Anetzberger
Newbie
Hallo zusammen,
ich habe hier warscheinlich nur einen kleinen Denkfehler drinnen, bzw Config fehler. Bin das ganze aber warscheinlich schon zu oft durchgegangen und finde den fehler einfach nicht.
Ich habe mir einen Linux Debian Server eingerichtet mit Squid + AD Anbindung die auch funktioniert.
Jetzt wollte ich nur noch den Squid mitteilen das nur User Surfen dürfen die der gruppe inet angehören. Leider funktioniert das nicht so ganz.
Verstehe aber nicht warum.
Wenn ich jeden Authentifizierten User Erlaube funktioniert das ganze wunderbar. Auch in der Log werden die Domäne+User richtig angezeigt. Also gehe ich davon aus das die Authentifizierung mit der Domäne funktionert.
Der Server hängt auch in der Domäne und
wbinfo -u
wbinfo -g
liefert auch alles korreckt.
So aber wenn ich jetzt
bei Domaene steht natürlich unsere Domaene drinnen.
das require dazu hänge stirbt mir der Proxy sofort wieder ab mit folgender Log:
Cache.log
an was kann das liegen.
Mir kommt das so vor das der befehl nicht richtig ist.
Hier noch die Squid Conf.
Ausgabe von /usr/bin/squid -N -d 1-d 1
ich habe hier warscheinlich nur einen kleinen Denkfehler drinnen, bzw Config fehler. Bin das ganze aber warscheinlich schon zu oft durchgegangen und finde den fehler einfach nicht.
Ich habe mir einen Linux Debian Server eingerichtet mit Squid + AD Anbindung die auch funktioniert.
Jetzt wollte ich nur noch den Squid mitteilen das nur User Surfen dürfen die der gruppe inet angehören. Leider funktioniert das nicht so ganz.
Verstehe aber nicht warum.
Code:
Config zeile:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmsspWenn ich jeden Authentifizierten User Erlaube funktioniert das ganze wunderbar. Auch in der Log werden die Domäne+User richtig angezeigt. Also gehe ich davon aus das die Authentifizierung mit der Domäne funktionert.
Der Server hängt auch in der Domäne und
wbinfo -u
wbinfo -g
liefert auch alles korreckt.
So aber wenn ich jetzt
Code:
auth_param ntlm program /usr/bin/ntlm_auth -–helper-protocol=squid-2.5-ntlmssp --require-membership-of="DOMAENE+inet"das require dazu hänge stirbt mir der Proxy sofort wieder ab mit folgender Log:
Cache.log
Code:
2012/06/21 13:13:38| Starting Squid Cache version 2.7.STABLE9 for x86_64-debian-linux-gnu...
2012/06/21 13:13:38| Process ID 3830
2012/06/21 13:13:38| With 1024 file descriptors available
2012/06/21 13:13:38| Using epoll for the IO loop
2012/06/21 13:13:38| Performing DNS Tests...
2012/06/21 13:13:38| Successful DNS name lookup tests...
2012/06/21 13:13:38| DNS Socket created at 0.0.0.0, port 59113, FD 7
2012/06/21 13:13:38| Adding domain xxxx.xxxx from /etc/resolv.conf
2012/06/21 13:13:38| Adding domain xxxxx.xxxx from /etc/resolv.conf
2012/06/21 13:13:38| Adding nameserver 10.155.10.2 from /etc/resolv.conf
2012/06/21 13:13:38| Adding nameserver 10.155.10.3 from /etc/resolv.conf
2012/06/21 13:13:38| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
username must be specified!
2012/06/21 13:13:38| User-Agent logging is disabled.
2012/06/21 13:13:38| Referer logging is disabled.
Verwendung: [OPTION...]
--helper-protocol=helper protocol to use operate as a stdio-based
helper
--username=STRING username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the
challenge (HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to
the challenge (HEX encoded)
--password=STRING User's plaintext password
--request-lm-key Retrieve LM session key
--request-nt-key Retrieve User (NT) session
........ Zeichen entfernt
2012/06/21 13:13:38| Using Least Load store dir selection
2012/06/21 13:13:38| Set Current Directory to /var/spool/squid
2012/06/21 13:13:38| Loaded Icons.
