Hi all, We're experiencing an unusual problem with squid. Our squid box was being used for 500 users of It department (not concurrent). No problems at all. Yesterday we expand the use of squid for the whole main office of my company (3000 users total, not concurrent). After 1 hour the users were being prompted for username and password for Squid (we use NTLM authentication against AD 2000). Due to lots of complaining we had to move back the users except ones from IT department. Access.log and Cache.log (even with debug enabled) don't show nothing relevant. But I found this in /var/log/messages: May 30 16:11:08 SquidServer (squid): nss_ldap: reconnecting to LDAP server... May 30 16:11:08 SquidServer (squid): nss_ldap: reconnected to LDAP server after 1 attempt(s) May 30 17:04:21 SquidServer (squid): nss_ldap: reconnecting to LDAP server... May 30 17:04:21 SquidServer (squid): nss_ldap: reconnected to LDAP server after 1 attempt(s) None of the above messages were found in /var/log/messages before we increased the number of users of squid. Does anyone know what those messages mean? Below is my squid.conf file. Thaks in advance, Carlos Eduardo. # http_port 3128 8080 icp_port 3130 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 coredump_dir /cache # TAG: icon_directory # Where the icons are stored. These are normally kept in # /usr/local/squid/share/icons # #Default: icon_directory /usr/local/squid/share/icons # TAG: short_icon_urls # If this is enabled Squid will use short URLs for icons. # # If off the URLs for icons will always be absolute URLs # including the proxy name and port. # #Default: short_icon_urls off auth_param ntlm program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 65 #auth_param ntlm max_challenge_reuses 0 auth_param ntlm use_ntlm_negotiate on auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic program /usr/local/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 8 auth_param basic realm Bacen auth_param basic credentialsttl 2 hours external_acl_type NTGroup children=35 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl acl PURGE method PURGE acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1 acl to_localhost dst 127.0.0.0/8 acl RSFN_port port 1414 acl IWSS_port port 1812 acl SSL_ports port 443 acl Safe_ports port 80 21 443 8080 81 4505 82 # http acl CONNECT method CONNECT acl SNMP_SQUID snmp_community squidbc acl USUARIOS_PERMITIDOS external NTGroup @BACEN_INTERNET acl TERMO external NTGroup @DEINF_TERMO acl DOMINIOS_FECHADOS dstdomain "/usr/local/squid/etc/dominios_fechados" acl SUBDOM_LIBERADOS url_regex -i "/usr/local/squid/etc/subdom_liberados" acl PRE_TERMO url_regex "/usr/local/squid/etc/pre_termo" acl SITES_FECHADOS url_regex -i "/usr/local/squid/etc/sites_fechados" acl BB url_regex -i "/usr/local/squid/etc/banco_do_brasil" acl WINDOWS_UPDATE url_regex -i .windowsupdate.microsoft.com acl ANTIVIRUS urlpath_regex -i "/usr/local/squid/etc/lista_antivirus" acl Downloads_Proibidos urlpath_regex -i \.(scr)($|\?) acl JAVA_BROWSER browser Java http_access allow PURGE localhost http_access allow manager localhost http_access allow JAVA_BROWSER PRE_TERMO http_access deny manager http_access deny TERMO http_access allow SUBDOM_LIBERADOS http_access deny Downloads_Proibidos deny_info ACESSO_NEGADO Download_Proibidos http_access deny DOMINIOS_FECHADOS deny_info ACESSO_NEGADO DOMINIOS_FECHADOS http_access deny SITES_FECHADOS deny_info ACESSO_NEGADO SITES_FECHADOS http_access allow RSFN_port RSFN http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow BB http_access allow ANTIVIRUS http_access allow WINDOWS_UPDATE http_access allow USUARIOS_PERMITIDOS http_reply_access allow all http_access deny PURGE http_access deny all icp_access deny all always_direct allow BB always_direct allow WINDOWS_UPDATE always_direct deny ANTIVIRUS never_direct allow all strip_query_terms off cache_effective_user nobody visible_hostname squid cache_peer 172.17.205.101 parent 8088 7 no-query default cache_mem 8 MB #Default cache_dir diskd /cache 10000 16 256 Q1=64 Q2=72 cache_access_log /var/log/squid/access.log #useragent_log /var/log/squid/user_agent.log cache_log /var/log/squid/cache.log cache_store_log none #debug_options ALL,2 #debug_options ALL,1 33,2 28,9 # Configuracoes SNMP snmp_port 3401 snmp_access allow squid_snmp_comunity localhost snmp_access deny all snmp_incoming_address 0.0.0.0 snmp_outgoing_address 0.0.0.0
