Squid Kerberos Config

proxy

(Vlad) #1

NethServer Version: 7.4
Module: Squid-Proxy

This is the log file:

2018/02/20 13:21:31 kid1| Adding nameserver 127.0.0.1 from /etc/resolv.conf
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 5/20 ‘ufdbgclient’ processes
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 0/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| helperStatefulOpenServers: No ‘negotiate_kerberos_auth’ processes needed.
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 0/5 ‘basic_pam_auth’ processes
2018/02/20 13:21:31 kid1| helperOpenServers: No ‘basic_pam_auth’ processes needed.
2018/02/20 13:21:31 kid1| Logfile: opening log daemon:/var/log/squid/access.log
2018/02/20 13:21:31 kid1| Logfile Daemon: opening log /var/log/squid/access.log
2018/02/20 13:21:31 kid1| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2018/02/20 13:21:31 kid1| Store logging disabled
2018/02/20 13:21:31 kid1| Swap maxSize 2048000 + 262144 KB, estimated 177703 objects
2018/02/20 13:21:31 kid1| Target number of buckets: 8885
2018/02/20 13:21:31 kid1| Using 16384 Store buckets
2018/02/20 13:21:31 kid1| Max Mem size: 262144 KB
2018/02/20 13:21:31 kid1| Max Swap size: 2048000 KB
2018/02/20 13:21:31 kid1| Rebuilding storage in /var/spool/squid (clean log)
2018/02/20 13:21:31 kid1| Using Least Load store dir selection
2018/02/20 13:21:31 kid1| Set Current Directory to /var/spool/squid
2018/02/20 13:21:31 kid1| Finished loading MIME types and icons.
2018/02/20 13:21:31 kid1| HTCP Disabled.
2018/02/20 13:21:31 kid1| Squid plugin modules loaded: 0
2018/02/20 13:21:31 kid1| Adaptation support is off.
2018/02/20 13:21:31 kid1| Accepting HTTP Socket connections at local=[::]:3128 remote=[::] FD 25 flags=9
2018/02/20 13:21:31 kid1| Store rebuilding is 10.22% complete
2018/02/20 13:21:31 kid1| Done reading /var/spool/squid swaplog (39151 entries)
2018/02/20 13:21:31 kid1| Finished rebuilding storage from disk.
2018/02/20 13:21:31 kid1| 39151 Entries scanned
2018/02/20 13:21:31 kid1| 0 Invalid entries.
2018/02/20 13:21:31 kid1| 0 With invalid flags.
2018/02/20 13:21:31 kid1| 39151 Objects loaded.
2018/02/20 13:21:31 kid1| 0 Objects expired.
2018/02/20 13:21:31 kid1| 0 Objects cancelled.
2018/02/20 13:21:31 kid1| 0 Duplicate URLs purged.
2018/02/20 13:21:31 kid1| 0 Swapfile clashes avoided.
2018/02/20 13:21:31 kid1| Took 0.04 seconds (1059739.06 objects/sec).
2018/02/20 13:21:31 kid1| Beginning Validation Procedure
2018/02/20 13:21:31 kid1| Completed Validation Procedure
2018/02/20 13:21:31 kid1| Validated 39151 Entries
2018/02/20 13:21:31 kid1| store_swap_size = 1842764.00 KB
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| ERROR: Negotiate Authentication validating user. Result: {result=BH, notes={message: received type 1 NTLM token; }}
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:31 kid1| Starting new negotiateauthenticator helpers…
2018/02/20 13:21:31 kid1| helperOpenServers: Starting 1/10 ‘negotiate_kerberos_auth’ processes
2018/02/20 13:21:32 kid1| WARNING: All 10/10 negotiateauthenticator processes are busy.
2018/02/20 13:21:32 kid1| WARNING: 10 pending requests queued
2018/02/20 13:21:32 kid1| WARNING: Consider increasing the number of negotiateauthenticator processes in your config file.

The problem is increasing that negotiateauthenticator option, the database for squid doesn’t mention the negotiatechildren, only this:

BlueMode=authenticated
BypassDomains=
DiskCache=enabled
DiskCacheSize=2000
GreenMode=authenticated
KrbPrimaryList=HTTP
KrbStatus=enabled
MaxObjSize=4096
MemCacheSize=256
MinObjSize=0
NoCache=
ParentProxy=
PortBlock=enabled
SafePorts=
TCPPorts=3128,3129,3130
access=green
status=enabled

I tried setting the templates-custom in fragment 20_acl_10_auth to 30 children and nothing, even creating a new fragment 91option with these parameters:
auth_param negotiate children 30
auth_param negotiate keep_alive on

and still nothing. Should I add a new key to the squid db, if so which would be its name? Or where exactly do I increase the negotiateauthenticator processes?

Any help is appreciated.


(Michael Träumner) #2

Can you see the entry you made at the config-file? If not, did you expand the template?

expand-template /etc/squid/squid.conf

More about templates you can find at the docs:

http://docs.nethserver.org/projects/nethserver-devel/en/v7/templates.html


(Vlad) #3

Thank you very much, it was the expansion part.