>From: Serassio Guido <guido.serassio@xxxxxxxxxxxxxxx> >Date: Fri, 24 Jun 2005 09:37:06 +0200 > >Hi, > >This behaviour is correct by Microsoft NTLM design. When negotiated, >NTLM authentication cannot be cached: >You are using "use_ntlm_negotiate on", so every Challenge/Response >request must be handled from Winbind. > >When using "use_ntlm_negotiate on", max_challenge_reuses and >max_challenge_lifetime are not (and cannot be) used. > >This is the only stable configuration using NTLM, disabling >use_ntlm_negotiate is a worst option. > >Regards > >Guido > Hello, I want to know if this is true. I have Squid 3.0.STABLE10 on Centos and I successfully implemented an NTLM transparent authenticator for my proxy users. The problem is that my NTLM auth helper has very intense activity compared with my external acl helpers. Here's the details: NTLM Authenticator Statistics: program: /usr/bin/ntlm_auth number running: 10 of 10 requests sent: 5539 replies received: 5539 queue length: 0 avg service time: 0 msec while: External ACL Statistics: ad_group Cache size: 155 program: /usr/lib/squid/squid_ldap_group number running: 5 of 5 requests sent: 230 replies received: 230 queue length: 0 avg service time: 3 msec and External ACL Statistics: host_ad_group Cache size: 112 program: /usr/lib/squid/hostname.pl number running: 5 of 5 requests sent: 162 replies received: 162 queue length: 0 avg service time: 50 msec So I think the external ACL's can successffuly cache the requests while the ntlm auth can't. I specified in squid.conf authenticate_ttl 1 hour authenticate_ip_ttl 30 minutes and at the external acls ttl=1800. What is the problem? And how can I reduce the AD query number? Thank you! Razvan
