Stacker Hush wrote:
> Thanks for the answer.
>
> To enable HTTP/1.1 is in my case the right way is changing the lines below:
>
> http_port 127.0.0.1:3128 transparent http11
NTLM (or any authentication) on the "transparent" interception port will
not work anyway.
As Henrik said the client-facing HTTP/1.1 is very experimental and
broken in a few small but annoying ways so avoiding it on this port is a
good thing.
> http_port 8080 http11
Just the above by itself enables HTTP/1.1 for client connections to the
proxy.
> cache_peer 127.0.0.1 parent 8081 0 no-query login=*:nopassword http11
Only affects connections to that one peer.
"server_http11 on" is the other setting to do HTTP/1.1 for DIRECT
connections to general web servers.
persistent connections also need to be turned on for both client and
servers for NTLM auth to have a chance.
>
> From: Henrik Nordström <henrik_at_henriknordstrom.net>
> Date: 2010/7/13
> Subject: Re: [squid-users] ntlm locking user accounts in 2003 AD
> To: Stacker Hush <stackerhush_at_gmail.com>
> Cc: squid-users_at_squid-cache.org
>
>
> mån 2010-07-12 klockan 12:03 -0300 skrev Stacker Hush:
>
>> The problem is when some user request webpages i have alot with of 680
> EVENT
>> (logon) in Windows events/security, with seconds of interval
> This is normal and by design of Microsoft NTLM authentication. Every new
> TCP connection by the client to the proxy requires an new NTLM logon
> handshake.
>
> The rate of this is reduced a fair bit if you enable HTTP/1.1 support to
> clients (2.7 required). But be warned that the HTTP/1.1 client support
> in 2.7 is quite experimental.
>
>> and sometimes
>> the user account are locked.
> That's not normal.
>
> Regards
> Henrik
>
>
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.5Received on Sat Jul 17 2010 - 05:13:36 MDT
This archive was generated by hypermail 2.2.0 : Sat Jul 17 2010 - 12:00:03 MDT