How many users is this serving?
The simple answer -- Increase the amount of authenticators to maybe 20
children, from 15.
>>> David Kleinman <dkleinm_at_gmail.com> 3/25/2011 4:47 PM >>>
Hello,
I'm seeing the dreaded "All ntlmauthenticator processes are busy" error
2-3
times a week which I can fix by restarting squid but the proxy only
stays up for
a few days at a time.
This is our very simple squid.conf file
acl snmppublic snmp_community test
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_port 192.168.3.100:80
http_port 192.168.3.100:3128
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
# redirector_bypass off
url_rewrite_program /usr/local/squidGuard/bin/squidGuard -c
/usr/local/squidGuard/squidGuard.conf
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname proxy.test.com
snmp_port 3401
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 15
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 15
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
acl NTLMUsers proxy_auth REQUIRED
http_access allow all NTLMUsers
Any suggestions to tune this to reduce the NTLM authentication error?
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."
Received on Fri Mar 25 2011 - 21:02:29 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 26 2011 - 12:00:02 MDT