[squid-users] SQUID - WINDBIND - very slow internet speed
Alex Rousskov
rousskov at measurement-factory.com
Fri Jul 26 14:11:20 UTC 2024
On 2024-07-26 03:31, Francesco Chemolli wrote:
> Have you considered
> https://wiki.squid-cache.org/Features/HelperMultiplexer
Just in case you do not know how to find the actual helper program
described on the above page, it is installed as libexec/helper-mux. That
helper has a manual page.
HTH,
Alex.
> On Fri, 26 Jul 2024 at 8:23 AM, Andrey K wrote:
>
> Hello, Andre,
>
>
> > How to know if the helper supports concurrent requests?
> You are using /usr/bin/ntlm_auth, and, as far as I know, it does not
> support concurrency. But I do not know other ntlm-authentication
> helpers.
>
> > winbindd: Exceeding 500 client connections, no idle connection found
> > I will increase this value to check if help to settle the issue
> I think it will only hide the problem.
> In my opinion, it is betterto followthe Alex's adviceandreducethe
> numberof ntlm-helpers. It should prevent exceeding the maximum
> winbind client connections error messages.
> The actual number of required ntlm-helpers can be obtained during
> the working day.
> ps -ef | grep ntlm_auth | grep -v wrapper | grep -v basic | wc -l
> You can divide this number by the number of workers and add some
> spare ones.
>
> When the problem appears again, you can follow the advice of Francesco:
> > In order to bisect the problem, could you try using `wbinfo -a` on one
> > of the affected machiens to authenticate against Active Directory and
> >see if the performance is on the winbindd <-> AD side of the equation
> > on on the squid <-> ntlm_auth side?
> sudo wbinfo -t
> sudo wbinfo -a "DOMAIN\username%password"
> Kind regards,
> Ankor.
>
>
>
>
> чт, 25 июл. 2024 г. в 17:43, Andre Bolinhas
> <andre.bolinhas at articatech.com <mailto:andre.bolinhas at articatech.com>>:
>
> __
>
> Hi
> We have 5 squid workers, we need to handle around 8k concurrent
> users.
>
> Based on this, what's the auth_param values that you recommend
> for children, idle and startup?
> How to know if the helper supports concurrent requests?
>
>> winbindd: Exceeding 500 client connections, no idle connection
>> found
> I will increase this value to check if help to settle the issue
>
>
> On 25/07/2024 14:28, Alex Rousskov wrote:
>> On 2024-07-23 19:20, Andre Bolinhas wrote:
>>> winbindd: Exceeding 500 client connections, no idle
>>> connection found
>>
>>> auth_param ntlm children 500 ...
>>
>> I know virtually nothing about WINDBIND and the authentication
>> helper you are using, but configuring Squid to have 500 helper
>> processes is usually a mistake, even with a single Squid
>> worker. YMMV, but I would try to use a lot fewer helpers
>> (e.g., 10) and increase that number only if such an increase
>> actually improves things.
>>
>> If possible, use a helper that supports concurrent requests.
>>
>> If your Squid is not competing for resources with other
>> applications on the server, then I also recommend keeping a
>> _constant_ number of helper processes (instead of asking Squid
>> to start many new helper processes at the worse possible time
>> -- when the load on Squid increases). To do that, make startup
>> and idle parameters the same as the maximum number of children.
>>
>>
>> HTH,
>>
>> Alex.
>> P.S. The credit for highlighting the correlation between
>> winbindd errors and "auth_param ntlm children 500" goes to
>> Andrey K.
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> <mailto:squid-users at lists.squid-cache.org>
>> https://lists.squid-cache.org/listinfo/squid-users
>> <https://lists.squid-cache.org/listinfo/squid-users>
> ____
>
More information about the squid-users
mailing list