[squid-users] WARNING: All 20/20 negotiateauthenticator processes are busy.
dijxie at gmail.com
Thu May 11 20:00:44 UTC 2017
W dniu 11.05.2017 o 17:27, erdosain9 pisze:
> Im having this problem.
> may 11 11:26:23 squid.xxxx.lan squid: WARNING: All 30/30
> negotiateauthenticator processes are busy.
> may 11 11:26:23 squid.xxxx.lan squid: WARNING: 30 pending requests
> may 11 11:26:23 squid.xxxx.lan squid: WARNING: Consider increasing
> the number of negotiateauthenticator processes in your config file.
> This is my config file
> ###Kerberos Auth with ActiveDirectory###
> auth_param negotiate program /lib64/squid/negotiate_kerberos_auth -s
> HTTP/squid.empddh.lan at EMPDDH.LAN
> auth_param negotiate children 30
> auth_param negotiate keep_alive on
> Can somebody explain this for me?
> Of course, i can "increasing the number of negotiateauthenticator", but i
> want to understand (maybe its a better way)
> I see some examples like this
> auth_param digest children 20 startup=0 idle=1
> What about that? startup? idle? that was a better way? or this not having
> nothing to do?
> Thanks to all!
> (i dont speak english)
> View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/WARNING-All-20-20-negotiateauthenticator-processes-are-busy-tp4682362.html
> Sent from the Squid - Users mailing list archive at Nabble.com.
> squid-users mailing list
> squid-users at lists.squid-cache.org
> Also, you may try set keep_alive to off - this option sometimes tends to hang negotiate helper.
Here is documentation: http://www.squid-cache.org/Doc/config/auth_param/
Startup is the number auth helpers launched when squid is starting. Idle
is the nuber of processes that squid will keep alive even if there is no
cache users. You may increase children calculating available RAM, but
leave startup and idle values low. Squid will launch helpers when
needed, and next will gracefully close them if not used until "idle"
value reached; that 'recycle' process is good for helpers. Just make
sure that your available RAM is enough for all negotiate helpers squid
may launch (children number), that considers system daemons, memory
Kerberos and negotiate authenticators are not capable of doing
concurrent authentications, as well as ntlm authenticator (at least in
squid-2.5-ntlmssp mode); one worker can serve one request at the time.
So, that warning is saing that your cache server has more users - or
rather users are making more concurrent connections at the same time
than auth helpers can handle. Or, there is something wrong with one or
more helpers; use cachemgr.cgi or squid-client to verify.
http://wiki.squid-cache.org/SquidClientTool - squidclient mgr:menu will
give you available comands, grep output by "auth", AFAIR it's
If the number of connections awaiting authentication is greater than
children number, the queue begins. The queue is something unwanted;
makes users wait for page to load. Also, at the end, squid will restart
if queue situation trurns to be chronic.
Also, you may try set keep_alive to off - this option sometimes tends to
hang negotiate helper.
Could you satisfy my curiousity by telling me how many users are there
in your environment?
More information about the squid-users