Re: [squid-users] Extremely high 'Median response time' warnings
Do you ever see this entry/log during the day? Are there any other sites that give the same message? Perhaps this particular site has latency issues at night or consistently throughout the day? Josh On 7/12/08, Tim Boyer <[EMAIL PROTECTED]> wrote: > I'm running squid/2.6.STABLE6 on a RHEL5.2 system, on a Dell PowerEdge 1750 > with 2Gb memory, dual CPUs, and a fast SCSI disk dedicated to the cache. > > At night - times when the load should be down around zero - I'm seeing the > following response time messages: > > Jul 12 16:46:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 16:47:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 16:48:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 16:49:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 16:50:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 16:51:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 17:26:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > Jul 12 17:27:43 saratoga.denmantire.com squid[9326]: WARNING: Median > response time is 57448 milliseconds > > I've logged on and tried browsing, and response seemed positively zippy. > I'd think I'd notice a one minute response time. > > Where is this statistic coming from? I know I could disable it, but I'm > curious about why squid thinks my performance is this bad. > > -- > Tim Boyer > Denman Tire Corporation > [EMAIL PROTECTED] > >
Re: [squid-users] Squid requirements
My most recent setup was on an old Compaq desktop server 1100mhz, 1gb RAM (not sure of speed) with ~30gb cache on 10k rpm SCSI disks. Squid was auth-ing against Samba using the winbind helper. No AV, but dansguardian was used for content filtering. Performance was adequate for ~100 users. Josh On Wed, Jul 16, 2008 at 5:49 PM, Richard Hubbell <[EMAIL PROTECTED]> wrote: > --- On Wed, 7/16/08, Adrian Chadd <[EMAIL PROTECTED]> wrote: > >> From: Adrian Chadd <[EMAIL PROTECTED]> >> Subject: Re: [squid-users] Squid requirements >> To: "Chris Robertson" <[EMAIL PROTECTED]> >> Cc: "Squid Users" >> Date: Wednesday, July 16, 2008, 9:28 AM >> What we're really missing is a bunch of "hardware >> x, config y, testing >> z, results a, b, c." TMF used to have some stuff up >> for older hardware >> but there's just nothing recent to use as a measuring >> stick.. >> > > The problem is that there's so much disparate technology out there. > multi-core cpus, all kinds of different memory, all kinds of different disk > technologies, different filesystems, different OS, different kernels, and > on and on. It's hard to get useful measuring sticks. > > I still think it's a useful pursuit. But I think that the reasons above make > people less inclined to do it. > > spec.org tries to level the field, if someone concocted a level field and > made it easy for people to do, then we'd see more results. > > > >
Re: [squid-users] NTLM Authentication
Do you have an ACL in squid.conf allowing an AD group to use squid, and is your user part of that group? for example, in my config... acl inet_group external group_nt squid_proxy acl Auth proxy_auth REQUIRED http_access allow Auth inet_group (where inet_group is the acl name, external points to the external auth helper you defined (nt_group in your case), and squid_proxy is the AD group of which you must belong) This may not be the best way to do it, but it works for me. On Wed, Aug 6, 2008 at 1:55 AM, Thompson, Scott (WA) <[EMAIL PROTECTED]> wrote: > Hi all > After my previous run around with Winbind and Likewise Open I decided to > rebuild the server from scratch and reinstall Ubuntu 8.04, after some > firewall configs I was able to successfully join the server to our Active > Directory domain without any issues using Winbind and Samba > Some background info > Server is Ubuntu 8.04 > Samba is 3.0.28a > Squid is 2.6 STABLE18 > > Wbinfo -u and -g shows all the AD groups, KINIT works etc > > We were running on the old server Squid 2.5 STABLE6 > > I have simply done an apt-get on Squid and the 2.6 STABLE18 version is what > it downloaded > After doing an updatedb I can see all the files etc > > I have simply copied the squid.conf from my old server hoping this might work > > When I start squid using the following command, 'squid -NCd10' it seems to > start OK but when I try and authenticate myself I get a logon dialox box. I > would have hoped it would just do it by itself and authenticate me! > The error I get on the console is > > AuthenticateNTLMHandleReply: Error validating user via NTLM. Error returned > 'BH NT_STATUS_ACCESS_DENIED' > > > Part of my squid.conf that relates to authentication is > > # note: you may need to increase children based on your number of users > auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 140 > #auth_param ntlm max_challenge_reuses 0 > #auth_param ntlm max_challenge_lifetime 10 minute > #auth_param ntlm use_ntlm_negotiate on > > auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic > auth_param basic children 20 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hour > > # only need this if you want to use Windows Domain Groups for acl(s) > external_acl_type nt_group ttl=0 concurrency=5 %LOGIN > /usr/lib/squid/wbinfo_group.pl > > > Is there a better way to do this? > I didn't have to do a make or anything so do I need to recompile for the > correct helpers etc? > Is it a permission thing perhaps? > > Any suggestions would be MOST welcome > On a side note within the last week my Linux skills have improved 100 fold! > > Regards, > > ___ > Scott Thompson > Network Administrator > Australian Fast Foods Pty Ltd > PO Box 676 > Balcatta WA 6914 > > 08 9240 9761 > [EMAIL PROTECTED] > > >
Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
Firefox can't grab NTLM creds like IE does. On 10/28/08, matlor <[EMAIL PROTECTED]> wrote: > > I have configured squid with winbind integrated in the active directory of a > windows 2003 domain. > If I browse internet trough IE 7 everething is ok, no user and password > prompted, because of the common login. While, if I open Firefox (2 or 3 > version), it prompts for user and password. > I have also notioced that if I clic on cancel twice, than I can see tha > internet page someon can help me?!?! thanks in advance > > > -- > View this message in context: > http://www.nabble.com/SQUID-%2B-FIREFOX-%2B-ACTIVE-DIRECTORY-tp20204501p20204501.html > Sent from the Squid - Users mailing list archive at Nabble.com. > >
Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY
Are you using any type of auth with your squid setup? I don't see it mentioned in your post. I too would be interested in knowing how you got integrated NTLM auth through firefox, if indeed you have. On Wed, Oct 29, 2008 at 9:31 AM, Chris Nighswonger <[EMAIL PROTECTED]> wrote: > On Wed, Oct 29, 2008 at 10:23 AM, nairb rotsak <[EMAIL PROTECTED]> wrote: >> I am totally confused by this statement?.. as I have 300 people using >> firefox right now.. using Ubuntu 6.06, Samba3, Squid2.. and not a single one >> gets a user/pass prompt? I am not using it as a transparent proxy, it is >> listed in firefox under proxy settings (8080 because it goes to DG first.. >> but I have tested just Squid at 3128 and it works as well).. and I haven't >> touched anything else in firefox > > > I'd be very interested in knowing what is different about your setup. > I have fought this problem for several years now. > > >> >> >> >> - Original Message >> From: Chris Nighswonger <[EMAIL PROTECTED]> >> To: matlor <[EMAIL PROTECTED]> >> Cc: squid-users@squid-cache.org >> Sent: Wednesday, October 29, 2008 8:48:39 AM >> Subject: Re: [squid-users] SQUID + FIREFOX + ACTIVE DIRECTORY >> >> On Tue, Oct 28, 2008 at 6:18 AM, matlor <[EMAIL PROTECTED]> wrote: >>> >>> I have configured squid with winbind integrated in the active directory of a >>> windows 2003 domain. >>> If I browse internet trough IE 7 everething is ok, no user and password >>> prompted, because of the common login. While, if I open Firefox (2 or 3 >>> version), it prompts for user and password. >> >> One other note: While FF does support NTLM, it does not do transparent >> auth as IE does. Hence the prompting for username/password. >> Furthermore, due to M$ having a broken implementation of NTLM, FF will >> at times repeatedly prompt ad infinitum. There is an open bug on this >> at Mozilla, (https://bugzilla.mozilla.org/show_bug.cgi?id=318253) but >> action on it is understandably slow. You can mess with FF's NTLM >> related settings under 'about:config' to gain some respite. You can >> also run a basic auth that authenticates against NTLM which for some >> reason seems to avoid the multi-prompt issue. Something like: >> >> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic >> auth_param basic children 2 >> auth_param basic realm somerealm >> auth_param basic credentialsttl 2 hours >> auth_param basic casesensitive off >> >> Regards, >> Chris >> >> >> >> >> >
