Re: [squid-users] Connection error

From: Senthilkumar <senthilkumaar2021_at_gmail.com>
Date: Mon, 31 Jan 2011 11:14:38 +0530

Thank you .

We are using squid 3.1.8 with 100 children for ntlm scheme. We have
about 500 users and around 75 req/sec.

In the cache log rarely we see 100 pending ntlm requests and that time
squid reconfigures automatically.
Is it default behaviour of squid to reconfigure when ntlm are queued.?

In the cache log we can see following errors also.

 2011/01/31 10:59:02| AuthConfig::CreateAuthUser: Unsupported or
unconfigured/inactive proxy-auth scheme, 'Basic
bnByY1xzaHViaGFuZ2lkOmdhbGF4eUA1Nw=='
2011/01/31 10:59:18| AuthConfig::CreateAuthUser: Unsupported or
unconfigured/inactive proxy-auth scheme, 'Basic
bnByY1xzaHViaGFuZ2lkOmdhbGF4eUA1Nw=='

Thanks
Senthil

Amos Jeffries wrote:
> On Tue, 25 Jan 2011 19:25:33 +0530, Senthilkumar wrote:
>
>> Hi Amos,
>>
>> I have followed the suggestions provided by you and if use deny without
>> "all" i am getting pop up when i access denied sites, it is suppressed
>> when i use all.
>> We use ntlm scheme to authenticate with domain users, all users can
>> authenticate without any prompt, while browsing out of 350 users only
>> 5-6 users getting prompt rarely(around 2-3 times a day)
>> There is no specific website or time the prompt appears. Please suggest
>> some troubleshooting ideas and cause for it.
>> The cache.log does not show any errors
>>
>
> I'm not sure exactly which deny line you are describing as producing a
> popup. The config below looks right. Where you deny based on group lookups
> the lines should end with "all", as you saw not having it there produces
> the popup.
>
>
> NTLM can suffer from a few issues on connections and some bugs in Squid.
> Though both of these problems have been worked on and reduced in newer
> releases.
>
> If one of the "allow" group lookups is somehow failing this may produce a
> popup.
>
> I am not sure how one would check for these in production environment. The
> things to watch out for are the HTTP auth headers for the request before
> during and after the prompt appears. Whether this is happening on a
> connection while it stays up, or if the connection drops out on the
> challenge. Whether it happened on a new connection using some non-NTLM auth
> (ie a Windows 7 machine trying an unexpected encryption, or some background
> application with the wrong keys).
>
> Amos
>
>
Received on Mon Jan 31 2011 - 05:46:04 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 31 2011 - 12:00:04 MST