Search squid archive

NTLM Authenticator with big requests number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>From: Serassio Guido <guido.serassio@xxxxxxxxxxxxxxx>
>Date: Fri, 24 Jun 2005 09:37:06 +0200
>
>Hi,
>
>This behaviour is correct by Microsoft NTLM design. When negotiated,
>NTLM authentication cannot be cached:
>You are using "use_ntlm_negotiate on", so every Challenge/Response
>request must be handled from Winbind.
>
>When using "use_ntlm_negotiate on", max_challenge_reuses and
>max_challenge_lifetime are not (and cannot be) used.
>
>This is the only stable configuration using NTLM, disabling
>use_ntlm_negotiate is a worst option.
>
>Regards
>
>Guido
>

Hello,

I want to know if this is true. I have Squid 3.0.STABLE10 on Centos
and I successfully implemented an NTLM transparent authenticator for
my proxy users.

The problem is that my NTLM auth helper has very intense activity
compared with my external acl helpers.

Here's the details:

NTLM Authenticator Statistics:
program: /usr/bin/ntlm_auth
number running: 10 of 10
requests sent: 5539
replies received: 5539
queue length: 0
avg service time: 0 msec


while:

External ACL Statistics: ad_group
Cache size: 155
program: /usr/lib/squid/squid_ldap_group
number running: 5 of 5
requests sent: 230
replies received: 230
queue length: 0
avg service time: 3 msec

and

External ACL Statistics: host_ad_group
Cache size: 112
program: /usr/lib/squid/hostname.pl
number running: 5 of 5
requests sent: 162
replies received: 162
queue length: 0
avg service time: 50 msec


So I think the external ACL's can successffuly cache the requests
while the ntlm auth can't.

I specified in squid.conf

authenticate_ttl 1 hour
authenticate_ip_ttl 30 minutes

and at the external acls ttl=1800.

What is the problem? And how can I reduce the AD query number?

Thank you!
Razvan

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux