On 18/10/2012 2:57 a.m., Noc Phibee Telecom wrote:
> Hi
>
> We use squid with Active Directory authentification. for a medium site
> ~1000 users connected in same time,
> what is the best value :
>
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 50
> auth_param ntlm keep_alive on
>
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 50
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> external_acl_type AD_Group children=50 concurrency=50 ttl=3600
> negative_ttl=900 %LOGIN /usr/lib64/squid/wbinfo_group.pl
>
> cache_peer 127.0.0.1 parent 8081 0 proxy-only no-query
> weight=100 connect-timeout=15 login=*:password
> cache_mem 16 MB
>
>
>
>
>
> Children 50, it's correct or to hight ?
Your cache manager helpers report will indicate whether the helpers are
utilized well or are being over/under loaded.
You should see the pattern of helper #1 being loaded heavily down to the
last few helpers not serving any traffic at all.
If the last helpers are facing many requests you will need more children
OR more concurrency.
NP: the basic auth helpers can face concurrency - you just have to find
the samba helpers options to accept it. The NTLM auth interface does not
yet support it.
> concurrency and ttl ?
Entirely up to you.
> cache_mem ?
Again entirely up to you. Could be zero if you wanted no RAM cache, or
anything larger which your box can handle for faster response times from
in-memory objects.
Amos
Received on Fri Oct 19 2012 - 06:39:18 MDT
This archive was generated by hypermail 2.2.0 : Fri Oct 19 2012 - 12:00:05 MDT