Re: Squid restarting continuously the authenticator processes

Claudio ML <claudioml@xxxxxxxxxxxxxxxx> · Wed, 29 Oct 2014 12:11:41 +0100



    Il 29/10/2014 12:01, Amos Jeffries ha scritto:

    On 29/10/2014 11:09 p.m., Claudio ML wrote:

      > Hello all,

      
      > I have a strange problem with a SQUID proxy with the NTLM

      
      The word is "Squid", it is a name not an acronym.

      
      > authentication. It randomly restarts the authenticator
      processes 

      > (restart maybe not the right term), as follows:

      
      Randomly? no, when an authenticator dies/aborts Squid starts a

      replacement one.

      
      Question is why they are dying.

      
      Perhapse you could start by indicating what version of Squid you
      are

      using ?

      
    My Squid version is 3.2.11 (OpenSuSE 12.3)

    
      <snip>

      > 2014-10-29T10:45:02.649164+01:00 yel1swa208 squid[29306]:
      Starting

      > new ntlmauthenticator helpers...
      2014-10-29T10:45:02.650165+01:00

      > yel1swa208 squid[29306]: helperOpenServers: Starting 1/800

      > 'ntlm_auth' processes

      
      > Not sure if is a result of this, but after 10-20 mins the

      > authentication process with ntlm slows down terribly (tested
      with

      > wbinfo -t), and the users have some serious problem with the

      > navigation.

      
      > Follows the relevant part of squid.conf:

      
      > # Ntlm Auth auth_param ntlm program /usr/bin/ntlm_auth 

      > --helper-protocol=squid-2.5-ntlmssp --debuglevel=0 auth_param
      ntlm

      > children 800 #auth param ntlm keep_alive off

      
      That is the Samba helper, so any bugs inside it are Samba
      problems.

      
      Squid for NTLM is just a "dumb relay" passing the HTTP request
      header

      tokens to the helper(s) and relaying their responses back to the

      client in HTTP reply headers.

      
      There might still be bugs in the relaying logic though. But to me
      it

      sounds like the helpers having issues.

      
    Where into log files i can look if helpers have issues?

    > authenticate_ttl 3 hour
      authenticate_ip_ttl 3 hour

      
      > # Base Auth auth_param basic program /usr/bin/ntlm_auth 

      > --helper-protocol=squid-2.5-basic auth_param basic children
      200 

      > auth_param basic realm Squid proxy-caching web server
      auth_param

      > basic credentialsttl 2 hours

      
      > And the relevant part of smb.conf:

      
      > allow trusted domains = Yes winbind nested groups = Yes wins
      server

      > = x.x.x.x winbind uid = 40000-90000000000000 winbind gid =

      > 4000-100000000000000 winbind use default domain = yes winbind
      enum

      > users = yes winbind enum groups = yes winbind cache time =
      1000 

      > winbind max clients = 600

      
      There is a big hint.

      
       max clients 600 vs. 800 configured Squid helpers ...

      
    You are right, now my config is 800 as max clients on samba, and 800
    Squid helpers.

    
    Thank you,

    
    Claudio.

    Amos

    
    >
      _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

    
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users