>
> hi.
>
> i've successfully got squid authenticating against our ad domain, and the
> restrictions on the squid server itself are by nt group membership.
>
> i'm noticing that there is a heck of a lot of activity by the
> authenticating perl program when i run 'top'.
>
> i've included the relevant lines from my squid.conf- is there something i
> ought to change here to enable better performance? presently it runs
> slower than our isa server and is on similar spec hardware. i wondered if
> there was some way of increasing the time it remembers a users details
> without re-querying the server?
>
> thanks
>
> john
>
>
> #nt auth
>
> auth_param ntlm program /usr/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 15
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 60 minutes
>
> auth_param basic program /usr/samba/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm SuperSquid
> auth_param basic credentialsttl 2 hours
>
> external_acl_type nt_group ttl=0 concurrency=20 %LOGIN
> /usr/squid/libexec/wbinfo_group.pl
Remove the ttl=0 parameter from your external_acl_type nt_group. Results
should then be cached for 3600 seconds. Normally user to group relations
don't change that often that you need that short ttl.
cheers.roman
Received on Wed Jun 29 2005 - 09:49:33 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:03 MDT