2012/06/21 13:13:38| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 19.
2012/06/21 13:13:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2012/06/21 13:13:38| HTCP Disabled.
2012/06/21 13:13:38| WCCP Disabled.
2012/06/21 13:13:38| Ready to serve requests.
2012/06/21 13:13:38| WARNING: ntlmauthenticator #2 (FD 9) exited
2012/06/21 13:13:38| WARNING: ntlmauthenticator #1 (FD 8) exited
2012/06/21 13:13:38| WARNING: ntlmauthenticator #3 (FD 10) exited
2012/06/21 13:13:38| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!
Squid Cache (Version 2.7.STABLE9): Terminated abnormally.
CPU Usage: 0.012 seconds = 0.004 user + 0.008 sys
Maximum Resident Size: 20960 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2388 KB
Ordinary blocks: 2343 KB 2 blks
Small blocks: 0 KB 1 blks
Holding blocks: 396 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 44 KB
Total in use: 2739 KB 98%
Total free: 44 KB 2%an was kann das liegen.
Mir kommt das so vor das der befehl nicht richtig ist.
Hier noch die Squid Conf.
Code:
auth_param ntlm program /usr/bin/ntlm_auth -–helper-protocol=squid-2.5-ntlmssp --require-membership-of="domaene+inet"
#auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
#auth_param negotiate program <uncomment and complete this line to activate>
#auth_param negotiate children 5
#auth_param negotiate keep_alive on
#auth_param ntlm program <uncomment and complete this line to activate>
auth_param ntlm children 5
auth_param ntlm keep_alive on
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#Recommended minimum configuration:
acl AuthorizedUsers proxy_auth REQUIRED
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow all AuthorizedUsers
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_port 8080
cache_mem 16 MB
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
ftp_user Squid@Heyco.de
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------
#
# This section contains parameters for the (optional) cache
# announcement service. This service is provided to help
# cache administrators locate one another in order to join or
# create cache hierarchies.
#
# An 'announcement' message is sent (via UDP) to the registration
# service by Squid. By default, the announcement message is NOT
# SENT unless you enable it with 'announce_period' below.
#
# The announcement message includes your hostname, plus the
# following information from this configuration file:
#
# http_port
# icp_port
# cache_mgr
#
# All current information is processed regularly and made
# available on the Web at http://www.ircache.net/Cache/Tracker/.
# TAG: announce_period
# This is how frequently to send cache announcements. The
# default is `0' which disables sending the announcement
# messages.
#
# To enable announcing your cache, just uncomment the line
# below.
#
#Default:
# announce_period 0
#
#To enable announcing your cache, just uncomment the line below.
#announce_period 1 day
# TAG: announce_host
# TAG: announce_file
# TAG: announce_port
# announce_host and announce_port set the hostname and port
# number where the registration message will be sent.
#
# Hostname will default to 'tracker.ircache.net' and port will
# default default to 3131. If the 'filename' argument is given,
# the contents of that file will be included in the announce
# message.
#
#Default:
# announce_host tracker.ircache.net
# announce_port 3131
# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------
# TAG: httpd_accel_no_pmtu_disc on|off
# In many setups of transparently intercepting proxies Path-MTU
# discovery can not work on traffic towards the clients. This is
# the case when the intercepting device does not fully track
# connections and fails to forward ICMP must fragment messages
# to the cache server.
#
# If you have such setup and experience that certain clients
# sporadically hang or never complete requests set this to on.
#
#Default:
# httpd_accel_no_pmtu_disc off
# DELAY POOL PARAMETERS
# -----------------------------------------------------------------------------
# TAG: delay_pools
# This represents the number of delay pools to be used. For example,
# if you have one class 2 delay pool and one class 3 delays pool, you
# have a total of 2 delay pools.
#
#Default:
# delay_pools 0
# TAG: delay_class
# This defines the class of each delay pool. There must be exactly one
# delay_class line for each delay pool. For example, to define two
# delay pools, one of class 2 and one of class 3, the settings above
# and here would be:
#
#Example:
