Hi Adrian, 2008/8/2 Adrian Chadd <adrian@xxxxxxxxxxx>: > Right; and what happens when you disable authentication in Squid and > polygraph? Does it cope fine? I disabled ntlm auth and acl with regex sites and squid work fine. With ntlm and acl I saw cpu time in mgr info go up 99%, then I this is a problem when I have much connections. Well I enabled in my conf only ntlm auth without acl regex, and enabled samba logs and I have this problem: [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) could not obtain winbind netbios name! [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) could not obtain winbind netbios name! [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) could not obtain winbind netbios name! 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x10922a8'. 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x108e128'. 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x10901e8'. 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x1094368'. 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback data. Releasing helper '0x1096428'. > > Samba/Winbind are known to not handle high authentication transaction > rates. Well, 200/sec isn't "high" to me.. > > If it works fine without NTLM authentication but fails when you try > using it, then I'd point fingers at Samba/Winbind. There's a > hard-coded default of 200 concurrent "connections" to winbind in the > winbind source; I thought they were going to improve that. Anyway, if > its fine without NTLM auth but slow with it enabled I'd go ask the > Samba team about it. I will ask to samba list, thanks.... > > In the meantime, there's a workaround - you can enable uhm, > authenticate_ip_shortcircuit_ttl and > authenticate_ip_shortcircuit_access. > I used squid version 2.6.5 and I think this options above don't work, I used authenticate_ip_ttl to cache authentication. Thanks for all.
