2011/10/13 Job <Job@xxxxxxxxxxxxxxxxxxxx>: > Hello Luis, > nice reply, first of all, very very interesting... > > I noticed in 3.1.8 it seems i cannot place the credenstialttl directive, i can only - in the ntlm schema - insert this: auth_param ntlm keep_alive on. > > Is it right? I read it could give some incompatibility problems with IE. > > Are there some other parameters to put, in the ntlm schema, 5-minutes cache? > > Thank you again, > Francesco > > ________________________________________ > Da: Luis Daniel Lucio Quiroz [luis.daniel.lucio@xxxxxxxxx] > Inviato: giovedì 13 ottobre 2011 15.49 > A: frantz@xxxxxxxxxxxx > Cc: squid-users@xxxxxxxxxxxxxxx > Oggetto: Re: Problems authenticator on huge systems > > 2011/10/13 Francesco <frantz@xxxxxxxxxxxx>: >> Hello, >> >> in a proxy server with some hunderds of users, i experience temporary >> problems with ntlm authentication; Squid says access deny for some >> minutes, then everything returns working without any actions. >> >> In cache.log i noticed these errors: >> AuthNTLMUserRequest::authenticate: attempt to perform authentication >> without a connection! >> >> I raised up the per-process max open files to 4096; do you think i am low >> of authenticator process (200)? >> Could it be this the problem? >> >> I have no cache on ntlm auth helper... >> >> Thank you, >> Francesco >> > > HELO Franchesco, > > My first toughts is you shall consider a ntlm cache, about 5 minutes. > The fact is, that NTLM authentication does not work as basic > authentication. I mean, in basic authentication, once the browser > sends credentials, it always send credentials each time without > requesting them again. In ntlm, as my understanding, it is quite > different, browsers after a lapse of time will stop sending > credentials (the hash). So a cache will really offload the samba/AD > you are forwarding auth requests. > > Taking as a reference your message, and without other evidence, i > guess problem is not between browser-squid, it could be > squid-ad/samba. > > LD > http://www.twitter.com/ldlq Give a read here http://www.squid-cache.org/Versions/v3/3.1/cfgman/authenticate_ttl.html This may help you, Please void to top-list, it is very hard to follow conversation. LD http://www.twitter.com/ldlq
