hi, we have switched from squid 3.2.x to 3.4.2. in our environment we are using squid with the ntlm_auth helper to do NTLM user auth against windows DC. after switching to squid 3.4.1 squid uses nearly 100% cpu after a few minutes. with squid 3.2.x everythings worked well.
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 96 startup=24 idle=12 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 startup=2 idle=1 auth_param basic realm Internet-Zugriff [Benutzername/Kennwort aus BK] Nutzung des Internets nur zum Dienstgebrauch! auth_param basic credentialsttl 2 hours auth_param basic casesensitive off we have compiled with smp-support but at the moment using squid only with one worker, Kerberos support is compiled in but not used in squid.conf no negotiate configs in squid. is this enough or should we try without negotiate support, could this influence and cause this troubles? Squid Cache: Version 3.4.2 configure options: '--enable-auth-basic=MSNT,SMB' '--enable-auth-basic' '--enable-auth-ntlm' '--enable-auth-negotiate=kerberos' '--enable-delay-pools' '--enable-follow-x-forwarded-for' '--enable-removal-policies=lru,heap' '--with-filedescriptors=4096' '--with-winbind' '--with-async-io' '--enable-storeio=ufs,aufs,diskd,rock' '--disable-ident-lookups' '--prefix=/rzf/produkte/www/squid' '--enable-underscores' '--with-large-files' 'PKG_CONFIG_PATH=/opt/gnome/lib64/pkgconfig:/opt/gnome/share/pkgconfig' --enable-ltdl-convenience /usr/bin/ntlm_auth -V Version 3.6.3-0.39.1-3012-SUSE-CODE11-x86_64 we do not use wbinfo_group we only need the username. all users are allowed to surf the internet, there are some "groups" but they are retrieved "external" as they also are used in ufdbguard to filter some categories. so only ntlm_auth for username is needed and used. we only have short testet squid 3.3., because there we had the problem, that the internet access to sites with ip-address didn't work or are routed the wrong way (but that is another story, not related to this one). so the problem is, that with squid 3.4.2 the cpu usage rises to 100%. after squid -k reconfigure the cpu-usage drops but then after a fiew minutes rises again to 100%. so where to look? I have tried debug_options 82,9 but now further information in cache.log
