On 22/11/2016 1:33 a.m., Eduardo Carneiro wrote: > Hi all. > > Sorry if this is already answered here. But I couldn't find any clear tips > about this topic. > > I'm using Squid 3.5.19 with dynamic content caching in a huge user base > (almost 10.000). Due to the large number of requisitions, internet access is > getting very slow. FYI: first optimization should be removing NTLM. It doubles the number of HTTP messages required for clients to do anything, and requires the proxy to disable many HTTP performance features. > > So I decided to use cache_peer to balance the traffic between servers. Would > be a basic environment. One child (that receive the requisitions of the > users) and three parent servers in a cluster. The problem is the > authentication. > > Today I use NTLM to authenticate my accesses (in a AD Win2008). I have read > here, that Squid doesn't support ntlm pass-through between child -> parent > servers. Squid does support pass-through. Just use login=PASSTHRU in the child proxy cache_peer lines. What it doesn't support is using obsolete NTLM protocol to authenticate _itself_ to parent proxies. (Yes NTLM was formally deprecated by MS in April 2006). > > The question I have is: There is any way to send user authentication > credentials of the child server to parent servers transparently? Without > need to enter username and password in the browser authentication box? cache_peer ... login=PASSTHRU Required that the frontend proxy using this does not do authentication itself. That is done solely by the peer receiving the credentials. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
