mein erster Post hier und schon ein Problem ;)
Ich habe hier ein installiertes Debian Lenny und einen Windows Server 2008. Nun möchte ich gerne die
Authentifizierung über LDAP/Kerberos auf die Windows Domäne benutzen. Hierfür habe ich das folgende
HowTo benutzt:
http://serverfault.com/questions/66556/ ... 857#105857
Bin alles Schritt für Schritt durchgegangen, habe allerdings derzeit das Problem, dass der Squid-
Daemon nicht starten möchte. Im cache.log File schreibt er, dass dem squid User eine Berechtigung
auf squid_kerb_ldap fehlt, der User squid und die Gruppe squid haben aber alle Rechte.
Jetzt weiß ich nicht, woran's hakt. Hier die Berechtigung auf den eben genannten Ordner:
Code: Select all
squid:/opt/squid-3.0/sbin# la
insgesamt 9,2M
drwxr-xr-x 3 squid squid 1,0K 7. Jan 21:02 .
drwxr-xr-x 8 squid squid 1,0K 20. Jan 21:02 ..
-rwxr-xr-x 1 squid squid 9,2M 3. Nov 23:16 squid
-rwxr-xr-x 1 squid squid 31K 7. Jan 21:02 squid_kerb_auth
drwxrwxrwx 5 squid squid 1,0K 3. Nov 23:56 squid_kerb_ldap
squid:/opt/squid-3.0/sbin#
Code: Select all
2010/01/24 18:09:37| Starting Squid Cache version 3.0.STABLE18 for i686-pc-linux-gnu...
2010/01/24 18:09:37| Process ID 2793
2010/01/24 18:09:37| With 1024 file descriptors available
2010/01/24 18:09:37| DNS Socket created at 0.0.0.0, port 37955, FD 7
2010/01/24 18:09:37| Adding domain homebase.local from /etc/resolv.conf
2010/01/24 18:09:37| Adding domain homebase.local from /etc/resolv.conf
2010/01/24 18:09:37| Adding nameserver 192.168.100.1 from /etc/resolv.conf
2010/01/24 18:09:37| Adding nameserver 192.168.100.254 from /etc/resolv.conf
2010/01/24 18:09:37| helperOpenServers: Starting 10/10 'squid_kerb_auth' processes
2010/01/24 18:09:38| helperOpenServers: Starting 5/5 'squid_kerb_ldap' processes
2010/01/24 18:09:38| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied
2010/01/24 18:09:38| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied
2010/01/24 18:09:38| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied
2010/01/24 18:09:38| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied
2010/01/24 18:09:38| ipcCreate: /opt/squid-3.0/sbin/squid_kerb_ldap: (13) Permission denied
2010/01/24 18:09:38| Unlinkd pipe opened on FD 27
2010/01/24 18:09:38| Swap maxSize 102400 + 8192 KB, estimated 8507 objects
2010/01/24 18:09:38| Target number of buckets: 425
2010/01/24 18:09:38| Using 8192 Store buckets
2010/01/24 18:09:38| Max Mem size: 8192 KB
2010/01/24 18:09:38| Max Swap size: 102400 KB
2010/01/24 18:09:38| Rebuilding storage in /var/cache/squid-3.0 (DIRTY)
2010/01/24 18:09:38| Using Least Load store dir selection
2010/01/24 18:09:38| chdir: /opt/squid-3.0/var/cache: (2) No such file or directory
2010/01/24 18:09:38| Current Directory is /
2010/01/24 18:09:38| Loaded Icons.
2010/01/24 18:09:38| Accepting HTTP connections at 0.0.0.0, port 3128, FD 28.
2010/01/24 18:09:38| Accepting ICP messages at 0.0.0.0, port 3130, FD 29.
2010/01/24 18:09:38| HTCP Disabled.
2010/01/24 18:09:38| Ready to serve requests.
2010/01/24 18:09:38| WARNING: SQUID_KERB_LDAP #1 (FD 19) exited
2010/01/24 18:09:38| WARNING: SQUID_KERB_LDAP #2 (FD 20) exited
2010/01/24 18:09:38| WARNING: SQUID_KERB_LDAP #3 (FD 21) exited
2010/01/24 18:09:38| WARNING: SQUID_KERB_LDAP #4 (FD 22) exited
2010/01/24 18:09:38| Too few SQUID_KERB_LDAP processes are running
FATAL: The SQUID_KERB_LDAP helpers are crashing too rapidly, need help!
Squid Cache (Version 3.0.STABLE18): Terminated abnormally.
CPU Usage: 0.452 seconds = 0.024 user + 0.428 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
total space in arena: 2984 KB
Ordinary blocks: 2970 KB 3 blks
Small blocks: 0 KB 0 blks
Holding blocks: 1508 KB 7 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 13 KB
Total in use: 4478 KB 150%
Total free: 13 KB 0%
Code: Select all
auth_param negotiate program /opt/squid-3.0/sbin/squid_kerb_auth -d -s HTTP/squid.homebase.local
auth_param negotiate children 10
auth_param negotiate keep_alive on
external_acl_type SQUID_KERB_LDAP ttl=3600 negative_ttl=3600 %LOGIN /opt/squid-3.0/sbin/squid_kerb_ldap -d -g SQUID_USERS
acl AUTHENTICATED proxy_auth REQUIRED
acl LDAP_GROUP_CHECK external SQUID_KERB_LDAP
acl localnet src 192.168.100.0/24 # RFC1918 possible internal network
http_access allow LDAP_GROUP_CHECK
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
cache_dir ufs /var/cache/squid-3.0 100 16 256
access_log /var/log/squid-3.0/access.log squid
cache_log /var/log/squid-3.0/cache.log
cache_store_log /var/log/squid-3.0/store.log
pid_filename /var/run/squid-3.0.pid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
Meine Windows 2008 Domäne heißt: homebase.local
Der squid Server heißt: squid
Wenn ich den Deamon starte und mit htop mal schnell schaue, was passiert, versucht er ca.
3 mal, squid zu starten und dann bricht er ab. Hier ein Screenshot während des Versuches:
http://foto.arcor-online.net/palb/alben ... 376538.jpg
Jemand eine Idee dazu?
Gruß
Checknix