Hi Adrian,

2008/8/2 Adrian Chadd <[EMAIL PROTECTED]>:
> Right; and what happens when you disable authentication in Squid and
> polygraph? Does it cope fine?

I disabled ntlm auth and acl with regex sites and squid work fine.
With ntlm and acl I saw cpu time in mgr info go up 99%, then I this is
a problem when I have much connections.

Well I enabled in my conf only ntlm auth without acl regex, and
enabled samba logs and I have this problem:

[2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
  could not obtain winbind netbios name!
[2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
  could not obtain winbind netbios name!
[2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
  could not obtain winbind netbios name!
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x10922a8'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x108e128'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x10901e8'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x1094368'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x1096428'.

>
> Samba/Winbind are known to not handle high authentication transaction
> rates. Well, 200/sec isn't "high" to me..
>
> If it works fine without NTLM authentication but fails when you try
> using it, then I'd point fingers at Samba/Winbind. There's a
> hard-coded default of 200 concurrent "connections" to winbind in the
> winbind source; I thought they were going to improve that. Anyway, if
> its fine without NTLM auth but slow with it enabled I'd go ask the
> Samba team about it.

I will ask to samba list, thanks....


>
> In the meantime, there's a workaround - you can enable uhm,
> authenticate_ip_shortcircuit_ttl and
> authenticate_ip_shortcircuit_access.
>

I used squid version 2.6.5 and I think this options above don't work,
I used authenticate_ip_ttl to cache authentication.

Thanks for all.

Reply via email to