2011/10/13 Francesco <frantz@xxxxxxxxxxxx>: > Hello, > > in a proxy server with some hunderds of users, i experience temporary > problems with ntlm authentication; Squid says access deny for some > minutes, then everything returns working without any actions. > > In cache.log i noticed these errors: > AuthNTLMUserRequest::authenticate: attempt to perform authentication > without a connection! > > I raised up the per-process max open files to 4096; do you think i am low > of authenticator process (200)? > Could it be this the problem? > > I have no cache on ntlm auth helper... > > Thank you, > Francesco > HELO Franchesco, My first toughts is you shall consider a ntlm cache, about 5 minutes. The fact is, that NTLM authentication does not work as basic authentication. I mean, in basic authentication, once the browser sends credentials, it always send credentials each time without requesting them again. In ntlm, as my understanding, it is quite different, browsers after a lapse of time will stop sending credentials (the hash). So a cache will really offload the samba/AD you are forwarding auth requests. Taking as a reference your message, and without other evidence, i guess problem is not between browser-squid, it could be squid-ad/samba. LD http://www.twitter.com/ldlq
