On Fri, 17 Jun 2005 Rafael.Almeida@xxxxxxxxxx wrote:
Sometimes (during peak hours) our squid is closing the connection
after receiving the NTLM type 2 message. The complete attempt is described
below:
1- IE sends a HTTP GET with no authentication
2- Squid answers with HTTP 407 and closes the connection (Proxy
connection: close)
3- IE reopens the connection and sends a HTTP GET with NTLMv2 Type 1
message
4- Squid answers with HTTP 407, the NTLM Type 2 message and closes the
connection again: (Proxy connection: close)
5- IE tries to send NTLM Type3 message but a FIN packet was already sent
by SQUID, and Squids answers with a reset.
Probably you are running short on filedescriptors. There is a threshold of
50% used filedescriptors above which Squid will refuse to support
persistent connections. As you already know NTLM requires persistent
connections due to design error in the NTLM over HTTP protocol.
This threshold was introduced in 2.5.STABLE5:
http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE4-pconn-load
It should be possible to refine this to work better together with NTLM
based on the knowledge that the connection MUST be kept for the next stage
of NTLM to complete.. If you feel this is required please file a bug
report.
Regards
Henrik
