> > hi. > > i've successfully got squid authenticating against our ad domain, and the > restrictions on the squid server itself are by nt group membership. > > i'm noticing that there is a heck of a lot of activity by the > authenticating perl program when i run 'top'. > > i've included the relevant lines from my squid.conf- is there something i > ought to change here to enable better performance? presently it runs > slower than our isa server and is on similar spec hardware. i wondered if > there was some way of increasing the time it remembers a users details > without re-querying the server? > > thanks > > john > > > #nt auth > > auth_param ntlm program /usr/samba/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 15 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 60 minutes > > auth_param basic program /usr/samba/bin/ntlm_auth > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm SuperSquid > auth_param basic credentialsttl 2 hours > > external_acl_type nt_group ttl=0 concurrency=20 %LOGIN > /usr/squid/libexec/wbinfo_group.pl Remove the ttl=0 parameter from your external_acl_type nt_group. Results should then be cached for 3600 seconds. Normally user to group relations don't change that often that you need that short ttl. cheers.roman
