On 9/07/2012 9:13 p.m., Jason Leschnik wrote:
> Hey all,
>
> Just curious about what size your user base is compared to how many
> children processes you have for ntlm authentication. We found with
> 1000-1500 users that 30 children was no enough, resulting in cache.log
> queue warnings. So what combination have you found reasonable?
For NTLM the theoretical ideal is about 4 helpers per active user
(ouch!), just because of the extremely inefficient way it works. As you
cut down the ratio of helpers:users from that the user-visible lag
becomes longer. So yes a few dozen heleprs for a thousand users is
nowhere near enough. It's not uncommon to see a few hundred NTLM helpers
in one Squid instance for your user levels.
Try making that 100 helper children and see what the loading is. The
low numbered helepers will get a lot of requests tailing off to least
load on the 100th helper.
If you have a choice go for Kerberos instead or as first preference over
NTLM.
Amos
Received on Mon Jul 09 2012 - 11:28:51 MDT
This archive was generated by hypermail 2.2.0 : Mon Jul 09 2012 - 12:00:01 MDT