Il 29/10/2014 12:01, Amos Jeffries ha scritto: > On 29/10/2014 11:09 p.m., Claudio ML wrote: > > Hello all, > > > I have a strange problem with a SQUID proxy with the NTLM > > The word is "Squid", it is a name not an acronym. > > > authentication. It randomly restarts the authenticator processes > > (restart maybe not the right term), as follows: > > > Randomly? no, when an authenticator dies/aborts Squid starts a > replacement one. > > Question is why they are dying. > > Perhapse you could start by indicating what version of Squid you are > using ? > My Squid version is 3.2.11 (OpenSuSE 12.3) > > <snip> > > 2014-10-29T10:45:02.649164+01:00 yel1swa208 squid[29306]: Starting > > new ntlmauthenticator helpers... 2014-10-29T10:45:02.650165+01:00 > > yel1swa208 squid[29306]: helperOpenServers: Starting 1/800 > > 'ntlm_auth' processes > > > Not sure if is a result of this, but after 10-20 mins the > > authentication process with ntlm slows down terribly (tested with > > wbinfo -t), and the users have some serious problem with the > > navigation. > > > Follows the relevant part of squid.conf: > > > # Ntlm Auth auth_param ntlm program /usr/bin/ntlm_auth > > --helper-protocol=squid-2.5-ntlmssp --debuglevel=0 auth_param ntlm > > children 800 #auth param ntlm keep_alive off > > That is the Samba helper, so any bugs inside it are Samba problems. > > Squid for NTLM is just a "dumb relay" passing the HTTP request header > tokens to the helper(s) and relaying their responses back to the > client in HTTP reply headers. > > There might still be bugs in the relaying logic though. But to me it > sounds like the helpers having issues. > > Where into log files i can look if helpers have issues? > > authenticate_ttl 3 hour authenticate_ip_ttl 3 hour > > > # Base Auth auth_param basic program /usr/bin/ntlm_auth > > --helper-protocol=squid-2.5-basic auth_param basic children 200 > > auth_param basic realm Squid proxy-caching web server auth_param > > basic credentialsttl 2 hours > > > And the relevant part of smb.conf: > > > allow trusted domains = Yes winbind nested groups = Yes wins server > > = x.x.x.x winbind uid = 40000-90000000000000 winbind gid = > > 4000-100000000000000 winbind use default domain = yes winbind enum > > users = yes winbind enum groups = yes winbind cache time = 1000 > > winbind max clients = 600 > > > There is a big hint. > > max clients 600 vs. 800 configured Squid helpers ... > You are right, now my config is 800 as max clients on samba, and 800 Squid helpers.
Thank you, Claudio. > Amos > _______________________________________________ > squid-users mailing list > [email protected] > http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
