rep_mime_type can´t be used for parent selection because this is evaluated
before content has been reached ?

This is true ?

Jorge.


----- Original Message ----- From: "Frederic THOMAS" <frederic.tho...@atosorigin.com>
To: <squid-users@squid-cache.org>
Sent: Tuesday, July 21, 2009 9:18 AM
Subject: [squid-users] Squid3 / NTLM / token id cache


Hello,


I've installed 2 Squid 3.0.STABLE5 + samba-winbind on a mandriva 2008.1 with ntlm authentification . It works, clients are able to surf on the web using the Proxy and usernames are correctly logged. But we experienced some latency issues on websites. When i look into access.log file i observe a lot of 407 authentification request. So i read about ntlm authentification and see that there is an authentification request for each connection. There is nearly 6000 users on the 2 squid servers and i have noticed there's some great traffic between squid boxes and AD server, which is expected, because of the authentication traffic. On previous version we could use following settings (ntlm parameters on 2.5 squid and i noticed they didnt exists after 2.6) :

"max_challenge_reuses" number
"max_challenge_lifetime" timespan

What similar option on squid 3 can be used to reduce authentication traffic ? Is there any solution to avoid an authentification request to each connection and have a possibility to reuse a token id ?

  * Squid.conf :

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 80
auth_param ntlm keep_alive on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid AD
auth_param basic credentialsttl 2 hours

  * What i found on cache.log files :

libsmb/ntlmssp.c:ntlmssp_update(327)
Failed to parse NTLMSSP packet, could not extract NTLMSSP command (~= each second)


Regards,

Frederic THOMAS




Reply via email to