Re: [squid-users] Intermittent Hangups with Squid and NTLM Auth

From: Adrian Chadd <[email protected]>
Date: Wed, 1 Aug 2007 08:42:09 +0800

On Tue, Jul 31, 2007, Brian Kirk wrote:
> Red Hat ES release 4 update 4
> Squid 2.6 Stable 9
> Samba 3.0.23
>
> We from time to time have problems with the ntlm_auth where every
> process in the NTLM User Authenticator Stats on the cachemgr.cgi seems
> to be hung. We have tried from 30 processes up to 100 processes, but
> it doesn't help. Seems to happen during high traffic times.

I've seen this under Squid/NTLM. It was mitigated by Henrik's IP
authentication cache work. I didnt have the time to sort out exactly
why samba/winbind was falling behind on processing requests but it
was being handed ~200 authentication requests a second during
peak time.

I'd love to sort it out for good but I don't have a good windows test
environment and the above patch solved the problem for the client.

Can you correlate these crashes against request rates and see if
they match? (You said traffic, I don't know if that means requests
or bytes..)

Adrian

> We see core files in the /var/cache directory.
>
> We see these lines repeated over again when it first started today in
> the /var/log/samba/winbindd.log:
> [2007/07/31 09:58:58, 0] nsswitch/winbindd.c:process_loop(832)
> winbindd: Exceeding 200 client connections, no idle connection found
> [2007/07/31 09:58:58, 0] nsswitch/winbindd.c:process_loop(813)
> winbindd: Exceeding 200 client connections, no idle connection found
>
> We start seeing these messages in the /var/log/squid/cache.log:
> 2007/07/31 09:57:31| WARNING: up to 405 pending requests queued
> 2007/07/31 09:57:31| Consider increasing the number of
> ntlmauthenticator processes to at least 505 in your config file.
> 2007/07/31 09:57:49| urlParse: Illegal character in hostname
> 'www.harpoonharry's.com'
> 2007/07/31 09:58:01| WARNING: All ntlmauthenticator processes are busy.
> 2007/07/31 09:58:01| WARNING: up to 478 pending requests queued
> 2007/07/31 09:58:01| Consider increasing the number of
> ntlmauthenticator processes to at least 578 in your config file.
> 2007/07/31 09:58:12| storeDirWriteCleanLogs: Starting...
> 2007/07/31 09:58:12| WARNING: Closing open FD 145
> 2007/07/31 09:58:12| commSetEvents: epoll_ctl(EPOLL_CTL_DEL): failed
> on fd=145: (1) Operation not permitted
> 2007/07/31 09:58:12| 65536 entries written so far.
> 2007/07/31 09:58:12| Finished. Wrote 71404 entries.
> 2007/07/31 09:58:12| Took 0.0 seconds (2146262.3 entries/sec).
> FATAL: Too many queued ntlmauthenticator requests (501 on 100)
> Squid Cache (Version 2.6.STABLE9): Terminated abnormally.
>
> I have found message in samba groups but no one every responded to it:
> http://lists.samba.org/archive/samba/2005-September/110414.html
>
> Any help would be greatly appreciated.
>
> Thank you,
> Brian Kirk

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level bandwidth-capped VPSes available in WA -
Received on Tue Jul 31 2007 - 18:42:10 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:04 MDT