On Tue, 21 Jul 2009 09:47:48 -0300, "Soporte Técnico @lemNet" <soporte@xxxxxxxxxxxxxxx> wrote: > rep_mime_type can´t be used for parent selection because this is evaluated > before content has been reached ? > > This is true ? No. It can't be evaluated because selecting a source is based on the _request_. And what does this have to do with reducing NTLM authentication workload? Amos > > Jorge. > > > ----- Original Message ----- > From: "Frederic THOMAS" <frederic.thomas@xxxxxxxxxxxxxx> > To: <squid-users@xxxxxxxxxxxxxxx> > Sent: Tuesday, July 21, 2009 9:18 AM > Subject: Squid3 / NTLM / token id cache > > >> Hello, >> >> >> I've installed 2 Squid 3.0.STABLE5 + samba-winbind on a mandriva 2008.1 >> with ntlm authentification . >> It works, clients are able to surf on the web using the Proxy and >> usernames are correctly logged. >> But we experienced some latency issues on websites. When i look into >> access.log file i observe a lot of 407 authentification request. So i >> read >> about ntlm authentification and see that there is an authentification >> request for each connection. There is nearly 6000 users on the 2 squid >> servers and i have noticed there's some great traffic between squid boxes >> >> and AD server, which is expected, because of the authentication traffic. >> On previous version we could use following settings (ntlm parameters on >> 2.5 squid and i noticed they didnt exists after 2.6) : >> >> "max_challenge_reuses" number >> "max_challenge_lifetime" timespan >> >> What similar option on squid 3 can be used to reduce authentication >> traffic ? Is there any solution to avoid an authentification request to >> each connection and have a possibility to reuse a token id ? >> >> * Squid.conf : >> >> auth_param ntlm program >> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp >> auth_param ntlm children 80 >> auth_param ntlm keep_alive on >> >> auth_param basic program >> /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic >> auth_param basic children 5 >> auth_param basic realm Squid AD >> auth_param basic credentialsttl 2 hours >> >> * What i found on cache.log files : >> >> libsmb/ntlmssp.c:ntlmssp_update(327) >> Failed to parse NTLMSSP packet, could not extract NTLMSSP command (~= >> each >> second) >> >> >> Regards, >> >> Frederic THOMAS >> >>
