Search squid archive

Re: Squid3 / NTLM / token id cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 21 Jul 2009 09:47:48 -0300, "Soporte Técnico @lemNet"
<soporte@xxxxxxxxxxxxxxx> wrote:
> rep_mime_type can´t be used for parent selection because this is
evaluated
> before content has been reached ?
> 
> This is true ?

No. It can't be evaluated because selecting a source is based on the
_request_.

And what does this have to do with reducing NTLM authentication workload?

Amos


> 
> Jorge.
> 
> 
> ----- Original Message ----- 
> From: "Frederic THOMAS" <frederic.thomas@xxxxxxxxxxxxxx>
> To: <squid-users@xxxxxxxxxxxxxxx>
> Sent: Tuesday, July 21, 2009 9:18 AM
> Subject:  Squid3 / NTLM / token id cache
> 
> 
>> Hello,
>>
>>
>> I've installed 2 Squid 3.0.STABLE5 + samba-winbind on a mandriva 2008.1 
>> with ntlm authentification .
>> It works, clients are able to surf on the web using the Proxy and 
>> usernames are correctly logged.
>> But we experienced some latency issues on websites. When i look into 
>> access.log file i observe a lot of 407 authentification request. So i
>> read
>> about ntlm authentification and see that there is an authentification 
>> request for each connection. There is nearly 6000 users on the 2 squid 
>> servers and i have noticed there's some great traffic between squid
boxes
>>
>> and AD server, which is expected, because of the authentication traffic.
>> On previous version we could use following settings (ntlm parameters on 
>> 2.5 squid and i noticed they didnt exists after 2.6) :
>>
>> "max_challenge_reuses" number
>> "max_challenge_lifetime" timespan
>>
>> What similar option on squid 3 can be used to reduce authentication 
>> traffic ? Is there any solution to avoid an authentification request to 
>> each connection and have a possibility to reuse a token id ?
>>
>>   * Squid.conf :
>>
>> auth_param ntlm program 
>> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
>> auth_param ntlm children 80
>> auth_param ntlm keep_alive on
>>
>> auth_param basic program 
>> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
>> auth_param basic children 5
>> auth_param basic realm Squid AD
>> auth_param basic credentialsttl 2 hours
>>
>>   * What i found on cache.log files :
>>
>> libsmb/ntlmssp.c:ntlmssp_update(327)
>> Failed to parse NTLMSSP packet, could not extract NTLMSSP command (~=
>> each
>> second)
>>
>>
>> Regards,
>>
>> Frederic THOMAS
>>
>>

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux