Hi !! We are facing a strange behaviour change in ntlm authentication, that is causing Squid to slow down on peak hours. Previously, the browsers would try to get a web page through squid, and they received one 407 error, sent an authentication package that successfully authenticated the client, and then received the requested web page. Now, the browsers are getting one 407 error, sending an authentication package, getting another 407 error, sending a different authenticatino package, and then they are successfully authenticated. It seems to me that Squid is asking for ntlm v2, and was asking for ntlm v1 before. The domain policy for this is "Send LM & NTLM - Use NTLMv2 session security if negotiated". Observing the "NTLM User Authentication Stats" in Cachemgr.cgi, we see that, in random times of the day, the ntlm helpers begin entering in the "R" state, and when all of them are in this state, than squid restarts itself, sometimes returning to normal operation, and sometimes repeating this process. Given this scenario, I would like to know if anyone has already been through this, and could point me some directions, or how can I debug it to get to know what´s happening. I would also like to ask for a detailed description of the possible ntlm helper stats, shown in cachemgr.cgi. We are using Squid-2.5 Stable9 and Samba 3.0.10-1 Thanks in Advance, Carlos.
