Try squid-2.7 for those options. Also, try no NTLM and with ACLs, see if you hit high CPU use there. adrian 2008/8/5 Marcos Dutra <macdutra@xxxxxxxxx>: > Hi Adrian, > > 2008/8/2 Adrian Chadd <adrian@xxxxxxxxxxx>: >> Right; and what happens when you disable authentication in Squid and >> polygraph? Does it cope fine? > > I disabled ntlm auth and acl with regex sites and squid work fine. > With ntlm and acl I saw cpu time in mgr info go up 99%, then I this is > a problem when I have much connections. > > Well I enabled in my conf only ntlm auth without acl regex, and > enabled samba logs and I have this problem: > > [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) > could not obtain winbind netbios name! > [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) > could not obtain winbind netbios name! > [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172) > could not obtain winbind netbios name! > 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback > data. Releasing helper '0x10922a8'. > 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback > data. Releasing helper '0x108e128'. > 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback > data. Releasing helper '0x10901e8'. > 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback > data. Releasing helper '0x1094368'. > 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback > data. Releasing helper '0x1096428'. > >> >> Samba/Winbind are known to not handle high authentication transaction >> rates. Well, 200/sec isn't "high" to me.. >> >> If it works fine without NTLM authentication but fails when you try >> using it, then I'd point fingers at Samba/Winbind. There's a >> hard-coded default of 200 concurrent "connections" to winbind in the >> winbind source; I thought they were going to improve that. Anyway, if >> its fine without NTLM auth but slow with it enabled I'd go ask the >> Samba team about it. > > I will ask to samba list, thanks.... > > >> >> In the meantime, there's a workaround - you can enable uhm, >> authenticate_ip_shortcircuit_ttl and >> authenticate_ip_shortcircuit_access. >> > > I used squid version 2.6.5 and I think this options above don't work, > I used authenticate_ip_ttl to cache authentication. > > Thanks for all. >
