Hi, I have squid-2.5.ESTABLE6-3 installed with NTLM authentication to an active directory domain. According to the manual, the parameter authenticate_ttl and the option ttl of external_acl_type define a cache for authentication requests. But, although I have set them to a 20 minutes period, I see in the winbind log (and doing a tcpdump of the connection to the domain controller) that every request that the squid receives generates an authentication request to the domain controller. Is this right? Does the authentication cache works with ntlm authentication or is it just for basic/digest? Here is the interesting settings of my config file: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 100 auth_param ntlm max_challenge_lifetime 20 minutes auth_param ntlm use_ntlm_negotiate on authenticate_ttl 20 minutes external_acl_type nt_group ttl=3600 %LOGIN /usr/lib/squid/wbinfo_group.pl Another doubt: how is the relationship between authenticate_ttl and max_challenge_lifetime? Regards, Martin -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
