2005/8/5, Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>: > On Wed, 3 Aug 2005, Kinkie wrote: > > > With max_challenge_reuse set to anything but 0, squid will perform a > > replay attack on the NTLM authentication to increase authentication > > performance. > > > > Everything should work more or less fine (if you see failed auths you > > may want to enable the helper-fail-open config option and helper flag - > > be warned that doing so is a security compromise). > > Except that there appears to still be some Squid stability issues with > NTLM Challenge-Reuse enabled. > Hi !! Thanks for the answers of both of you !! By stability issues, do you mean that Squid crashes with NTLM Challenge-Reuse? The problem we are facing here is due to a bug in Windows Event Log. When the windows log file becomes greater than a certain size, smaller then the maximum size we have specified, it stops logging new events. To prevent losing security logs, we decided to run a scheduled job that copies and empties de windows event log every four hours. Whenever this job runs, the DC becomes slow, and the ntlm helpers start to enter in "R" state, probably waiting for the DC response. What we need to do is to lower Squid authentication needs, until we solve this bug. What would be the best way to do it? Regards, Carlos.