# delay_pools 2 # 2 delay pools
# delay_class 1 2 # pool 1 is a class 2 pool
# delay_class 2 3 # pool 2 is a class 3 pool
#
# The delay pool classes are:
#
# class 1 Everything is limited by a single aggregate
# bucket.
#
# class 2 Everything is limited by a single aggregate
# bucket as well as an "individual" bucket chosen
# from bits 25 through 32 of the IP address.
#
# class 3 Everything is limited by a single aggregate
# bucket as well as a "network" bucket chosen
# from bits 17 through 24 of the IP address and a
# "individual" bucket chosen from bits 17 through
# 32 of the IP address.
#
# NOTE: If an IP address is a.b.c.d
# -> bits 25 through 32 are "d"
# -> bits 17 through 24 are "c"
# -> bits 17 through 32 are "c * 256 + d"
#
#Default:
# none
# TAG: delay_access
# This is used to determine which delay pool a request falls into.
#
# delay_access is sorted per pool and the matching starts with pool 1,
# then pool 2, ..., and finally pool N. The first delay pool where the
# request is allowed is selected for the request. If it does not allow
# the request to any pool then the request is not delayed (default).
#
# For example, if you want some_big_clients in delay
# pool 1 and lotsa_little_clients in delay pool 2:
#
#Example:
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#
#Default:
# none
# TAG: delay_parameters
# This defines the parameters for a delay pool. Each delay pool has
# a number of "buckets" associated with it, as explained in the
# description of delay_class. For a class 1 delay pool, the syntax is:
#
#delay_parameters pool aggregate
#
# For a class 2 delay pool:
#
#delay_parameters pool aggregate individual
#
# For a class 3 delay pool:
#
#delay_parameters pool aggregate network individual
#
# The variables here are:
#
# pool a pool number - ie, a number between 1 and the
# number specified in delay_pools as used in
# delay_class lines.
#
# aggregate the "delay parameters" for the aggregate bucket
# (class 1, 2, 3).
#
# individual the "delay parameters" for the individual
# buckets (class 2, 3).
#
# network the "delay parameters" for the network buckets
# (class 3).
#
# A pair of delay parameters is written restore/maximum, where restore is
# the number of bytes (not bits - modem and network speeds are usually
# quoted in bits) per second placed into the bucket, and maximum is the
# maximum number of bytes which can be in the bucket at any time.
#
# For example, if delay pool number 1 is a class 2 delay pool as in the
# above example, and is being used to strictly limit each host to 64kbps
# (plus overheads), with no overall limit, the line is:
#
#delay_parameters 1 -1/-1 8000/8000
#
# Note that the figure -1 is used to represent "unlimited".
#
# And, if delay pool number 2 is a class 3 delay pool as in the above
# example, and you want to limit it to a total of 256kbps (strict limit)
# with each 8-bit network permitted 64kbps (strict limit) and each
# individual host permitted 4800bps with a bucket maximum size of 64kb
# to permit a decent web page to be downloaded at a decent speed
# (if the network is not being limited due to overuse) but slow down
# large downloads more significantly:
#
#delay_parameters 2 32000/32000 8000/8000 600/8000
#
# There must be one delay_parameters line for each delay pool.
#
#Default:
# none
# TAG: delay_initial_bucket_level (percent, 0-100)
# The initial bucket percentage is used to determine how much is put
# in each bucket when squid starts, is reconfigured, or first notices
# a host accessing it (in class 2 and class 3, individual hosts and
# networks only have buckets associated with them once they have been
# "seen" by squid).
#
#Default:
# delay_initial_bucket_level 50
# WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS
# -----------------------------------------------------------------------------
# TAG: wccp_router
# TAG: wccp2_router
# Use this option to define your WCCP ``home'' router for
# Squid.
#
# wccp_router supports a single WCCP(v1) router
#
# wccp2_router supports multiple WCCPv2 routers
#
# only one of the two may be used at the same time and defines
# which version of WCCP to use.
#
#Default:
