правами на

Код: Выделить всё

2010/04/02 15:28:02| /usr/local/squid/squid.pid: (13) Permission denied

а также на /var/db/samba/winbindd_privileged

corwax · Непрочитанное сообщение **corwax** » 2010-04-02 11:21:31

с pid разобрался а какие на /var/db/samba/winbindd_privileged права должны быть у меня:

Код: Выделить всё

drwxr-x---  2 root  squid    512 Apr  2 17:19 winbindd_privileged

Burner · Непрочитанное сообщение **Burner** » 2010-04-02 12:42:55

правильные права

corwax · Непрочитанное сообщение **corwax** » 2010-04-02 14:31:18

спасибо, вроде заработало, но как то странно буду тестировать

Exomorph

у меня права такие.

Код: Выделить всё

srwxrwxrwx  1 root  wheel  0 Mar  7 17:24 pipe

похоже, что это pipe, а не директория как у предыдущего оратора
кильнуть и перезапустить winbindd ?

forum.lissyara.su

squid+ntlm (winbind)

squid+ntlm (winbind)

Услуги хостинговой компании Host-Food.ru

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)

Re: squid+ntlm (winbind)