[squid-users] Squid Samba 4 and ntlm_auth concurrency question

David Webb d.webb at mdx.ac.uk
Sat Aug 20 13:34:12 UTC 2016


I'm currently using the binary version of squid provided by yum with 
RHEL 7.2  (3.3.8) with Samba 4's  winbind ntlm_auth to authenticate 
against AD which is working fine

auth_param negotiate program /usr/bin/ntlm_auth --helper-protocol=gss-spnego
auth_param negotiate children 250  startup=2 idle=1
auth_param negotiate keep_alive off
#
auth_param ntlm program /usr/bin/ntlm_auth 
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 250  startup=2 idle=1
auth_param ntlm keep_alive off
#

However I'm wondering if I can reduce the number of  ntlm_auth processes 
created by introducing some concurrency.

I've seen mention of helper-mux.pl but from what I've seen on the web 
I'm not sure if this will work with negotiate and ntlm.
Also it  looks like in the future with Squid 4  helper-mux.pl is being 
retired.
I've also seen some mention of Samba 4 building in some concurrency 
itself into ntlm_auth but I'm not sure that this is fully supported.

So my question is what is the current state of play for squid 3.x (and 
upcoming squid 4) with respect to negotiate and ntlm concurrency with 
samba4 ?


-- 

David Webb  (CISSP-ISSAP)
Information Systems Security Architecture Professional
IT Security team leader
CCSS
Middlesex University




---------------------------------------------------------------------------


Please note that all incoming post to Middlesex University is opened and scanned by our digital document handler and then emailed to the recipient. If you do not want your correspondence to processed in this way please email the recipient directly. Parcels, couriered items and recorded delivery items will not be opened or scanned.  



More information about the squid-users mailing list