Hi everybody,
Here's my problem. We have deployed several squid box in a very large environment. Each proxy handles from 1000 to 7000 users, with around 5000 http requests/minute, during peak time. Currently, there is no authentication, except on one test proxy which does NTLM authentication againts a Windows 2000 AD. And that's where the problem stands. On this NTLM proxy, there is nearly 500 users. The authentication works correctly during 90% of the time, but at certain periods (including peak times), the ntlm helpers average service time (in cache manager) grows up to 11000ms and so, the users must wait several seconds before getting a page. It lasts only a few minutes and then all goes back to normal. I'm currently running squid 2.5 stable5 with samba 3.0.3rc1 on a RH9 with a 2.4.26 kernel. I have tried all squid 2.5 versions (I recompile it as soon as patches concerning NTLM go out ), and samba 3.x version with no evolution (I was also running the RH 2.4.20-8 kernel previously). Concerning the software configuration, I have tried with/without challenge reuse (to limit authentication requests against the controller) in squid. I also increased winbind cache time, but with no better results. At this point, I don't really know what else I could try. We need to deploy NTLM on each squid box for administrative reason, but this is clearly not possible seeing the problems we encounter on the only NTLM proxy. If someone could help me... Sorry for posting such a long message but this was to clearly explain the problem. Thx in advance. Pierre-Emmanuel