On 9/07/2012 9:13 p.m., Jason Leschnik wrote:
Hey all, Just curious about what size your user base is compared to how many children processes you have for ntlm authentication. We found with 1000-1500 users that 30 children was no enough, resulting in cache.log queue warnings. So what combination have you found reasonable?
For NTLM the theoretical ideal is about 4 helpers per active user (ouch!), just because of the extremely inefficient way it works. As you cut down the ratio of helpers:users from that the user-visible lag becomes longer. So yes a few dozen heleprs for a thousand users is nowhere near enough. It's not uncommon to see a few hundred NTLM helpers in one Squid instance for your user levels. Try making that 100 helper children and see what the loading is. The low numbered helepers will get a lot of requests tailing off to least load on the 100th helper.
If you have a choice go for Kerberos instead or as first preference over NTLM.
Amos
