Hey, I'm not sure what is going on here, but my clients tend to get denied twice for Every request. I would expect this for the first time the client requested A resource, not on every subsequent request. The log below shows this activity. Because of this squid tends to appear sluggish. Critical parts of the config are below, but I'm unsure if the max_ntlm_challenge_lifetime Has anything to do with it. The only valuable information google has about it is from Henrik Nordstrom in http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg10991.html who wrote: >> auth_param ntlm max_challenge_reuses 0 - ? > >This is a hack that will disappear in a later version. To reduce the load >on the helpers Squid allows reuse of the same NTLM challenge in multiple >sessions. > > auth_param ntlm max_challenge_lifetime 2 minutes - ? > >Belongs with the above hack.. > >Regards >Henrik The config I have is from examples all over the internet, so I am unsure if this is Normal behaviour. I am running redhat linux Enterprise server 3 samba-3.0.9-1.3E.2 squid-2.5.STABLE3-6.3E.7 Adam auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 20 minutes acl Authorized-Users proxy_auth REQUIRED http_access allow Authorized-Users 1108444177.667 0 172.16.8.59 TCP_DENIED/407 1673 GET http://www.google.com.au/ - NONE/- text/html 1108444177.670 0 172.16.8.59 TCP_DENIED/407 1743 GET http://www.google.com.au/ - NONE/- text/html 1108444178.292 623 172.16.8.59 TCP_MISS/200 3092 GET http://www.google.com.au/ aclark DIRECT/64.233.187.104 text/html 1108444190.448 0 172.16.8.59 TCP_DENIED/407 1661 GET http://www.yahoo.com/ - NONE/- text/html 1108444190.453 1 172.16.8.59 TCP_DENIED/407 1731 GET http://www.yahoo.com/ - NONE/- text/html 1108444191.356 0 172.16.8.59 TCP_DENIED/407 1784 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/hdr_trees.gif - NONE/- text/html 1108444191.356 0 172.16.8.59 TCP_DENIED/407 1784 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/img_trees.jpg - NONE/- text/html 1108444191.362 0 172.16.8.59 TCP_DENIED/407 1854 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/hdr_trees.gif - NONE/- text/html 1108444191.364 2 172.16.8.59 TCP_DENIED/407 1854 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/img_trees.jpg - NONE/- text/html 1108444191.373 0 172.16.8.59 TCP_DENIED/407 1778 GET http://us.i1.yimg.com/us.yimg.com/i/tv/onedayatatime104c.jpg - NONE/- text/html 1108444191.376 0 172.16.8.59 TCP_DENIED/407 1848 GET http://us.i1.yimg.com/us.yimg.com/i/tv/onedayatatime104c.jpg - NONE/- text/html 1108444191.544 167 172.16.8.59 TCP_MISS/200 2983 GET http://us.i1.yimg.com/us.yimg.com/i/tv/onedayatatime104c.jpg aclark DIRECT/61.9.129.144 image/jpeg 1108444191.579 1125 172.16.8.59 TCP_MISS/200 42391 GET http://www.yahoo.com/ aclark DIRECT/66.94.230.45 text/html 1108444191.583 218 172.16.8.59 TCP_MISS/200 668 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/hdr_trees.gif aclark DIRECT/61.9.129.201 image/gif 1108444191.615 250 172.16.8.59 TCP_MISS/200 7078 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/img_trees.jpg aclark DIRECT/61.9.129.201 image/jpeg 1108444191.628 83 172.16.8.59 TCP_MISS/200 1640 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/ml/04q4/hdrtop_prot.gif aclark DIRECT/61.9.129.144 image/gif 1108444191.701 60 172.16.8.59 TCP_MISS/200 1440 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/ml/04q4/imgbot_prot.gif aclark DIRECT/61.9.129.201 image/gif 1108444191.714 66 172.16.8.59 TCP_MISS/200 1977 GET http://us.i1.yimg.com/us.yimg.com/i/mntl/sh/05q1/0126_cc.gif aclark DIRECT/61.9.129.201 image/gif 1108444192.057 402 172.16.8.59 TCP_MISS/302 518 GET http://view.atdmt.com/TCH/view/yhxxxmcd0120000020tch/direct/01/ aclark DIRECT/64.14.128.201 - 1108444192.450 393 172.16.8.59 TCP_MISS/200 280 GET http://spe.atdmt.com/images/pixel.gif aclark DIRECT/65.170.56.5 image/gif
