Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING: external ACL 'memberof' queue overload

From: Andrey ‪ <andrew_dev_at_hotmail.com>
Date: Wed, 13 Nov 2013 20:36:03 +0100

I think helper tries to access the IPv6 of the server (I'am not sure!), but
IPv6 is disabled:
/etc/sysctl.conf

# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

#Enable IPv4 forward
net.ipv4.ip_forward = 1
net.ipv4.conf_all.rp_filter=1

Here is the log without ipv4, well debug_options:82,9 84,9, I do not know
what is meaning of FD socket (No info on inet):

2013/11/13 20:29:13| helperOpenServers: Starting 0/20 'basic_ldap_auth'
processes
2013/11/13 20:29:13| helperOpenServers: No 'basic_ldap_auth' processes
needed.
2013/11/13 20:29:13.689| helper.cc(1180) GetFirstAvailable:
GetFirstAvailable: Running servers 0
2013/11/13 20:29:13.689| helperOpenServers: Starting 5/5
'ext_ldap_group_acl' processes
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 7 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 8 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP
[::1]
2013/11/13 20:29:13.689| WARNING: Cannot run
'/usr/lib/squid3/ext_ldap_group_acl' process.
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 9 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 10 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP
[::1]
2013/11/13 20:29:13.689| WARNING: Cannot run
'/usr/lib/squid3/ext_ldap_group_acl' process.
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 11 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 12 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP
[::1]
2013/11/13 20:29:13.689| WARNING: Cannot run
'/usr/lib/squid3/ext_ldap_group_acl' process.
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 13 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 14 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP
[::1]
2013/11/13 20:29:13.689| WARNING: Cannot run
'/usr/lib/squid3/ext_ldap_group_acl' process.
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 15 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| commBind: Cannot bind socket FD 16 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.689| ERROR: Failed to create helper child read FD: TCP
[::1]
2013/11/13 20:29:13.689| WARNING: Cannot run
'/usr/lib/squid3/ext_ldap_group_acl' process.
2013/11/13 20:29:13.690| helper.cc(1180) GetFirstAvailable:
GetFirstAvailable: Running servers 0
2013/11/13 20:29:13.690| commBind: Cannot bind socket FD 25 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.690| commBind: Cannot bind socket FD 26 to [::1]: (99)
Cannot assign requested address
2013/11/13 20:29:13.690| ERROR: Failed to create helper child read FD:
UDP[::1]
2013/11/13 20:29:36.841| helper.cc(1180) GetFirstAvailable:
GetFirstAvailable: Running servers 0
2013/11/13 20:29:36.841| Starting new basicauthenticator helpers...
2013/11/13 20:29:36.841| helperOpenServers: Starting 1/20 'basic_ldap_auth'
processes
2013/11/13 20:29:36.853| helper.cc(1180) GetFirstAvailable:
GetFirstAvailable: Running servers 1
2013/11/13 20:29:36.855| helper.cc(1322) helperDispatch: helperDispatch:
Request sent to basicauthenticator #1, 23 bytes
2013/11/13 20:29:36.856| helper.cc(1180) GetFirstAvailable:
GetFirstAvailable: Running servers 1
2013/11/13 20:29:36.856| helper.cc(1213) GetFirstAvailable:
GetFirstAvailable: Least-loaded helper is overloaded!
2013/11/13 20:29:36.856| helper.cc(418) helperSubmit: helperSubmit:
administrator Pa77w0rd

2013/11/13 20:29:36.906| helper.cc(901) helperHandleRead: helperHandleRead:
3 bytes from basicauthenticator #1
2013/11/13 20:29:36.906| helper.cc(910) helperHandleRead: helperHandleRead:
'OK
'
2013/11/13 20:29:36.906| helper.cc(926) helperHandleRead: helperHandleRead:
end of reply found
2013/11/13 20:29:36.907| external_acl.cc(793) aclMatchExternal:
acl="memberof"
2013/11/13 20:29:36.907| external_acl.cc(822) aclMatchExternal: No helper
entry available
2013/11/13 20:29:36.907| external_acl.cc(826) aclMatchExternal: memberof
check user authenticated.
2013/11/13 20:29:36.907| external_acl.cc(832) aclMatchExternal: memberof
user is authenticated.
2013/11/13 20:29:36.907| external_acl.cc(856) aclMatchExternal:
memberof("administrator InternetAccess") = lookup needed
2013/11/13 20:29:36.907| external_acl.cc(858) aclMatchExternal:
"administrator InternetAccess": entry=@0, age=0
2013/11/13 20:29:36.907| WARNING: external ACL 'memberof' queue overload.
Request rejected 'administrator InternetAccess'.
2013/11/13 20:29:36.907| helper.cc(1180) GetFirstAvailable:
GetFirstAvailable: Running servers 1

-----Oorspronkelijk bericht-----
From: Eliezer Croitoru
Sent: Wednesday, November 13, 2013 7:15 PM
To: Andrey ‪ ; squid-users_at_squid-cache.org
Subject: Re: [squid-users] Ubuntu Server 13.10. Squid 3.3.8. WARNING:
external ACL 'memberof' queue overload

Thanks Andrey,

On 11/13/2013 07:54 PM, Andrey ‪ wrote:
> I found a solution!
>
> Problem was with IPv6.
> When squid tries to run the helper he asks IPv6, which I have disabled.
> Therefore, in logs appears following line of code:
> WARNING: Cannot run '/usr/lib/squid3/ext_ldap_group_acl' process.

Just to get a more accurate data:
What ipv6? do the helper got an IPV6 in the request? ipv6 of the client?

Thanks,
Eliezer
Received on Wed Nov 13 2013 - 19:36:01 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 14 2013 - 12:00:03 MST