# wccp_router 0.0.0.0
# TAG: wccp_version
# This directive is only relevant if you need to set up WCCP(v1)
# to some very old and end-of-life Cisco routers. In all other
# setups it must be left unset or at the default setting.
# It defines an internal version in the WCCP(v1) protocol,
# with version 4 being the officially documented protocol.
#
# According to some users, Cisco IOS 11.2 and earlier only
# support WCCP version 3. If you're using that or an earlier
# version of IOS, you may need to change this value to 3, otherwise
# do not specify this parameter.
#
#Default:
# wccp_version 4
# TAG: wccp2_rebuild_wait
# If this is enabled Squid will wait for the cache dir rebuild to finish
# before sending the first wccp2 HereIAm packet
#
#Default:
# wccp2_rebuild_wait on
# TAG: wccp2_forwarding_method
# WCCP2 allows the setting of forwarding methods between the
# router/switch and the cache. Valid values are as follows:
#
# 1 - GRE encapsulation (forward the packet in a GRE/WCCP tunnel)
# 2 - L2 redirect (forward the packet using Layer 2/MAC rewriting)
#
# Currently (as of IOS 12.4) cisco routers only support GRE.
# Cisco switches only support the L2 redirect assignment method.
#
#Default:
# wccp2_forwarding_method 1
# TAG: wccp2_return_method
# WCCP2 allows the setting of return methods between the
# router/switch and the cache for packets that the cache
# decides not to handle. Valid values are as follows:
#
# 1 - GRE encapsulation (forward the packet in a GRE/WCCP tunnel)
# 2 - L2 redirect (forward the packet using Layer 2/MAC rewriting)
#
# Currently (as of IOS 12.4) cisco routers only support GRE.
# Cisco switches only support the L2 redirect assignment.
#
# If the "ip wccp redirect exclude in" command has been
# enabled on the cache interface, then it is still safe for
# the proxy server to use a l2 redirect method even if this
# option is set to GRE.
#
#Default:
# wccp2_return_method 1
# TAG: wccp2_assignment_method
# WCCP2 allows the setting of methods to assign the WCCP hash
# Valid values are as follows:
#
# 1 - Hash assignment
# 2 - Mask assignment
#
# As a general rule, cisco routers support the hash assignment method
# and cisco switches support the mask assignment method.
#
#Default:
# wccp2_assignment_method 1
# TAG: wccp2_service
# WCCP2 allows for multiple traffic services. There are two
# types: "standard" and "dynamic". The standard type defines
# one service id - http (id 0). The dynamic service ids can be from
# 51 to 255 inclusive. In order to use a dynamic service id
# one must define the type of traffic to be redirected; this is done
# using the wccp2_service_info option.
#
# The "standard" type does not require a wccp2_service_info option,
# just specifying the service id will suffice.
#
# MD5 service authentication can be enabled by adding
# "password=<password>" to the end of this service declaration.
#
# Examples:
#
# wccp2_service standard 0 # for the 'web-cache' standard service
# wccp2_service dynamic 80 # a dynamic service type which will be
# # fleshed out with subsequent options.
# wccp2_service standard 0 password=foo
#
#
#Default:
# wccp2_service standard 0
# TAG: wccp2_service_info
# Dynamic WCCPv2 services require further information to define the
# traffic you wish to have diverted.
#
# The format is:
#
# wccp2_service_info <id> protocol=<protocol> flags=<flag>,<flag>..
# priority=<priority> ports=<port>,<port>..
#
# The relevant WCCPv2 flags:
# + src_ip_hash, dst_ip_hash
# + source_port_hash, dst_port_hash
# + src_ip_alt_hash, dst_ip_alt_hash
# + src_port_alt_hash, dst_port_alt_hash
# + ports_source
#
# The port list can be one to eight entries.
#
# Example:
#
# wccp2_service_info 80 protocol=tcp flags=src_ip_hash,ports_source
# priority=240 ports=80
#
# Note: the service id must have been defined by a previous
# 'wccp2_service dynamic <id>' entry.
#
#Default:
# none
# TAG: wccp2_weight
# Each cache server gets assigned a set of the destination
# hash proportional to their weight.
#
#Default:
