>From: Serassio Guido <guido.serassio_at_dont-contact.us>
>Date: Fri, 24 Jun 2005 09:37:06 +0200
>
>Hi,
>
>This behaviour is correct by Microsoft NTLM design. When negotiated,
>NTLM authentication cannot be cached:
>You are using "use_ntlm_negotiate on", so every Challenge/Response
>request must be handled from Winbind.
>
>When using "use_ntlm_negotiate on", max_challenge_reuses and
>max_challenge_lifetime are not (and cannot be) used.
>
>This is the only stable configuration using NTLM, disabling
>use_ntlm_negotiate is a worst option.
>
>Regards
>
>Guido
>
Hello,
I want to know if this is true. I have Squid 3.0.STABLE10 on Centos
and I successfully implemented an NTLM transparent authenticator for
my proxy users.
The problem is that my NTLM auth helper has very intense activity
compared with my external acl helpers.
Here's the details:
NTLM Authenticator Statistics:
program: /usr/bin/ntlm_auth
number running: 10 of 10
requests sent: 5539
replies received: 5539
queue length: 0
avg service time: 0 msec
while:
External ACL Statistics: ad_group
Cache size: 155
program: /usr/lib/squid/squid_ldap_group
number running: 5 of 5
requests sent: 230
replies received: 230
queue length: 0
avg service time: 3 msec
and
External ACL Statistics: host_ad_group
Cache size: 112
program: /usr/lib/squid/hostname.pl
number running: 5 of 5
requests sent: 162
replies received: 162
queue length: 0
avg service time: 50 msec
So I think the external ACL's can successffuly cache the requests
while the ntlm auth can't.
I specified in squid.conf
authenticate_ttl 1 hour
authenticate_ip_ttl 30 minutes
and at the external acls ttl=1800.
What is the problem? And how can I reduce the AD query number?
Thank you!
Razvan
Received on Mon Jan 12 2009 - 11:30:55 MST
This archive was generated by hypermail 2.2.0 : Mon Jan 12 2009 - 12:00:02 MST