On 18/10/2012 2:57 a.m., Noc Phibee Telecom wrote:
Hi

We use squid with Active Directory authentification. for a medium site ~1000 users connected in same time,
what is the best value :


auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param ntlm keep_alive on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 50
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

external_acl_type AD_Group children=50 concurrency=50 ttl=3600 negative_ttl=900 %LOGIN /usr/lib64/squid/wbinfo_group.pl

cache_peer 127.0.0.1 parent 8081 0 proxy-only no-query weight=100 connect-timeout=15 login=*:password
cache_mem 16 MB





Children 50, it's correct or to hight ?

Your cache manager helpers report will indicate whether the helpers are utilized well or are being over/under loaded. You should see the pattern of helper #1 being loaded heavily down to the last few helpers not serving any traffic at all.

If the last helpers are facing many requests you will need more children OR more concurrency.

NP: the basic auth helpers can face concurrency - you just have to find the samba helpers options to accept it. The NTLM auth interface does not yet support it.

concurrency and ttl ?

Entirely up to you.

cache_mem ?

Again entirely up to you. Could be zero if you wanted no RAM cache, or anything larger which your box can handle for faster response times from in-memory objects.

Amos

Reply via email to