Search squid archive

Re: NTLM Performance question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>
> hi.
>
> i've successfully got squid authenticating against our ad domain, and the
> restrictions on the squid server itself are by nt group membership.
>
> i'm noticing that there is a heck of a lot of activity by the
> authenticating perl program when i run 'top'.
>
> i've included the relevant lines from my squid.conf- is there something i
> ought to change here to enable better performance? presently it runs
> slower than our isa server and is on similar spec hardware. i wondered if
> there was some way of increasing the time it remembers a users details
> without re-querying the server?
>
> thanks
>
> john
>
>
> #nt auth
>
> auth_param ntlm program /usr/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 15
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 60 minutes
>
> auth_param basic program /usr/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm SuperSquid
> auth_param basic credentialsttl 2 hours
>
> external_acl_type nt_group ttl=0 concurrency=20 %LOGIN
> /usr/squid/libexec/wbinfo_group.pl

Remove the ttl=0 parameter from your external_acl_type nt_group. Results
should then be cached for 3600 seconds. Normally user to group relations
don't change that often that you need that short ttl.

cheers.roman

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux