On 2024-07-26, Andre wrote:
How to know if the helper supports concurrent requests?
Good question! You need to consult helper documentation. If that does not exist or does not document concurrency, one can analyze helper source code and/or test concurrency support, but those two activities require specialized skills. Testing is especially difficult because a helper may not violently/visibly reject "concurrent" protocol messages: Many helpers were written under the false assumption that they will never receive invalid traffic.
Asking here (and then improving helper documentation!) may be the best option.
HTH, Alex.
чт, 25 июл. 2024 г. в 17:43, Andre Bolinhas <andre.bolinhas@xxxxxxxxxxxxxx <mailto:andre.bolinhas@xxxxxxxxxxxxxx>>:__ Hi We have 5 squid workers, we need to handle around 8k concurrent users. Based on this, what's the auth_param values that you recommend for children, idle and startup? How to know if the helper supports concurrent requests?winbindd: Exceeding 500 client connections, no idle connection foundI will increase this value to check if help to settle the issue On 25/07/2024 14:28, Alex Rousskov wrote:____On 2024-07-23 19:20, Andre Bolinhas wrote:winbindd: Exceeding 500 client connections, no idle connection foundauth_param ntlm children 500 ...I know virtually nothing about WINDBIND and the authentication helper you are using, but configuring Squid to have 500 helper processes is usually a mistake, even with a single Squid worker. YMMV, but I would try to use a lot fewer helpers (e.g., 10) and increase that number only if such an increase actually improves things. If possible, use a helper that supports concurrent requests. If your Squid is not competing for resources with other applications on the server, then I also recommend keeping a _constant_ number of helper processes (instead of asking Squid to start many new helper processes at the worse possible time -- when the load on Squid increases). To do that, make startup and idle parameters the same as the maximum number of children. HTH, Alex. P.S. The credit for highlighting the correlation between winbindd errors and "auth_param ntlm children 500" goes to Andrey K. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx> https://lists.squid-cache.org/listinfo/squid-users <https://lists.squid-cache.org/listinfo/squid-users>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
