I switched from 3.3.8 to 3.4.2, and apparently, I got problems with auth too (I'm using negotiate_wrapper and ext_kerberos_ldap_group_acl, most clients are using kerberos). The CPU load started growing, and for some clients we got "connection timed out" on a random basis. I quick switched back to 3.3.8, because it is an high load proxy server, but I will try to isolate another server with 3.4.2 when possible. On Wed, Jan 8, 2014 at 1:05 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 7/01/2014 10:21 p.m., Rietzler, Markus (RZF, SG 324 / > <RIETZLER_SOFTWARE>) wrote: >> thanxs, >> >> our assumption is, that it is related to helper management. with 3.4. there is a "new helper protocol", right? > > Right. That is the big user-visible bit in 3.4. > > But there are other background changes involving TCP connection > management, authentication management, ACL behaviours and some things in > 3.3 series also potentially affecting NTLM. > > The feature changes just give us a direction to look in. We still have > to diagnose each new bug in detail to be sure. There are others already > using NTLM in older 3.3/3.4 versions without seing this problem for example. > >> our environment worked with 3.2 without problems. now with the jump to 3.4. it will not work anymore. so number of requests are somehow important but as it worked in the past... >> >> if we go without ntlm_auth we can't see any high cpu load. so the first thought ACL and eg. regex problems can be >> discarded. maybe there are some cross influences. but we think it lies somewhere in helpers/auth. > > Did you get any better cache.log trace with the debug_options 29,9 84,9? > > Amos >