On Mon, 4 Oct 2004, Rodrigo Delgadinho wrote:
> I have tried to use the follow conf:
>
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
You need a lot more than 5 here for production use, but it is not
related to your exact problem reported below..
> and some users could authenticate on the AD but others had problem.
> I incresed the numbers of childrens for the auth_ntlm and
> external_acl gradually until the error has gone:
Correct.
> auth_param ntlm children 50
> auth_param basic children 50
> external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN
> /usr/local/squid/libexec/wbinfo_group.pl
You whould not need this many wbinfo_group helpers I think. Generally you
should require fewer external_acl helpers than ntlm helpers.
One thing which should help is to increase the ttl.
> The problem after that was that de CPU utilization went to 100%, and
> he users got stucked due access performace. The average proccess
> number of the server went to 400. I have tryed something to decrease
> the CPU utilization, as stripped the header of wbinfo, and took of
> logging, but without success.
Which process is causing the 100% CPU?
You can try
half_closed_clients off
this has helped very many with 100% CPU problems, but is not at all
realted to the authentication/authorization helper questions above.
Regards
Henrik
Received on Tue Oct 05 2004 - 10:03:31 MDT
This archive was generated by hypermail pre-2.1.9 : Mon Nov 01 2004 - 12:00:01 MST