Hello,
I've installed 2 Squid 3.0.STABLE5 + samba-winbind on a mandriva 2008.1
with ntlm authentification .
It works, clients are able to surf on the web using the Proxy and
usernames are correctly logged.
But we experienced some latency issues on websites. When i look into
access.log file i observe a lot of 407 authentification request. So i
read about ntlm authentification and see that there is an
authentification request for each connection. There is nearly 6000 users
on the 2 squid servers and i have noticed there's some great traffic
between squid boxes and AD server, which is expected, because of the
authentication traffic.
On previous version we could use following settings (ntlm parameters on
2.5 squid and i noticed they didnt exists after 2.6) :
"max_challenge_reuses" number
"max_challenge_lifetime" timespan
What similar option on squid 3 can be used to reduce authentication
traffic ? Is there any solution to avoid an authentification request to
each connection and have a possibility to reuse a token id ?
* Squid.conf :
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 80
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid AD
auth_param basic credentialsttl 2 hours
* What i found on cache.log files :
libsmb/ntlmssp.c:ntlmssp_update(327)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command (~=
each second)
Regards,
Frederic THOMAS