[squid-users] Slow performance when enable NTLM auth

Thu, 24 Mar 2011 02:57:05 -0700 

Hi friends,
I'm suffering a speed problem when I use NTLM for auth users. If I use basic auth, all work fine and webpages load almost instantaneous, but when I enable NTLM, same webpages can took 10-30seconds to load it.... 

I've found some similar cases, but nobody know a solution:
---------------------------------------------------------------------------------
http://www.linuxforums.org/forum/servers/165500-squid-very-slow-using-ntlm.html
http://readlist.com/lists/squid-cache.org/squid-users/7/35240.html

I've used this guide for setup my server:
-----------------------------------------------------
http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5

My unique changes over squid.conf are this:
--------------------------------------------------------------

cache_effective_group wbpriv


auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp

auth_param ntlm children 50
auth_param ntlm keep_alive on

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl chglan src 10.31.32.0/24

acl ntlm proxy_auth REQUIRED
http_access allow chglan ntlm
-----------------------------------------------------------------


and as say the previous mentioned guide, I launch authconfig for setup 
winbind and samba.



Somebody can help me?? Is mandatory for me can remove the stupid 
authentication popup wich show all browser for proxy authentication.
Prior to squid, we were using MS ISA server and now, users are 
constantly crying because his browsers shows authentication popups each 
time they open it...


Regards,
F.J

-----------------------
More info:
------------------------


HW:
--------------------------------
VMware ESX virtual machine with:
- 1 vProcesor (2Ghz reserved)
- 4GB of RAM
- 10GB of HD
- vNIC Gigabit

SO:
---------------------------------
Red Hat Enterprise Linux 5.6 x86_64

Linux proxy.domain 2.6.18-238.5.1.el5 #1 SMP Mon Feb 21 05:52:39 EST 
2011 x86_64 x86_64 x86_64 GNU/Linux


Squid:
-----------------------------------------
Squid Cache: Version 2.6.STABLE21

configure options:  '--build=x86_64-redhat-linux-gnu' 
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' 
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' 
'--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' 
'--includedir=/usr/include' '--libdir=/usr/lib64' 
'--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--exec_prefix=/usr' '--bindir=/usr/sbin' 
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var' 
'--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-arp-acl' 
'--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' 
'--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' 
'--with-openssl=/usr/kerberos' '--enable-delay-pools' 
'--enable-linux-netfilter' '--with-pthreads' 
'--enable-ntlm-auth-helpers=SMB,fakeauth' 
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' 
'--enable-auth=basic,digest,ntlm,negotiate' 
'--enable-negotiate-auth-helpers=squid_kerb_auth' 
'--enable-digest-auth-helpers=password' '--with-winbind-auth-challenge' 
'--enable-useragent-log' '--enable-referer-log' 
'--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost' 
'--enable-underscores' 
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL' 
'--enable-cache-digests' '--enable-ident-lookups' 
'--enable-follow-x-forwarded-for' '--enable-wccpv2' '--enable-fd-config' 
'--with-maxfd=16384' 'build_alias=x86_64-redhat-linux-gnu' 
'host_alias=x86_64-redhat-linux-gnu' 
'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-D_FORTIFY_SOURCE=2 -fPIE 
-Os -g -pipe -fsigned-char' 'LDFLAGS=-pie'


package info:

Name       : squid
Arch       : x86_64
Epoch      : 7
Version    : 2.6.STABLE21
Release    : 6.el5
Size       : 3.7 M
Repo       : installed


Samba:
------------
Name       : samba3x
Arch       : x86_64
Version    : 3.5.4
Release    : 0.70.el5_6.1
Size       : 5.9 M
Repo       : rhel-x86_64-server-5 (not installed)

Name       : samba3x-common
Arch       : x86_64
Version    : 3.5.4
Release    : 0.70.el5_6.1
Size       : 49 M
Repo       : installed

Name       : samba3x-winbind
Arch       : x86_64
Version    : 3.5.4
Release    : 0.70.el5_6.1
Size       : 12 M
Repo       : installed




mgr:info output (is not real scenario, currently only few user are using 
it, so the load is very low, but even so, the performance is very poor):

---------------------------------------------------------------------------
squidclient -p 3128 mgr:info
HTTP/1.0 200 OK
Server: squid/2.6.STABLE21
Date: Thu, 24 Mar 2011 09:42:22 GMT
Content-Type: text/plain
Expires: Thu, 24 Mar 2011 09:42:22 GMT
Last-Modified: Thu, 24 Mar 2011 09:42:22 GMT
X-Cache: MISS from proxy.domain
X-Cache-Lookup: MISS from proxy.domain:3128
Via: 1.0 fresneda.chg:3128 (squid/2.6.STABLE21)
Proxy-Connection: close

Squid Object Cache: Version 2.6.STABLE21
Start Time:     Thu, 24 Mar 2011 08:10:23 GMT
Current Time:   Thu, 24 Mar 2011 09:42:22 GMT
Connection information for squid:
        Number of clients accessing cache:      4
        Number of HTTP requests received:       4785
        Number of ICP messages received:        0
        Number of ICP messages sent:    0
        Number of queued ICP replies:   0
        Request failure ratio:   0.00
        Average HTTP requests per minute since start:   52.0
        Average ICP messages per minute since start:    0.0
        Select loop called: 50357 times, 109.595 ms avg
Cache information for squid:
        Request Hit Ratios:     5min: 1.6%, 60min: 24.6%
        Byte Hit Ratios:        5min: 30.9%, 60min: 63.4%
        Request Memory Hit Ratios:      5min: 0.0%, 60min: 3.1%
        Request Disk Hit Ratios:        5min: 0.0%, 60min: 68.6%
        Storage Swap size:      44980 KB
        Storage Mem size:       976 KB
        Mean Object Size:       13.34 KB
        Requests given to unlinkd:      232
Median Service Times (seconds)  5 min    60 min:
        HTTP Requests (All):   0.01469  0.01387
        Cache Misses:          0.02317  0.03066
        Cache Hits:            0.00000  0.00919
        Near Hits:             0.04776  0.07409
        Not-Modified Replies:  0.00000  0.00286
        DNS Lookups:           0.01098  0.02130
        ICP Queries:           0.00000  0.00000
Resource usage for squid:
        UP Time:        5518.860 seconds
        CPU Time:       2.446 seconds
        CPU Usage:      0.04%
        CPU Usage, 5 minute avg:        0.06%
        CPU Usage, 60 minute avg:       0.04%
        Process Data Segment Size via sbrk(): 5272 KB
        Maximum Resident Size: 36432 KB
        Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
        Total space in arena:    5404 KB
        Ordinary blocks:         5319 KB     28 blks
        Small blocks:               0 KB      0 blks
        Holding blocks:           356 KB      1 blks
        Free Small blocks:          0 KB
        Free Ordinary blocks:      85 KB
        Total in use:            5675 KB 99%
        Total free:                85 KB 1%
        Total size:              5760 KB
Memory accounted for:
        Total accounted:         2308 KB
        memPoolAlloc calls: 572398
        memPoolFree calls: 557317
File descriptor usage for squid:
        Maximum number of file descriptors:   1024
        Largest file desc currently in use:     68
        Number of file desc currently in use:   65
        Files queued for open:                   0
        Available number of file descriptors:  959
        Reserved number of file descriptors:   100
        Store Disk files open:                   0
        IO loop method:                     epoll
Internal Data Structures:
          3401 StoreEntries
           201 StoreEntries with MemObjects
           200 Hot Object Cache Items
          3372 on-disk objects























					Reply via email to