Julian Pilfold-Bagwell wrote:
Hi All,
I have a problem with my proxy and Windows clients on certain ip
ranges on my network.
I've just upgraded my network from a single LDAP/Samba server running
on Mandriva 2007 to a dual redundant setup with DNS, NTP and LDAP
master/slave on two servers with a seperate PDC and BDC pair
authenticating and providing file shares. Authentication on the
network for users is fast as lightning. On the old network I had a
Mandriva 2007 box with Squid proxying and NTLM auth and this machine
has been moved to the new setup. Clients are spread across three IP
ranges 172.20.0., 172.20.1. and 172.20.2. with the 0 range being
assigned static IPs and the one and two ranges collecting an IP from
DHCPD.
If I connect a client to the network, it obtains an address from the
DHCP server along with DNS, gateway and WINS server settings but the
connection via Squid is slow e.g. 30-120 seconds to obtain a page. If
I take the settings from ipconfig and enter them manually but with an
IP in the 172.20.0 range, it works perfectly with pages appearing
withing 1-2 seconds.
Perhaps it's an issue with reverse DNS for the 172.20.1.0/23 subnet.
Squid is trying to perform reverse DNS lookups on clients on that
netblock and is hanging there...
nslookup returns IP's within a second on the proxy and clients and
su'ing to a user account on the proxy takes a split second, suggesting
that nss and pam_smb are authenticating OK.
If you've specified that the clients use proxy, their access to DNS
should have little effect on surfing speed (baring client proxy exceptions).
On the old network, the proxy worked fine across al three IP ranges,
on the new it behaves as above. Is there anywhere I should be looking
in particular for clues to this one.
Watch a network trace between a DHCP client and the proxy. Check the
access.log for how long it takes to "register" the completed request
(and how long the request took to complete). Check to see if the proxy
server an perform RDNS queries on all three subnets.
I'll be out of the office until Monday but I'll check the mail as soon
as I can for a reply.
Many thanks,
Julian PB
Chris