On 9/07/2012 9:13 p.m., Jason Leschnik wrote:
Hey all,
Just curious about what size your user base is compared to how many
children processes you have for ntlm authentication. We found with
1000-1500 users that 30 children was no enough, resulting in cache.log
queue warnings. So what combination have you found reasonable?
For NTLM the theoretical ideal is about 4 helpers per active user
(ouch!), just because of the extremely inefficient way it works. As you
cut down the ratio of helpers:users from that the user-visible lag
becomes longer. So yes a few dozen heleprs for a thousand users is
nowhere near enough. It's not uncommon to see a few hundred NTLM helpers
in one Squid instance for your user levels.
Try making that 100 helper children and see what the loading is. The
low numbered helepers will get a lot of requests tailing off to least
load on the 100th helper.
If you have a choice go for Kerberos instead or as first preference over
NTLM.
Amos
