Hi everybody,
Here's my problem. We have deployed several squid box in a very large environment.
Each proxy handles
from 1000 to 7000 users, with around 5000 http requests/minute, during peak time.
Currently, there is no
authentication, except on one test proxy which does NTLM authentication againts a
Windows 2000 AD.
And that's where the problem stands.
On this NTLM proxy, there is nearly 500 users. The authentication works correctly
during 90% of the time,
but at certain periods (including peak times), the ntlm helpers average service time
(in cache manager) grows
up to 11000ms and so, the users must wait several seconds before getting a page. It
lasts only a few minutes
and then all goes back to normal.
I'm currently running squid 2.5 stable5 with samba 3.0.3rc1 on a RH9 with a 2.4.26
kernel. I have tried all squid
2.5 versions (I recompile it as soon as patches concerning NTLM go out ), and samba
3.x version with no
evolution (I was also running the RH 2.4.20-8 kernel previously). Concerning the
software configuration, I have
tried with/without challenge reuse (to limit authentication requests against the
controller) in squid. I also
increased winbind cache time, but with no better results.
At this point, I don't really know what else I could try. We need to deploy NTLM on
each squid box for
administrative reason, but this is clearly not possible seeing the problems we
encounter on the only NTLM
proxy. If someone could help me...
Sorry for posting such a long message but this was to clearly explain the problem. Thx
in advance.
Pierre-Emmanuel
