2011/10/13 Francesco <frantz_at_itcserra.net>:
> Hello,
>
> in a proxy server with some hunderds of users, i experience temporary
> problems with ntlm authentication; Squid says access deny for some
> minutes, then everything returns working without any actions.
>
> In cache.log i noticed these errors:
> AuthNTLMUserRequest::authenticate: attempt to perform authentication
> without a connection!
>
> I raised up the per-process max open files to 4096; do you think i am low
> of authenticator process (200)?
> Could it be this the problem?
>
> I have no cache on ntlm auth helper...
>
> Thank you,
> Francesco
>
HELO Franchesco,
My first toughts is you shall consider a ntlm cache, about 5 minutes.
The fact is, that NTLM authentication does not work as basic
authentication. I mean, in basic authentication, once the browser
sends credentials, it always send credentials each time without
requesting them again. In ntlm, as my understanding, it is quite
different, browsers after a lapse of time will stop sending
credentials (the hash). So a cache will really offload the samba/AD
you are forwarding auth requests.
Taking as a reference your message, and without other evidence, i
guess problem is not between browser-squid, it could be
squid-ad/samba.
LD
http://www.twitter.com/ldlq
Received on Thu Oct 13 2011 - 13:49:40 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 13 2011 - 12:00:04 MDT