Re: [squid-users] Squid and polygraph from Adrian Chadd on 2008-08-02 (squid-users)

From: Adrian Chadd <adrian_at_freebsd.org>
Date: Sun, 3 Aug 2008 00:29:56 +0800

Right; and what happens when you disable authentication in Squid and
polygraph? Does it cope fine?

Samba/Winbind are known to not handle high authentication transaction
rates. Well, 200/sec isn't "high" to me..

If it works fine without NTLM authentication but fails when you try
using it, then I'd point fingers at Samba/Winbind. There's a
hard-coded default of 200 concurrent "connections" to winbind in the
winbind source; I thought they were going to improve that. Anyway, if
its fine without NTLM auth but slow with it enabled I'd go ask the
Samba team about it.

In the meantime, there's a workaround - you can enable uhm,
authenticate_ip_shortcircuit_ttl and
authenticate_ip_shortcircuit_access.

Adrian

2008/8/1 Marcos Dutra <macdutra_at_gmail.com>:
> Hi Adrian,
>
> Well I ran polygraph with polymix 4 based in cacheboy statistics and
> added ntlm auth, I look squidclient mgr:ntlmauthenticator and the
> process are busy after minutes and the polygraph die when all 200
> process are busy.
> When one process of auth is busy, don't open nothing! I tested open
> any page in firefox in this situation.
> My samba configuration is simple, bellow the conf.
>
> [global]
> workgroup = MARCOS
> netbios name = PROXY-TEST
> realm = AD.MARCOS
> server string = Marcos server test
> security = ADS
> encrypt passwords = Yes
> password server = TEST.AD.MARCOS
> log file = /var/log/samba/%m.log
> log level = 3
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> preferred master = False
> local master = No
> domain master = False
> dns proxy = No
> wins server = TEST.AD.MARCOS
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap uid = 10000-20000
> idmap gid = 10000-20000
> client schannel = no
>
> Thanks.
> Marcos
>
>
> 2008/8/1 Adrian Chadd <adrian_at_freebsd.org>:
>> 2008/8/1 Marcos Dutra <macdutra_at_gmail.com>:
>>> I tested squid and cacheboy with polymix4 and I have a problem, my
>>> ntlm authentication has 200 connections but polymix used all
>>> connections and not open any site because this. How can I optimize
>>> this?
>>
>> Hm, whats the error?
>>
>> You may need to look at tuning your Samba configuration..
>>
>>
>>
>> adrian
>>
>
>
Received on Sat Aug 02 2008 - 16:29:58 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:02:43 MDT