rep_mime_type can´t be used for parent selection because this is evaluated
before content has been reached ?
This is true ?
Jorge.
----- Original Message -----
From: "Frederic THOMAS" <frederic.thomas@xxxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, July 21, 2009 9:18 AM
Subject: Squid3 / NTLM / token id cache
Hello,
I've installed 2 Squid 3.0.STABLE5 + samba-winbind on a mandriva 2008.1
with ntlm authentification .
It works, clients are able to surf on the web using the Proxy and
usernames are correctly logged.
But we experienced some latency issues on websites. When i look into
access.log file i observe a lot of 407 authentification request. So i read
about ntlm authentification and see that there is an authentification
request for each connection. There is nearly 6000 users on the 2 squid
servers and i have noticed there's some great traffic between squid boxes
and AD server, which is expected, because of the authentication traffic.
On previous version we could use following settings (ntlm parameters on
2.5 squid and i noticed they didnt exists after 2.6) :
"max_challenge_reuses" number
"max_challenge_lifetime" timespan
What similar option on squid 3 can be used to reduce authentication
traffic ? Is there any solution to avoid an authentification request to
each connection and have a possibility to reuse a token id ?
* Squid.conf :
auth_param ntlm program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 80
auth_param ntlm keep_alive on
auth_param basic program
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid AD
auth_param basic credentialsttl 2 hours
* What i found on cache.log files :
libsmb/ntlmssp.c:ntlmssp_update(327)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command (~= each
second)
Regards,
Frederic THOMAS
