Search squid archive

Re: Connection error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you .

We are using squid 3.1.8 with 100 children for ntlm scheme. We have about 500 users and around 75 req/sec.

In the cache log rarely we see 100 pending ntlm requests and that time squid reconfigures automatically.
Is it default behaviour  of squid to reconfigure when ntlm are queued.?

In the cache log we can see following errors also.

2011/01/31 10:59:02| AuthConfig::CreateAuthUser: Unsupported or unconfigured/inactive proxy-auth scheme, 'Basic bnByY1xzaHViaGFuZ2lkOmdhbGF4eUA1Nw==' 2011/01/31 10:59:18| AuthConfig::CreateAuthUser: Unsupported or unconfigured/inactive proxy-auth scheme, 'Basic bnByY1xzaHViaGFuZ2lkOmdhbGF4eUA1Nw=='

Thanks
Senthil

Amos Jeffries wrote:
On Tue, 25 Jan 2011 19:25:33 +0530, Senthilkumar wrote:
Hi Amos,

I have followed the suggestions provided by you and if use deny without "all" i am getting pop up when i access denied sites, it is suppressed when i use all. We use ntlm scheme to authenticate with domain users, all users can authenticate without any prompt, while browsing out of 350 users only 5-6 users getting prompt rarely(around 2-3 times a day) There is no specific website or time the prompt appears. Please suggest some troubleshooting ideas and cause for it.
The cache.log does not show any errors

I'm not sure exactly which deny line you are describing as producing a
popup. The config below looks right.  Where you deny based on group lookups
the lines should end with "all", as you saw not having it there produces
the popup.


NTLM can suffer from a few issues on connections and some bugs in Squid.
Though both of these problems have been worked on and reduced in newer
releases.

If one of the "allow" group lookups is somehow failing this may produce a
popup.

I am not sure how one would check for these in production environment. The
things to watch out for are the HTTP auth headers for the request before
during and after the prompt appears. Whether this is happening on a
connection while it stays up, or if the connection drops out on the
challenge. Whether it happened on a new connection using some non-NTLM auth
(ie a Windows 7 machine trying an unexpected encryption, or some background
application with the wrong keys).

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux