Hi, I've noticed that Windows Updates, just won't do NTLM auth, so i've just added a no_auth exception for windows update sites. How many children are you starting. I'm serving +700 users with just one squid with 30 ntlm_auth processes on a PII/800 MHZ/256 MB Ram with no problems wathsoever. Best Regards, Bruno Guerreiro>-----Original Message----- >From: Vitaly Protsko [mailto:villy@sft.ru] >Sent: quinta-feira, 1 de Setembro de 2005 12:41 >To: samba@lists.samba.org >Subject: [Samba] ntlm_auth and high load fault > > >Hi! > >Here is situation: > >1. We decide to switch on "Auto proxy config" in our network (you know, >wpad.example.com, etc.) >2. After that there are lot of robots (checking for new >versions, upgrading, >esp. M$ upg) on client > computers start trying to fetch resources, but w/o any >authentication (or >I dont understand what is going on :). >3. Result is unxepected: alot of "requests in queue" to >ntlm_auth, because >of this squid restarts every > 2 min when in morning computers are going up. :( > >Tech info: > >Linux 2.6.11.12 >glibc-2.3.5 >gcc-3.4.4 >samba-3.0.20, no patches >krb5-1.3.1 (MIT) >squid-2.5.10 >ntlm_auth from samba pack > >Joined to 2k3 AD. > > >My ideas about why this happens are exausted (all of them are >unproductive >:). >ANYBODY, please, if you have similar, or heard about this >situation, please >let me know. >May be some ideas about fighting against it? > >Thnx in advance. >/aTan > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba >
Hi! I'm serving ~3K users with 40 childs. Comp is 2x3.2 Intel, 4GB RAM, 2xSCSI HDD in RAID0 Yes, it is partial solution to pass windowsupdate w/o auth, but here still other "robots" ... :( Seems to me it is not a problem around perfomance, rather logic. /aTan> -----Original Message----- > From: Bruno Guerreiro [mailto:bruno.guerreiro@ine.pt] > Sent: Thursday, September 01, 2005 3:43 PM > To: 'Vitaly Protsko'; samba@lists.samba.org > Subject: RE: [Samba] ntlm_auth and high load fault > > > Hi, > I've noticed that Windows Updates, just won't do NTLM auth, > so i've just added a no_auth exception for windows update > sites. How many children are you starting. I'm serving +700 > users with just one squid with 30 ntlm_auth processes on a > PII/800 MHZ/256 MB Ram with no problems wathsoever. > > Best Regards, > Bruno Guerreiro > > >-----Original Message----- > >From: Vitaly Protsko [mailto:villy@sft.ru] > >Sent: quinta-feira, 1 de Setembro de 2005 12:41 > >To: samba@lists.samba.org > >Subject: [Samba] ntlm_auth and high load fault > > > > > >Hi! > > > >Here is situation: > > > >1. We decide to switch on "Auto proxy config" in our network > (you know, > >wpad.example.com, etc.) 2. After that there are lot of > robots (checking > >for new versions, upgrading, > >esp. M$ upg) on client > > computers start trying to fetch resources, but w/o any > >authentication (or > >I dont understand what is going on :). > >3. Result is unxepected: alot of "requests in queue" to > >ntlm_auth, because > >of this squid restarts every > > 2 min when in morning computers are going up. :( > > > >Tech info: > > > >Linux 2.6.11.12 > >glibc-2.3.5 > >gcc-3.4.4 > >samba-3.0.20, no patches > >krb5-1.3.1 (MIT) > >squid-2.5.10 > >ntlm_auth from samba pack > > > >Joined to 2k3 AD. > > > > > >My ideas about why this happens are exausted (all of them are > >unproductive > >:). > >ANYBODY, please, if you have similar, or heard about this > >situation, please > >let me know. > >May be some ideas about fighting against it? > > > >Thnx in advance. > >/aTan > > > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/listinfo/samba > > >
Hi! Seems, this problem can be easily solved: It is needed to check _lenght_ of the user name in ntlm_auth utility. Zero length name (not only NULL ptr) is not a valid user name. Same for domain name given by client. For now I have no time :( to make patch. May be authors or somebody else can do it now? /aTan
On Thu, 2005-09-01 at 17:25 +0400, Vitaly Protsko wrote:> Hi! > > Seems, this problem can be easily solved: > > It is needed to check _lenght_ of the user name > in ntlm_auth utility. Zero length name (not only NULL ptr) is > not a valid user name. Same for domain name given by client. > > For now I have no time :( to make patch. > May be authors or somebody else can do it now?The utility is segfaulting, or what exactly is happening? Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc. http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050901/a79cfcf1/attachment.bin