[squid-users] ntlm_auth credentials not being cached

Hey,
  I'm not sure what is going on here, but my clients tend to get denied
twice for
Every request. I would expect this for the first time the client
requested
A resource, not on every subsequent request. The log below shows this
activity.

Because of this squid tends to appear sluggish.

Critical parts of the config are below, but I'm unsure if the
max_ntlm_challenge_lifetime
Has anything to do with it.

The only valuable information google has about it is from
Henrik Nordstrom in
http://www.mail-archive.com/squid-users@squid-cache.org/msg10991.html
who wrote:
>> auth_param ntlm max_challenge_reuses 0 - ?
>
>This is a hack that will disappear in a later version. To reduce the
load
>on the helpers Squid allows reuse of the same NTLM challenge in
multiple
>sessions.
>
> auth_param ntlm max_challenge_lifetime 2 minutes - ?
>
>Belongs with the above hack..
>
>Regards
>Henrik

The config I have is from examples all over the internet, so I am unsure
if this is
Normal behaviour.

I am running redhat linux Enterprise server 3
samba-3.0.9-1.3E.2
squid-2.5.STABLE3-6.3E.7

Adam

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 20 minutes

acl Authorized-Users proxy_auth REQUIRED
http_access allow Authorized-Users

1108444177.667 0 172.16.8.59 TCP_DENIED/407 1673 GET
http://www.google.com.au/ - NONE/- text/html
1108444177.670 0 172.16.8.59 TCP_DENIED/407 1743 GET
http://www.google.com.au/ - NONE/- text/html
1108444178.292 623 172.16.8.59 TCP_MISS/200 3092 GET
http://www.google.com.au/ aclark DIRECT/64.233.187.104 text/html
1108444190.448 0 172.16.8.59 TCP_DENIED/407 1661 GET
http://www.yahoo.com/ - NONE/- text/html
1108444190.453 1 172.16.8.59 TCP_DENIED/407 1731 GET
http://www.yahoo.com/ - NONE/- text/html
1108444191.356 0 172.16.8.59 TCP_DENIED/407 1784 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/hdr_trees.gif - NONE/-
text/html
1108444191.356 0 172.16.8.59 TCP_DENIED/407 1784 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/img_trees.jpg - NONE/-
text/html
1108444191.362 0 172.16.8.59 TCP_DENIED/407 1854 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/hdr_trees.gif - NONE/-
text/html
1108444191.364 2 172.16.8.59 TCP_DENIED/407 1854 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/img_trees.jpg - NONE/-
text/html
1108444191.373 0 172.16.8.59 TCP_DENIED/407 1778 GET
http://us.i1.yimg.com/us.yimg.com/i/tv/onedayatatime104c.jpg - NONE/-
text/html
1108444191.376 0 172.16.8.59 TCP_DENIED/407 1848 GET
http://us.i1.yimg.com/us.yimg.com/i/tv/onedayatatime104c.jpg - NONE/-
text/html
1108444191.544 167 172.16.8.59 TCP_MISS/200 2983 GET
http://us.i1.yimg.com/us.yimg.com/i/tv/onedayatatime104c.jpg aclark
DIRECT/61.9.129.144 image/jpeg
1108444191.579 1125 172.16.8.59 TCP_MISS/200 42391 GET
http://www.yahoo.com/ aclark DIRECT/66.94.230.45 text/html
1108444191.583 218 172.16.8.59 TCP_MISS/200 668 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/hdr_trees.gif aclark
DIRECT/61.9.129.201 image/gif
1108444191.615 250 172.16.8.59 TCP_MISS/200 7078 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/tr/05q1/img_trees.jpg aclark
DIRECT/61.9.129.201 image/jpeg
1108444191.628 83 172.16.8.59 TCP_MISS/200 1640 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/ml/04q4/hdrtop_prot.gif aclark
DIRECT/61.9.129.144 image/gif
1108444191.701 60 172.16.8.59 TCP_MISS/200 1440 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/ml/04q4/imgbot_prot.gif aclark
DIRECT/61.9.129.201 image/gif
1108444191.714 66 172.16.8.59 TCP_MISS/200 1977 GET
http://us.i1.yimg.com/us.yimg.com/i/mntl/sh/05q1/0126_cc.gif aclark
DIRECT/61.9.129.201 image/gif
1108444192.057 402 172.16.8.59 TCP_MISS/302 518 GET
http://view.atdmt.com/TCH/view/yhxxxmcd0120000020tch/direct/01/ aclark
DIRECT/64.14.128.201 -
1108444192.450 393 172.16.8.59 TCP_MISS/200 280 GET
http://spe.atdmt.com/images/pixel.gif aclark DIRECT/65.170.56.5
image/gif
Received on Mon Feb 14 2005 - 22:34:24 MST