[squid-users] Squid restarting continuously the authenticator processes

Claudio ML claudioml at mediaservice.net
Wed Oct 29 10:09:10 UTC 2014


Hello all,

I have a strange problem with a SQUID proxy with the NTLM
authentication. It randomly restarts the authenticator processes
(restart maybe not the right term), as follows:

2014-10-29T10:45:02.528245+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.529490+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.538002+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.539020+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.550401+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.551314+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.559424+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.560442+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.569961+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.570984+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.578951+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.579863+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.588642+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.589484+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.599002+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.599918+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.609309+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.610286+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.619248+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.620409+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.629324+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.630359+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.639402+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.640348+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes
2014-10-29T10:45:02.649164+01:00 yel1swa208 squid[29306]: Starting new
ntlmauthenticator helpers...
2014-10-29T10:45:02.650165+01:00 yel1swa208 squid[29306]:
helperOpenServers: Starting 1/800 'ntlm_auth' processes

Not sure if is a result of this, but after 10-20 mins the authentication
process with ntlm slows down terribly (tested with wbinfo -t), and the
users have some serious problem with the navigation.

Follows the relevant part of squid.conf:

# Ntlm Auth
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp --debuglevel=0
auth_param ntlm children 800
#auth param ntlm keep_alive off
authenticate_ttl 3 hour
authenticate_ip_ttl 3 hour

# Base Auth
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 200
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

And the relevant part of smb.conf:

allow trusted domains = Yes
winbind nested groups = Yes
wins server = x.x.x.x
winbind uid = 40000-90000000000000
winbind gid = 4000-100000000000000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 1000
winbind max clients = 600

The kerberos and samba authentication works perfectly, as follows:

wbinfo -t
checking the trust secret for domain YEL via RPC calls succeeded

Any idea of why this? Please is pretty urgent to solve, it causing big
problems...

Cordially,

Claudio.



More information about the squid-users mailing list