Re: [squid-users] Squid and NTLM Error from Amos Jeffries on 2009-03-18 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 19 Mar 2009 00:43:14 +1300

Phibee Network Operation Center wrote:
> Hi
>
> i have a lot of error into my cache.log of squid:
>
>
> 2009/03/16 07:44:47| WARNING: up to 149 pending requests queued
> 2009/03/16 07:44:47| Consider increasing the number of ntlmauthenticator
> processes to at least 184 in your config file.
> 2009/03/16 07:45:17| WARNING: All ntlmauthenticator processes are busy.
> 2009/03/16 07:45:17| WARNING: up to 156 pending requests queued
> 2009/03/16 07:45:17| Consider increasing the number of ntlmauthenticator
> processes to at least 191 in your config file.
> 2009/03/16 07:45:32| storeDirWriteCleanLogs: Starting...
> 2009/03/16 07:45:32| Finished. Wrote 0 entries.
> 2009/03/16 07:45:32| Took 0.0 seconds ( 0.0 entries/sec).
> FATAL: Too many queued ntlmauthenticator requests (176 on 35)
> Squid Cache (Version 2.6.STABLE1): Terminated abnormally.
> CPU Usage: 110.491 seconds = 56.740 user + 53.751 sys
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 0
> Memory usage for squid via mallinfo():
> total space in arena: 9240 KB
> Ordinary blocks: 7030 KB 243 blks
> Small blocks: 0 KB 0 blks
> Holding blocks: 224 KB 1 blks
> Free Small blocks: 0 KB
> Free Ordinary blocks: 2209 KB
> Total in use: 7254 KB 79%
> Total free: 2209 KB 24%
>
>
>
>
> I think's it's this config:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 35
> #auth_param ntlm use_ntlm_negotiate on
> #auth_param ntlm max_challenge_reuses 0
> #auth_param ntlm max_challenge_lifetime 10 minutes
>
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 15
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
>
>
> Correct ?
> What is the best configuration for NTLM ?

NTLM helpers are blocking processes. You need at least one per
concurrent client at your peak load times.

Using "ntlm credentialsttl" and following Squids advice on how many
children to configure to match your peak load is the best we can say.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE13
   Current Beta Squid 3.1.0.6

Received on Wed Mar 18 2009 - 11:42:33 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 18 2009 - 12:00:02 MDT