We seem to have an issue running squid on our windows box. We are using NTLM to authenticate users on our active directory, but it seems t be 'slow' for users that are accessing it over the WAN. Users on the same subnet as the server seem to be ok.
We think it is an authentication issue because when we turn it off it starts to be a lot better. This is the section of the config that sets up the authentication –
#Authentication Params
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
auth_param ntlm children 50
# Programs to get the groups out for the user
external_acl_type win_domain_group ttl=120 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G
external_acl_type win_local_group ttl=120 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe
Anyone any ideas what might be going on? Looks like we are on version 2.7
Cheers
Luke
Best Answer
NTLM will add a couple of roundtrips to each request - which will exacerbate any latency in a connection. Use kerberos instead if that suits your environment? Or digest auth?