Re: [squid-users] Squid with Kerberos auth

From: Wladner Klimach <wladner_at_gmail.com>
Date: Mon, 19 Dec 2011 16:40:48 -0200

Look at this:

Every 2.0s: lsof -i :3128
                                                               Mon Dec
19 16:38:22 2011

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
squid 20367 squid 12u IPv6 2474452 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4225
(ESTABLISHED)
squid 20367 squid 18u IPv6 2473286 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4202
(ESTABLISHED)
squid 20367 squid 22u IPv6 2474474 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4229
(ESTABLISHED)
squid 20367 squid 24u IPv6 2473304 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4204
(ESTABLISHED)
squid 20367 squid 28u IPv6 2473756 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4210
(ESTABLISHED)
squid 20367 squid 34u IPv6 2474462 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4227
(ESTABLISHED)
squid 20367 squid 38u IPv6 2474457 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4226
(ESTABLISHED)
squid 20367 squid 42u IPv6 2474467 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4228
(ESTABLISHED)
squid 20367 squid 44u IPv6 2474477 0t0 TCP
trotsky.redecamara.camara.gov.br:squid->cainf-269642.redecamara.camara.gov.br:4230
(ESTABLISHED)
squid 20367 squid 156u IPv6 2472223 0t0 TCP *:squid (LISTEN)

Is only has IPV6 conection types. Is this a problem or point a
possible bottleneck ?

2011/12/19 Wladner Klimach <wladner_at_gmail.com>:
> Amos,
>
> how can I check if the keep alive is really working? Another thing, is
> it normal behavior the cpu usage being hit 98% usage during one domain
> download page? Could it be just hardware limitation? If so, this is a
> very awkward situation because there's no severe load upon squid cause
> only I using it.
>
> Regards,
>
> Wladner
>
> 2011/12/14 Amos Jeffries <squid3_at_treenet.co.nz>:
>> On Wed, 14 Dec 2011 13:22:38 -0200, Wladner Klimach wrote:
>>>
>>> Hello,
>>>
>>> i'm running squid with kerberos authentication. The problem is that
>>> it's runing too slow. Looks like squid is negotiating with AD every
>>> URL it tries to get. Anyone could point me a way out?
>>
>>
>> A few things:
>>
>>  * Double-check that you have connection persistence (keep-alive) operating
>> on all connections (both client and server).
>>
>>  * Ensure that your squid is as recent as you can use, we have had ongoing
>> small fixes to improve persistence across all releases this past year.
>>
>>  * Check that the auth packets are not failing over into NTLM or older
>> protocols in apps which are supposed to be on Kerberos.
>>
>>  * Maybe also check that DNS lookups Kerberos depends on for DC location are
>> responding fast with reasonable TTL.
>>
>> Amos
>>
Received on Mon Dec 19 2011 - 18:40:57 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 20 2011 - 12:00:03 MST