# wccp2_weight 10000
# TAG: wccp_address
# TAG: wccp2_address
# Use this option if you require WCCP to use a specific
# interface address.
#
# The default behavior is to not bind to any specific address.
#
#Default:
# wccp_address 0.0.0.0
# wccp2_address 0.0.0.0
# PERSISTENT CONNECTION HANDLING
# -----------------------------------------------------------------------------
#
# Also see "pconn_timeout" in the TIMEOUTS section
# TAG: client_persistent_connections
# TAG: server_persistent_connections
# Persistent connection support for clients and servers. By
# default, Squid uses persistent connections (when allowed)
# with its clients and servers. You can use these options to
# disable persistent connections with clients and/or servers.
#
#Default:
# client_persistent_connections on
# server_persistent_connections on
# TAG: persistent_connection_after_error
# With this directive the use of persistent connections after
# HTTP errors can be disabled. Useful if you have clients
# who fail to handle errors on persistent connections proper.
#
#Default:
# persistent_connection_after_error off
# TAG: detect_broken_pconn
# Some servers have been found to incorrectly signal the use
# of HTTP/1.0 persistent connections even on replies not
# compatible, causing significant delays. This server problem
# has mostly been seen on redirects.
#
# By enabling this directive Squid attempts to detect such
# broken replies and automatically assume the reply is finished
# after 10 seconds timeout.
#
#Default:
# detect_broken_pconn off
# CACHE DIGEST OPTIONS
# -----------------------------------------------------------------------------
# TAG: digest_generation
# This controls whether the server will generate a Cache Digest
# of its contents.
#
#Default:
# digest_generation on
# TAG: digest_bits_per_entry
# This is the number of bits of the server's Cache Digest which
# will be associated with the Digest entry for a given HTTP
# Method and URL (public key) combination. The default is 5.
#
#Default:
# digest_bits_per_entry 5
# TAG: digest_rebuild_period (seconds)
# This is the wait time between Cache Digest rebuilds.
#
#Default:
# digest_rebuild_period 1 hour
# TAG: digest_rewrite_period (seconds)
# This is the wait time between Cache Digest writes to disk.
#
#Default:
# digest_rewrite_period 1 hour
# TAG: digest_swapout_chunk_size (bytes)
# This is the number of bytes of the Cache Digest to write to
# disk at a time. It defaults to 4096 bytes (4KB), the Squid
# default swap page.
#
#Default:
# digest_swapout_chunk_size 4096 bytes
# TAG: digest_rebuild_chunk_percentage (percent, 0-100)
# This is the percentage of the Cache Digest to be scanned at a
# time. By default it is set to 10% of the Cache Digest.
#
#Default:
# digest_rebuild_chunk_percentage 10
# SNMP OPTIONS
# -----------------------------------------------------------------------------
# TAG: snmp_port
# Squid can now serve statistics and status information via SNMP.
# By default it listens to port 3401 on the machine. If you don't
# wish to use SNMP, set this to "0".
#
# Note: on Debian/Linux, the default is zero - you need to
# set it to 3401 to enable it.
#
#Default:
# snmp_port 0
# TAG: snmp_access
# Allowing or denying access to the SNMP port.
#
# All access to the agent is denied by default.
# usage:
#
# snmp_access allow|deny [!]aclname ...
#
#Example:
# snmp_access allow snmppublic localhost
# snmp_access deny all
#
#Default:
# snmp_access deny all
# TAG: snmp_incoming_address
# TAG: snmp_outgoing_address
# Just like 'udp_incoming_address' above, but for the SNMP port.
#
# snmp_incoming_address is used for the SNMP socket receiving
# messages from SNMP agents.
# snmp_outgoing_address is used for SNMP packets returned to SNMP
# agents.
#
# The default snmp_incoming_address (0.0.0.0) is to listen on all
# available network interfaces.
#
# If snmp_outgoing_address is set to 255.255.255.255 (the default)
# it will use the same socket as snmp_incoming_address. Only
# change this if you want to have SNMP replies sent using another
# address than where this Squid listens for SNMP queries.
#
# NOTE, snmp_incoming_address and snmp_outgoing_address can not have
# the same value since they both use port 3401.
#
#Default:
