Hi friends,
I'm suffering a speed problem when I use NTLM for auth users. If I use
basic auth, all work fine and webpages load almost instantaneous, but
when I enable NTLM, same webpages can took 10-30seconds to load it....
I've found some similar cases, but nobody know a solution:
---------------------------------------------------------------------------------
http://www.linuxforums.org/forum/servers/165500-squid-very-slow-using-ntlm.html
http://readlist.com/lists/squid-cache.org/squid-users/7/35240.html
I've used this guide for setup my server:
-----------------------------------------------------
http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5
My unique changes over squid.conf are this:
--------------------------------------------------------------
cache_effective_group wbpriv
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param ntlm keep_alive on
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl chglan src 10.31.32.0/24
acl ntlm proxy_auth REQUIRED
http_access allow chglan ntlm
-----------------------------------------------------------------
and as say the previous mentioned guide, I launch authconfig for setup
winbind and samba.
Somebody can help me?? Is mandatory for me can remove the stupid
authentication popup wich show all browser for proxy authentication.
Prior to squid, we were using MS ISA server and now, users are
constantly crying because his browsers shows authentication popups each
time they open it...
Regards,
F.J
-----------------------
More info:
------------------------
HW:
--------------------------------
VMware ESX virtual machine with:
- 1 vProcesor (2Ghz reserved)
- 4GB of RAM
- 10GB of HD
- vNIC Gigabit
SO:
---------------------------------
Red Hat Enterprise Linux 5.6 x86_64
Linux proxy.domain 2.6.18-238.5.1.el5 #1 SMP Mon Feb 21 05:52:39 EST
2011 x86_64 x86_64 x86_64 GNU/Linux
Squid:
-----------------------------------------
Squid Cache: Version 2.6.STABLE21
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--exec_prefix=/usr' '--bindir=/usr/sbin'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-arp-acl'
'--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl'
'--with-openssl=/usr/kerberos' '--enable-delay-pools'
'--enable-linux-netfilter' '--with-pthreads'
'--enable-ntlm-auth-helpers=SMB,fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge'
'--enable-useragent-log' '--enable-referer-log'
'--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost'
'--enable-underscores'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL'
'--enable-cache-digests' '--enable-ident-lookups'
'--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config'
'--with-maxfd=16384' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu'
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-D_FORTIFY_SOURCE=2 -fPIE
-Os -g -pipe -fsigned-char' 'LDFLAGS=-pie'
package info:
Name : squid
Arch : x86_64
Epoch : 7
Version : 2.6.STABLE21
Release : 6.el5
Size : 3.7 M
Repo : installed
Samba:
------------
Name : samba3x
Arch : x86_64
Version : 3.5.4
Release : 0.70.el5_6.1
Size : 5.9 M
Repo : rhel-x86_64-server-5 (not installed)
Name : samba3x-common
Arch : x86_64
Version : 3.5.4
Release : 0.70.el5_6.1
Size : 49 M
Repo : installed
Name : samba3x-winbind
Arch : x86_64
Version : 3.5.4
Release : 0.70.el5_6.1
Size : 12 M
Repo : installed
mgr:info output (is not real scenario, currently only few user are using
it, so the load is very low, but even so, the performance is very poor):
---------------------------------------------------------------------------
squidclient -p 3128 mgr:info
HTTP/1.0 200 OK
Server: squid/2.6.STABLE21
Date: Thu, 24 Mar 2011 09:42:22 GMT
Content-Type: text/plain
Expires: Thu, 24 Mar 2011 09:42:22 GMT
Last-Modified: Thu, 24 Mar 2011 09:42:22 GMT
X-Cache: MISS from proxy.domain
X-Cache-Lookup: MISS from proxy.domain:3128
Via: 1.0 fresneda.chg:3128 (squid/2.6.STABLE21)
Proxy-Connection: close
Squid Object Cache: Version 2.6.STABLE21
Start Time: Thu, 24 Mar 2011 08:10:23 GMT
Current Time: Thu, 24 Mar 2011 09:42:22 GMT
Connection information for squid:
Number of clients accessing cache: 4
Number of HTTP requests received: 4785
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 52.0
Average ICP messages per minute since start: 0.0
Select loop called: 50357 times, 109.595 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 1.6%, 60min: 24.6%
Byte Hit Ratios: 5min: 30.9%, 60min: 63.4%
Request Memory Hit Ratios: 5min: 0.0%, 60min: 3.1%
Request Disk Hit Ratios: 5min: 0.0%, 60min: 68.6%
Storage Swap size: 44980 KB
Storage Mem size: 976 KB
Mean Object Size: 13.34 KB
Requests given to unlinkd: 232
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.01469 0.01387
Cache Misses: 0.02317 0.03066
Cache Hits: 0.00000 0.00919
Near Hits: 0.04776 0.07409
Not-Modified Replies: 0.00000 0.00286
DNS Lookups: 0.01098 0.02130
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 5518.860 seconds
CPU Time: 2.446 seconds
CPU Usage: 0.04%
CPU Usage, 5 minute avg: 0.06%
CPU Usage, 60 minute avg: 0.04%
Process Data Segment Size via sbrk(): 5272 KB
Maximum Resident Size: 36432 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
Total space in arena: 5404 KB
Ordinary blocks: 5319 KB 28 blks
Small blocks: 0 KB 0 blks
Holding blocks: 356 KB 1 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 85 KB
Total in use: 5675 KB 99%
Total free: 85 KB 1%
Total size: 5760 KB
Memory accounted for:
Total accounted: 2308 KB
memPoolAlloc calls: 572398
memPoolFree calls: 557317
File descriptor usage for squid:
Maximum number of file descriptors: 1024
Largest file desc currently in use: 68
Number of file desc currently in use: 65
Files queued for open: 0
Available number of file descriptors: 959
Reserved number of file descriptors: 100
Store Disk files open: 0
IO loop method: epoll
Internal Data Structures:
3401 StoreEntries
201 StoreEntries with MemObjects
200 Hot Object Cache Items
3372 on-disk objects