I'm currently using the binary version of squid provided by yum with RHEL 7.2 (3.3.8) with Samba 4's winbind ntlm_auth to authenticate against AD which is working fine

auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego
auth_param negotiate children 250  startup=2 idle=1
auth_param negotiate keep_alive off
#
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 250  startup=2 idle=1
auth_param ntlm keep_alive off
#

However I'm wondering if I can reduce the number of ntlm_auth processes created by introducing some concurrency.

I've seen mention of helper-mux.pl but from what I've seen on the web I'm not sure if this will work with negotiate and ntlm. Also it looks like in the future with Squid 4 helper-mux.pl is being retired. I've also seen some mention of Samba 4 building in some concurrency itself into ntlm_auth but I'm not sure that this is fully supported.

So my question is what is the current state of play for squid 3.x (and upcoming squid 4) with respect to negotiate and ntlm concurrency with samba4 ?


--

David Webb  (CISSP-ISSAP)
Information Systems Security Architecture Professional
IT Security team leader
CCSS
Middlesex University




---------------------------------------------------------------------------


Please note that all incoming post to Middlesex University is opened and scanned by our digital document handler and then emailed to the recipient. If you do not want your correspondence to processed in this way please email the recipient directly. Parcels, couriered items and recorded delivery items will not be opened or scanned.
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to