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255
# ICP OPTIONS
# -----------------------------------------------------------------------------
# TAG: icp_port
# The port number where Squid sends and receives ICP queries to
# and from neighbor caches. Default is 3130. To disable use
# "0". May be overridden with -u on the command line.
#
#Default:
# icp_port 3130
# TAG: htcp_port
# The port number where Squid sends and receives HTCP queries to
# and from neighbor caches. To turn it on you want to set it 4827.
# By default it is set to "0" (disabled).
#
#Default:
# htcp_port 0
# TAG: log_icp_queries on|off
# If set, ICP queries are logged to access.log. You may wish
# do disable this if your ICP load is VERY high to speed things
# up or to simplify log analysis.
#
#Default:
# log_icp_queries on
# TAG: udp_incoming_address
# udp_incoming_address is used for UDP packets received from other
# caches.
#
# The default behavior is to not bind to any specific address.
#
# Only change this if you want to have all UDP queries received on
# a specific interface/address.
#
# NOTE: udp_incoming_address is used by the ICP, HTCP, and DNS
# modules. Altering it will affect all of them in the same manner.
#
# see also; udp_outgoing_address
#
# NOTE, udp_incoming_address and udp_outgoing_address can not
# have the same value since they both use the same port.
#
#Default:
# udp_incoming_address 0.0.0.0
# TAG: udp_outgoing_address
# udp_outgoing_address is used for UDP packets sent out to other
# caches.
#
# The default behavior is to not bind to any specific address.
#
# Instead it will use the same socket as udp_incoming_address.
# Only change this if you want to have UDP queries sent using another
# address than where this Squid listens for UDP queries from other
# caches.
#
# NOTE: udp_outgoing_address is used by the ICP, HTCP, and DNS
# modules. Altering it will affect all of them in the same manner.
#
# see also; udp_incoming_address
#
# NOTE, udp_incoming_address and udp_outgoing_address can not
# have the same value since they both use the same port.
#
#Default:
# udp_outgoing_address 255.255.255.255
# TAG: icp_hit_stale on|off
# If you want to return ICP_HIT for stale cache objects, set this
# option to 'on'. If you have sibling relationships with caches
# in other administrative domains, this should be 'off'. If you only
# have sibling relationships with caches under your control,
# it is probably okay to set this to 'on'.
# If set to 'on', your siblings should use the option "allow-miss"
# on their cache_peer lines for connecting to you.
#
#Default:
# icp_hit_stale off
# TAG: minimum_direct_hops
# If using the ICMP pinging stuff, do direct fetches for sites
# which are no more than this many hops away.
#
#Default:
# minimum_direct_hops 4
# TAG: minimum_direct_rtt
# If using the ICMP pinging stuff, do direct fetches for sites
# which are no more than this many rtt milliseconds away.
#
#Default:
# minimum_direct_rtt 400
# TAG: netdb_low
# TAG: netdb_high
# The low and high water marks for the ICMP measurement
# database. These are counts, not percents. The defaults are
# 900 and 1000. When the high water mark is reached, database
# entries will be deleted until the low mark is reached.
#
#Default:
# netdb_low 900
# netdb_high 1000
# TAG: netdb_ping_period
# The minimum period for measuring a site. There will be at
# least this much delay between successive pings to the same
# network. The default is five minutes.
#
#Default:
# netdb_ping_period 5 minutes
# TAG: query_icmp on|off
# If you want to ask your peers to include ICMP data in their ICP
# replies, enable this option.
#
# If your peer has configured Squid (during compilation) with
# '--enable-icmp' that peer will send ICMP pings to origin server
# sites of the URLs it receives. If you enable this option the
# ICP replies from that peer will include the ICMP data (if available).
# Then, when choosing a parent cache, Squid will choose the parent with
# the minimal RTT to the origin server. When this happens, the
# hierarchy field of the access.log will be
# "CLOSEST_PARENT_MISS". This option is off by default.
#
#Default:
# query_icmp off
# TAG: test_reachability on|off
# When this is 'on', ICP MISS replies will be ICP_MISS_NOFETCH
# instead of ICP_MISS if the target host is NOT in the ICMP
# database, or has a zero RTT.
#
#Default:
# test_reachability off
# TAG: icp_query_timeout (msec)
# Normally Squid will automatically determine an optimal ICP
# query timeout value based on the round-trip-time of recent ICP
# queries. If you want to override the value determined by
# Squid, set this 'icp_query_timeout' to a non-zero value. This
# value is specified in MILLISECONDS, so, to use a 2-second
# timeout (the old default), you would write:
#
# icp_query_timeout 2000
#
#Default:
