Hi Adrian, My comments are below. On 2/18/08, Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote: > I've got one customer who is asking for some testing of Squid in a large > NTLM environment. The problem, as those who have tried it will have > encountered, is that although Squid can keep up with it, the Samba/Winbind stuff > plainly just can't. This is something that I'm currently very interested in. I had heard that NTLM auth could significantly reduce Squids throughput but haven't seen any figures. I couldn't tell from your message above whether you / your customer has already tried deploying Squid / NTLM auth in live environment. If so, I'm really interested to know what request rate Squid was able to maintain. I understand from the documentation, that the three stage NTLM authentication negotiation has to be repeated for every new connection and that this is the bottleneck. I'd assumed that winbindd was able to CACHE the NTLM user credentials, so that subsequent requests would not result in network calls to the NTLM authentication server. Is this your understanding? > So I'm looking for some tools to let me craft and fire off NTLM type authentication > stuff to a proxy. I don't really care if they're free or not, unix or windows. > If anyone knows of anything that'll let me create -lots- of NTLM authentication > requests and fire them through a proxy then please, please let me know. We were considering the possibility of using something like Selenium control the web browser and send requests that way, but some further googling suggests that curl may be able to send NTLM Proxy auth requests. > Hopefully the result from all of this will be slightly better NTLM interoperability. -RichardW.
