LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
Search this Thread
Old 05-18-2009, 11:42 AM   #1
lhiggie
LQ Newbie
 
Registered: Feb 2006
Location: Louisville, KY, USA
Distribution: RHEL 3, RHEL 4, RHEL 5, RHEL6
Posts: 10

Rep: Reputation: 0
Unhappy Issue with squid crashing with NTLM Auth


All,

Thank you in advance for any help you can provide. We are currently using squid 3.0 STABLE 13 and squidGuard 1.3 with NTLM Authentication on a SuSE 10 server. squid has been working beautifully however as the number of users have grown we now have a issue with squid crashing when there are I assume no more available ntlm_auths left. Here is a section of my squid.conf as the whole file is too long to post here:

#NTLM Setup
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 240
# auth_param ntlm max_challenge_reuses 0 #added by Lee Higginbotham
# auth_param ntlm max_challenge_lifetime 2 minutes #added by Lee Higginbotham
external_acl_type nt_group ttl=10 children=25 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
redirect_program /usr/local/bin/squidGuard
redirect_children 30
redirect_rewrites_host_header off
redirector_bypass off

If you will note two of the commented out lines that have "added by..." I am thinking will help my issue. I also think by changing the half_closed_clients to "off". It currently is commented out:

# TAG: half_closed_clients
# Some clients may shutdown the sending side of their TCP
# connections, while leaving their receiving sides open. Sometimes,
# Squid can not tell the difference between a half-closed and a
# fully-closed TCP connection. By default, half-closed client
# connections are kept open until a read(2) or write(2) on the
# socket returns an error. Change this option to 'off' and Squid
# will immediately close client connections when read(2) returns
# "no more data to read."
#
#Default:
# half_closed_clients on

I have two questions:

1. What is the maximum number the auth_param ntlm children can have?
2. Would the max_challenge_reuses, max_challenge_lifetime and half_closed_clients option assist with the possible crashing of squid?

Again, thank you for any assistance.

Sincerely,
Lee

I've changed the half_closed_clients option to off and it is still crashing. Really, any help at this point would be great!!!

More information...Squid was working very well until we upgraded our AD to Windows 2008. So, it looks like it might be a problem with the authentication with 2008. I'm going to do more research! Thanks to all in advance of any help.

Last edited by lhiggie; 05-20-2009 at 07:40 AM. Reason: Update to the post
 
Old 05-26-2009, 07:52 AM   #2
lhiggie
LQ Newbie
 
Registered: Feb 2006
Location: Louisville, KY, USA
Distribution: RHEL 3, RHEL 4, RHEL 5, RHEL6
Posts: 10

Original Poster
Rep: Reputation: 0
All, I have gotten this error fixed by increasing the auth_param ntlm children from 240 to 640 and no longer receive the errors I was in the logs.
 
  


Reply

Tags
squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to set up Squid to accept NTLM challenge/responce auth Norman.Maina Linux - Newbie 2 04-28-2010 02:24 PM
Squid NTLM Auth Download Limits seanbenham Linux - Server 2 08-19-2008 07:27 AM
LXer: Installing Dansguardian With Multi-Group Filtering & Squid With NTLM Auth (Debi LXer Syndicated Linux News 0 07-17-2008 09:20 AM
does dansguardian support basic (not ntlm) auth? drokmed Linux - Software 1 10-20-2006 01:14 PM
deny_info, squid, NTLM auth ???? paul_mat Linux - Networking 0 02-10-2006 08:30 PM


All times are GMT -5. The time now is 01:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration