<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Il 29/10/2014 12:01, Amos Jeffries ha scritto:<br>
<blockquote type="cite">On 29/10/2014 11:09 p.m., Claudio ML wrote:<br>
> Hello all,<br>
<br>
> I have a strange problem with a SQUID proxy with the NTLM<br>
<br>
The word is "Squid", it is a name not an acronym.<br>
<br>
> authentication. It randomly restarts the authenticator
processes <br>
> (restart maybe not the right term), as follows:<br>
<br>
<br>
Randomly? no, when an authenticator dies/aborts Squid starts a<br>
replacement one.<br>
<br>
Question is why they are dying.<br>
<br>
Perhapse you could start by indicating what version of Squid you
are<br>
using ?<br>
<br>
</blockquote>
My Squid version is 3.2.11 (OpenSuSE 12.3)<br>
<blockquote type="cite"><br>
<snip><br>
> 2014-10-29T10:45:02.649164+01:00 yel1swa208 squid[29306]:
Starting<br>
> new ntlmauthenticator helpers...
2014-10-29T10:45:02.650165+01:00<br>
> yel1swa208 squid[29306]: helperOpenServers: Starting 1/800<br>
> 'ntlm_auth' processes<br>
<br>
> Not sure if is a result of this, but after 10-20 mins the<br>
> authentication process with ntlm slows down terribly (tested
with<br>
> wbinfo -t), and the users have some serious problem with the<br>
> navigation.<br>
<br>
> Follows the relevant part of squid.conf:<br>
<br>
> # Ntlm Auth auth_param ntlm program /usr/bin/ntlm_auth <br>
> --helper-protocol=squid-2.5-ntlmssp --debuglevel=0 auth_param
ntlm<br>
> children 800 #auth param ntlm keep_alive off<br>
<br>
That is the Samba helper, so any bugs inside it are Samba
problems.<br>
<br>
Squid for NTLM is just a "dumb relay" passing the HTTP request
header<br>
tokens to the helper(s) and relaying their responses back to the<br>
client in HTTP reply headers.<br>
<br>
There might still be bugs in the relaying logic though. But to me
it<br>
sounds like the helpers having issues.<br>
<br>
<br>
</blockquote>
Where into log files i can look if helpers have issues?<br>
<blockquote type="cite">> authenticate_ttl 3 hour
authenticate_ip_ttl 3 hour<br>
<br>
> # Base Auth auth_param basic program /usr/bin/ntlm_auth <br>
> --helper-protocol=squid-2.5-basic auth_param basic children
200 <br>
> auth_param basic realm Squid proxy-caching web server
auth_param<br>
> basic credentialsttl 2 hours<br>
<br>
> And the relevant part of smb.conf:<br>
<br>
> allow trusted domains = Yes winbind nested groups = Yes wins
server<br>
> = x.x.x.x winbind uid = 40000-90000000000000 winbind gid =<br>
> 4000-100000000000000 winbind use default domain = yes winbind
enum<br>
> users = yes winbind enum groups = yes winbind cache time =
1000 <br>
> winbind max clients = 600<br>
<br>
<br>
There is a big hint.<br>
<br>
max clients 600 vs. 800 configured Squid helpers ...<br>
<br>
</blockquote>
You are right, now my config is 800 as max clients on samba, and 800
Squid helpers.<br>
<br>
Thank you,<br>
<br>
Claudio.<br>
<blockquote type="cite">Amos<br>
</blockquote>
<span style="white-space: pre;">>
_______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
<br>
</body>
</html>