> This is with Squid 2.5.STABLE3 and Samba 2.2.8a. NTLM authentication is
> working for the most part, but every so often a user is prompted with a
> basic password for some reason.
Two possible causes:
1) Not enough NTLM auth helpers
2) Response from auth server is taking too long
> In squid.conf I have
> auth_param ntlm program /usr/lib/squid/wb_ntlmauth
> auth_param ntlm children 10
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> This is with only 20 users...
If you go into the Cache Manager CGI, there is a section on NTLM User
Authenticator Stats. It will give you data (since the last
start/reconfigure) on the number of helpers, requests, and replies, the
current queue length, the average service time, and (for each helper) the
number of requests filled, the number of requests deferred, and the time
since the last request was made.
What is that showing? That would be the best clue as to where the problem
lies.
As an example, our network (with about 25 active users on average) is using
8 NTLM auth helpers. The first 3 helpers handle 88% of the requests (the
first helper alone handles 76%), and we have no deferred requests and an
average service time of 0 msec.
Right now, my best guess is that your authentication server is becoming
overloaded and replies are taking too long. This causes the auth helpers to
block, and eventually Squid will queue requests.
Adam
--- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.237 / Virus Database: 115 - Release Date: 3/7/2001
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:47 MST