New question #656755 on squid in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/squid/+question/656755
Ubuntu 16.04.3 64bit LTS squid 3.5 proxy server problem:
ntlm_auth helpers began infinitely storming Windows Server 2008R2 AD DC with
SMB auth requests, when one or two Windows users starts their Chrome browser
with a lot of tabs opened at once (there may be 30 to 70 tabs). Meanwhile,
existing or new client's browsers freezes opening web pages completely. Packet
dump didn't show any difference except requests rate between normal behavior
and auth request storm. CPU load didn't show any anomalies. Debug entries in
cache.log didn't show any errors or difference with normal behavior except
requests rate.
killall ntlm_auth sometimes help, sometimes not, more oftenly helps systemctl
restart squid.
I increased helpers count up to 200 200 300 (start, idle, maximum). Problem not
gone completely, but become rare. Is that problem with ntlm_auth helper itself
or with too low helpers count? What could be done to solve?
Windows clients - Windows 8.1 64 bit, Chrome version - 60, Squid version:
3.5.12-1ubuntu7.4, Samba server version - 2:4.3.11+dfsg-0ubuntu0.16.04.9. All
updates on ubuntu server are installed.
root@proxy05:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Auth config from squid.conf:
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth \
--kerberos /usr/lib/squid/negotiate_kerberos_auth -i -r -d \
-s "HTTP/[email protected]" \
-s GSS_C_NO_NAME \
--ntlm /usr/bin/ntlm_auth \
--helper-protocol=squid-2.5-ntlmssp \
--domain=HQ \
-s GSS_C_NO_NAME
auth_param negotiate children 40 startup=5 idle=10
auth_param negotiate keep_alive on
auth_param basic program /usr/lib/squid/basic_ldap_auth -v 3 -P -R \
-b "dc=hq,dc=verita,dc=local" \
-D "[email protected]" \
-W /etc/squid/ldappass.conf \
-f "sAMAccountName=%s" -h dc01.hq.verita.local
auth_param basic children 30
auth_param basic realm "proxy05 SQUID Proxy Server Basic authentication!"
auth_param basic credentialsttl 2 hours
authenticate_cache_garbage_interval 8 hour
authenticate_ttl 4 hour
--
You received this question notification because your team Ubuntu
Server/Client Support Team is an answer contact for squid in Ubuntu.
--
Mailing list: https://launchpad.net/~enterprise-support
Post to : [email protected]
Unsubscribe : https://launchpad.net/~enterprise-support
More help : https://help.launchpad.net/ListHelp
