1

We seem to have an issue running squid on our windows box. We are using NTLM to authenticate users on our active directory, but it seems t be 'slow' for users that are accessing it over the WAN. Users on the same subnet as the server seem to be ok.

We think it is an authentication issue because when we turn it off it starts to be a lot better. This is the section of the config that sets up the authentication - 

#Authentication Params auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 50 # Programs to get the groups out for the user external_acl_type win_domain_group ttl=120 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G external_acl_type win_local_group ttl=120 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe

Anyone any ideas what might be going on? Looks like we are on version 2.7

Cheers Luke

Improve this question

1 Answer 1

Reset to default
1

NTLM will add a couple of roundtrips to each request - which will exacerbate any latency in a connection. Use kerberos instead if that suits your environment? Or digest auth?

Improve this answer
4
  • what would the kerberos auth do differently than NTLM? Commented Sep 24, 2012 at 13:26
  • kerberos doesn't roundtrip, your client sends all that's needed in the first payload. Commented Sep 24, 2012 at 13:27
  • that does sound better, ill give that a go. Also do you know if there is some sort of session keeo alive on squid, so the client wont re-authenticate each time a user connects? Commented Sep 25, 2012 at 8:04
  • No, not afaik. I work at Smoothwall, we use squid in our filter products, and I know we had to write additional software to do auth-n-run type schemes :) Commented Sep 26, 2012 at 20:43

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.