[squid-users] Apple Computers jam my NTLM Helpers. from Jonathan Chretien on 2008-06-05 (squid-users)

From: Jonathan Chretien <jonathan_chretien_at_hotmail.com>
Date: Thu, 5 Jun 2008 15:16:27 -0400

Hello.

Proxy: squid-2.6.STABLE19-1.fc8 | SquidGuard 1.3
Os: Fedora 8
All latest fedora update.

I have a strange problem.

My squid proxy server is configured with NTLM Helper (/usr/bin/ntlm_auth). My proxy is linked with my Active Directory. I have two domain controler, 1 is a Windows 2000 and the other is a Windows 2003 server. Everything is working well. I have no wait time with the authentication between my linux box and my Active Directory. If I do a "wbinfo -u" or "wbinfo ....) I get the answer in less than 1 second. My wbinfo_group.pl is working like my "wbinfo -u", very fast. Our windows computers surf on the internet without problem.

I have 15 NTLM helper that serve presently about 60 users. We are currently deploying the server. At the end, I will have something like 150 users.

Yesterday, I decided to configure my Macintosh computers, about 11 on my proxy. Everytime a Macintosh contact the internet to access a web site, the Macintosh jam around 4-5 NTLM helper for a period of 10 second to 1 minutes for each. After, the helper are released by the Macintosh Computer one by one. You can understand now the problem that I got. With only 15 helpers and 11 macs on the internet at lunch time, all helpers are jammed in a status of R (RESERVED OR DEFERRED). All other users need to wait until a NTLM helper is available. This cause, a wait time to high and squid crash and restart.

Why the macintosh computer jam my NTLM helper when our Windows computers are working fine and don't jam any NTLM helpers like the Macintosh computer do ?

I did a little bypass of my configuration. I configured all mac with a static IP Address and all computer that are in that Ip Address range are not authenticated.

Can someone help me to find my problem and to solve it ?

I really need my Macintosh user to be Authenticated. Even if they use Safari, Internet Explorer or Firefox, I got this problem.

Thanks

Jonathan
It Technician.
_________________________________________________________________
Received on Thu Jun 05 2008 - 19:16:35 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 06 2008 - 12:00:03 MDT