Hi Adrian,
2008/8/2 Adrian Chadd <adrian_at_freebsd.org>:
> Right; and what happens when you disable authentication in Squid and
> polygraph? Does it cope fine?
I disabled ntlm auth and acl with regex sites and squid work fine.
With ntlm and acl I saw cpu time in mgr info go up 99%, then I this is
a problem when I have much connections.
Well I enabled in my conf only ntlm auth without acl regex, and
enabled samba logs and I have this problem:
[2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
could not obtain winbind netbios name!
[2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
could not obtain winbind netbios name!
[2008/08/04 15:32:39, 0] utils/ntlm_auth.c:get_winbind_netbios_name(172)
could not obtain winbind netbios name!
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x10922a8'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x108e128'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x10901e8'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x1094368'.
2008/08/04 15:32:39| AuthenticateNTLMHandleReply: invalid callback
data. Releasing helper '0x1096428'.
>
> Samba/Winbind are known to not handle high authentication transaction
> rates. Well, 200/sec isn't "high" to me..
>
> If it works fine without NTLM authentication but fails when you try
> using it, then I'd point fingers at Samba/Winbind. There's a
> hard-coded default of 200 concurrent "connections" to winbind in the
> winbind source; I thought they were going to improve that. Anyway, if
> its fine without NTLM auth but slow with it enabled I'd go ask the
> Samba team about it.
I will ask to samba list, thanks....
>
> In the meantime, there's a workaround - you can enable uhm,
> authenticate_ip_shortcircuit_ttl and
> authenticate_ip_shortcircuit_access.
>
I used squid version 2.6.5 and I think this options above don't work,
I used authenticate_ip_ttl to cache authentication.
Thanks for all.
Received on Mon Aug 04 2008 - 19:39:55 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 05 2008 - 01:02:43 MDT