RE: [squid-users] Too many queued ntlmauthenticator requests and squid failed

From: Guido Marino Lorenzutti <glorenzutti_at_jusbaires.gov.ar>
Date: Mon, 18 Oct 2010 20:27:47 -0300

Amos Jeffries <squid3_at_treenet.co.nz> escribió:

> On Mon, 18 Oct 2010 22:54:42 +0000, "Tharanga Abeyseela (RGA)" wrote:
>> Hi,
>>
>> I tried to start squid in the offpeak time there were only 35 users, but
>> still its says Too many queued ntlmauthenticator requests, and terminate
>> the squid process.
>>
>> My domain is connected to several other domains (trusted domains) can it
>> cause this issue ?
>>
>>
>> Following are the error messages on log files.
>>
>> Squid Parent: child process 15206 exited with status 1
>> Oct 18 19:47:29 rapsydprox2 squid[15204]: Squid Parent: child process
>> 20806 exited due to signal 15
>>
>> 2010/10/18 19:47:10, 2] winbindd/winbindd.c:872(remove_client)
>> final write to client failed: Broken pipe
>> [2010/10/18 19:47:10, 0]
>> winbindd/winbindd.c:954(winbindd_listen_fde_handler)
>> winbindd: Exceeding 200 client connections, no idle connection found
>
> Ouch. So your problem then is that your Squid receives greater than *200*
> concurrent *new* TCP connections (per second or so) with only 35 users.
> This is about double the maximum number of concurrent connections modern
> web browser make to proxies (4-6).
> * Make sure that your squid.conf has at least
> client_persistent_connections and server_persistent_connections turned on.
> It might reduce this a little bit.
> * check your squid.conf http_access listing order. Make as many
> rejections as possible before testing for auth. This will usually have a
> chain reaction down to increased average service times.
>
> Note that squid-3.0 does not have "connection pinning" which is required
> to connect to anything on the other side of Squid with NTLM. Connections
> *to* Squid with NTLM only required persistent connections.
>
> I really strongly urge you move to 3.1.8. We have done a lot of work to
> make connections more persistent since 3.0 was released.
>
>

Amos: Im experiencing slowness with 2.7 and ntlm. Are you suggesting
that if I upgrade to 3.1.8 this should improve? I known for a fact
that the problem is ntlm.

Tnxs in advance.
Received on Mon Oct 18 2010 - 23:27:59 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 19 2010 - 12:00:02 MDT