Re: [squid-users] Squid and polygraph from Adrian Chadd on 2008-08-04 (squid-users)

From: Adrian Chadd <adrian_at_freebsd.org>
Date: Tue, 5 Aug 2008 06:11:49 +0800

Try squid-2.7 for those options.

Also, try no NTLM and with ACLs, see if you hit high CPU use there.

adrian

2008/8/5 Marcos Dutra <macdutra_at_gmail.com>:
> Hi Adrian,
>
> 2008/8/2 Adrian Chadd <adrian_at_freebsd.org>:
>> Right; and what happens when you disable authentication in Squid and
>> polygraph? Does it cope fine?
>
> I disabled ntlm auth and acl with regex sites and squid work fine.
> With ntlm and acl I saw cpu time in mgr info go up 99%, then I this is
> a problem when I have much connections.
>
> Well I enabled in my conf only ntlm auth without acl regex, and
> enabled samba logs and I have this problem:
>
> [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
> could not obtain winbind netbios name!
> [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
> could not obtain winbind netbios name!
> [2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
> could not obtain winbind netbios name!
> 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x10922a8'.
> 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x108e128'.
> 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x10901e8'.
> 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x1094368'.
> 2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
> data. Releasing helper '0x1096428'.
>
>>
>> Samba/Winbind are known to not handle high authentication transaction
>> rates. Well, 200/sec isn't "high" to me..
>>
>> If it works fine without NTLM authentication but fails when you try
>> using it, then I'd point fingers at Samba/Winbind. There's a
>> hard-coded default of 200 concurrent "connections" to winbind in the
>> winbind source; I thought they were going to improve that. Anyway, if
>> its fine without NTLM auth but slow with it enabled I'd go ask the
>> Samba team about it.
>
> I will ask to samba list, thanks....
>
>
>>
>> In the meantime, there's a workaround - you can enable uhm,
>> authenticate_ip_shortcircuit_ttl and
>> authenticate_ip_shortcircuit_access.
>>
>
> I used squid version 2.6.5 and I think this options above don't work,
> I used authenticate_ip_ttl to cache authentication.
>
> Thanks for all.
>
Received on Mon Aug 04 2008 - 22:11:52 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:02:43 MDT