Thanks for the reply :) I did some basic math on the cache.log and came up with about 80 helpers we need. I will monitor both the cache.log + the general user experience to see if this improves the situation. Will report back with how it pans out... Again, thanks! -Jason On Mon, Jul 9, 2012 at 9:28 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 9/07/2012 9:13 p.m., Jason Leschnik wrote: >> >> Hey all, >> >> Just curious about what size your user base is compared to how many >> children processes you have for ntlm authentication. We found with >> 1000-1500 users that 30 children was no enough, resulting in cache.log >> queue warnings. So what combination have you found reasonable? > > > For NTLM the theoretical ideal is about 4 helpers per active user (ouch!), > just because of the extremely inefficient way it works. As you cut down the > ratio of helpers:users from that the user-visible lag becomes longer. So yes > a few dozen heleprs for a thousand users is nowhere near enough. It's not > uncommon to see a few hundred NTLM helpers in one Squid instance for your > user levels. > Try making that 100 helper children and see what the loading is. The low > numbered helepers will get a lot of requests tailing off to least load on > the 100th helper. > > If you have a choice go for Kerberos instead or as first preference over > NTLM. > > Amos > -- Regards, Jason Leschnik. [m] 0432 35 4224 [w@] jason dot leschnik <at> ansto dot gov dot au [U@] jml974@xxxxxxxxxx
