Issue with squid crashing with NTLM Auth
Thank you in advance for any help you can provide. We are currently using squid 3.0 STABLE 13 and squidGuard 1.3 with NTLM Authentication on a SuSE 10 server. squid has been working beautifully however as the number of users have grown we now have a issue with squid crashing when there are I assume no more available ntlm_auths left. Here is a section of my squid.conf as the whole file is too long to post here:
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 240
# auth_param ntlm max_challenge_reuses 0 #added by Lee Higginbotham
# auth_param ntlm max_challenge_lifetime 2 minutes #added by Lee Higginbotham
external_acl_type nt_group ttl=10 children=25 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
If you will note two of the commented out lines that have "added by..." I am thinking will help my issue. I also think by changing the half_closed_clients to "off". It currently is commented out:
# TAG: half_closed_clients
# Some clients may shutdown the sending side of their TCP
# connections, while leaving their receiving sides open. Sometimes,
# Squid can not tell the difference between a half-closed and a
# fully-closed TCP connection. By default, half-closed client
# connections are kept open until a read(2) or write(2) on the
# socket returns an error. Change this option to 'off' and Squid
# will immediately close client connections when read(2) returns
# "no more data to read."
# half_closed_clients on
I have two questions:
1. What is the maximum number the auth_param ntlm children can have?
2. Would the max_challenge_reuses, max_challenge_lifetime and half_closed_clients option assist with the possible crashing of squid?
Again, thank you for any assistance.
I've changed the half_closed_clients option to off and it is still crashing. Really, any help at this point would be great!!!
More information...Squid was working very well until we upgraded our AD to Windows 2008. So, it looks like it might be a problem with the authentication with 2008. I'm going to do more research! Thanks to all in advance of any help.
Last edited by lhiggie; 05-20-2009 at 08:40 AM.
Reason: Update to the post