# icp_query_timeout 0
# TAG: maximum_icp_query_timeout (msec)
# Normally the ICP query timeout is determined dynamically. But
# sometimes it can lead to very large values (say 5 seconds).
# Use this option to put an upper limit on the dynamic timeout
# value. Do NOT use this option to always use a fixed (instead
# of a dynamic) timeout value. To set a fixed timeout see the
# 'icp_query_timeout' directive.
#
#Default:
# maximum_icp_query_timeout 2000
# TAG: minimum_icp_query_timeout (msec)
# Normally the ICP query timeout is determined dynamically. But
# sometimes it can lead to very small timeouts, even lower than
# the normal latency variance on your link due to traffic.
# Use this option to put an lower limit on the dynamic timeout
# value. Do NOT use this option to always use a fixed (instead
# of a dynamic) timeout value. To set a fixed timeout see the
# 'icp_query_timeout' directive.
#
#Default:
# minimum_icp_query_timeout 5
hosts_file /etc/hosts
coredump_dir /var/spool/squidAusgabe von /usr/bin/squid -N -d 1-d 1
Code:
2012/06/21 13:45:55| Starting Squid Cache version 2.7.STABLE9 for x86_64-debian-linux-gnu...
2012/06/21 13:45:55| Process ID 3881
2012/06/21 13:45:55| With 1024 file descriptors available
2012/06/21 13:45:55| Using epoll for the IO loop
2012/06/21 13:45:55| Performing DNS Tests...
2012/06/21 13:45:55| Successful DNS name lookup tests...
2012/06/21 13:45:55| DNS Socket created at 0.0.0.0, port 47452, FD 7
2012/06/21 13:45:55| Adding domain xxxx.local from /etc/resolv.conf
2012/06/21 13:45:55| Adding domain xxxx.local from /etc/resolv.conf
2012/06/21 13:45:55| Adding nameserver 10.155.10.2 from /etc/resolv.conf
2012/06/21 13:45:55| Adding nameserver 10.155.10.3 from /etc/resolv.conf
2012/06/21 13:45:55| helperStatefulOpenServers: Starting 5 'ntlm_auth' processes
2012/06/21 13:45:55| User-Agent logging is disabled.
2012/06/21 13:45:55| Referer logging is disabled.
2012/06/21 13:45:55| logfileOpen: opening log /var/log/squid/access.log
2012/06/21 13:45:55| Unlinkd pipe opened on FD 17
2012/06/21 13:45:55| Swap maxSize 102400 + 16384 KB, estimated 9137 objects
2012/06/21 13:45:55| Target number of buckets: 456
2012/06/21 13:45:55| Using 8192 Store buckets
2012/06/21 13:45:55| Max Mem size: 16384 KB
2012/06/21 13:45:55| Max Swap size: 102400 KB
2012/06/21 13:45:55| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2012/06/21 13:45:55| logfileOpen: opening log /var/log/squid/store.log
2012/06/21 13:45:55| Rebuilding storage in /var/spool/squid (DIRTY)
2012/06/21 13:45:55| Using Least Load store dir selection
2012/06/21 13:45:55| Set Current Directory to /var/spool/squid
2012/06/21 13:45:55| Loaded Icons.
2012/06/21 13:45:55| Accepting proxy HTTP connections at 0.0.0.0, port 8080, FD 19.
2012/06/21 13:45:55| Accepting ICP messages at 0.0.0.0, port 3130, FD 20.
2012/06/21 13:45:55| HTCP Disabled.
2012/06/21 13:45:55| WCCP Disabled.
2012/06/21 13:45:55| Ready to serve requests.
2012/06/21 13:45:55| WARNING: ntlmauthenticator #3 (FD 10) exited
2012/06/21 13:45:55| WARNING: ntlmauthenticator #1 (FD 8) exited
2012/06/21 13:45:55| WARNING: ntlmauthenticator #4 (FD 11) exited
2012/06/21 13:45:55| Too few ntlmauthenticator processes are running
FATAL: The ntlmauthenticator helpers are crashing too rapidly, need help!