On Mon, 18 Oct 2010 20:27:47 -0300, Guido Marino Lorenzutti
<glorenzutti_at_jusbaires.gov.ar> wrote:
> Amos Jeffries <squid3_at_treenet.co.nz> escribió:
>
>> On Mon, 18 Oct 2010 22:54:42 +0000, "Tharanga Abeyseela (RGA)" wrote:
>>> Hi,
>>>
>>> I tried to start squid in the offpeak time there were only 35 users,
but
>>> still its says Too many queued ntlmauthenticator requests, and
terminate
>>> the squid process.
>>>
>>> My domain is connected to several other domains (trusted domains) can
it
>>> cause this issue ?
>>>
>>>
>>> Following are the error messages on log files.
>>>
>>> Squid Parent: child process 15206 exited with status 1
>>> Oct 18 19:47:29 rapsydprox2 squid[15204]: Squid Parent: child process
>>> 20806 exited due to signal 15
>>>
>>> 2010/10/18 19:47:10, 2] winbindd/winbindd.c:872(remove_client)
>>> final write to client failed: Broken pipe
>>> [2010/10/18 19:47:10, 0]
>>> winbindd/winbindd.c:954(winbindd_listen_fde_handler)
>>> winbindd: Exceeding 200 client connections, no idle connection found
>>
>> Ouch. So your problem then is that your Squid receives greater than
*200*
>> concurrent *new* TCP connections (per second or so) with only 35 users.
>> This is about double the maximum number of concurrent connections
modern
>> web browser make to proxies (4-6).
>> * Make sure that your squid.conf has at least
>> client_persistent_connections and server_persistent_connections turned
>> on.
>> It might reduce this a little bit.
>> * check your squid.conf http_access listing order. Make as many
>> rejections as possible before testing for auth. This will usually have
a
>> chain reaction down to increased average service times.
>>
>> Note that squid-3.0 does not have "connection pinning" which is
required
>> to connect to anything on the other side of Squid with NTLM.
Connections
>> *to* Squid with NTLM only required persistent connections.
>>
>> I really strongly urge you move to 3.1.8. We have done a lot of work to
>> make connections more persistent since 3.0 was released.
>>
>
> Amos: Im experiencing slowness with 2.7 and ntlm. Are you suggesting
> that if I upgrade to 3.1.8 this should improve? I known for a fact
> that the problem is ntlm.
2.7 is the end product of a fork and lot of patches on top of 2.5. Some of
which is still attempting to get combined/ported back into the 3.x series.
2.7 is more parallel with 3.1 so the improvement for you may be none or
small.
"Tharanga Abeyseela" is likely struggling with 3.0 problems which enhance
the problems NTLM has anyway.
Amos
Received on Tue Oct 19 2010 - 00:08:21 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 19 2010 - 12:00:02 MDT