that's done it! thanks for that. john --- On Wed 06/29, Roman Rathler < squidlist@xxxxxxxxxxxxxx > wrote: From: Roman Rathler [mailto: squidlist@xxxxxxxxxxxxxx] To: jhalfpenny@xxxxxxxxxx Cc: squid-users@xxxxxxxxxxxxxxx Date: Wed, 29 Jun 2005 17:45:24 +0200 (CEST) Subject: Re: NTLM Performance question ><br>> hi.<br>><br>> i've successfully got squid authenticating against our ad domain, and the<br>> restrictions on the squid server itself are by nt group membership.<br>><br>> i'm noticing that there is a heck of a lot of activity by the<br>> authenticating perl program when i run 'top'.<br>><br>> i've included the relevant lines from my squid.conf- is there something i<br>> ought to change here to enable better performance? presently it runs<br>> slower than our isa server and is on similar spec hardware. i wondered if<br>> there was some way of increasing the time it remembers a users details<br>> without re-querying the server?<br>><br>> thanks<br>><br>> john<br>><br>><br>> #nt auth<br>><br>> auth_param ntlm program /usr/samba/bin/ntlm_auth<br>> --helper-protocol=squid-2.5-ntlmssp<br>> auth_param ntlm children 15<br>> auth_param ntlm max_challenge_reuses 0<br>> auth_param ntlm max_challenge_lifetime 60 minutes<br>><br>> auth_param basic program /usr/samba/bin/ntlm_auth<br>> --helper-protocol=squid-2.5-basic<br>> auth_param basic children 5<br>> auth_param basic realm SuperSquid<br>> auth_param basic credentialsttl 2 hours<br>><br>> external_acl_type nt_group ttl=0 concurrency=20 %LOGIN<br>> /usr/squid/libexec/wbinfo_group.pl<br><br>Remove the ttl=0 parameter from your external_acl_type nt_group. Results<br>should then be cached for 3600 seconds. Normally user to group relations<br>don't change that often that you need that short ttl.<br><br>cheers.roman<br> _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!