Re: [squid-users] NTLM authentication testing from Guido Serassio on 2008-02-19 (squid-users)

From: Guido Serassio <guido.serassio@dont-contact.us>
Date: Tue, 19 Feb 2008 15:28:51 +0100

Hi,

At 14:40 19/02/2008, Richard Wall wrote:

>First problem is that you have to reinterpret the Squid reported hit
>ratios when using NTLM auth. Only half of these are hits, the other
>half being TCP_DENIED/407 that form part of the NTLM auth negotiation.

This is caused by the NTLM over HTTP authentication sequence, look
here for details:
http://davenport.sourceforge.net/ntlm.html

>Second problem is that the majority of requests seem to result in auth
>requests to the DC. There is an article describing Win2003 performance
>counters showing Number of auth requests / sec, but those counters
>don't seem to exist on my copy.
> * http://support.microsoft.com/kb/928576

Correct, you should request the hotfix to Microsoft.

>Instead I used the difference in a minute of the total number of
>security events (as shown in the titel bar of the windows event
>viewer.
> * ~127 successful auth events per second
>...which is about the same as the client_http.hits reported by squid.
>
>I have the following setting defined in smb.conf:
> * winbind cache time = 10
>...which clearly isn't being respected.
>
> * Does anyone else see this behaviour or have you managed to get auth
>requests cached by winbindd?
> * Can winbindd even do caching of auth reqests or is it only
>concerned with caching other domain data?

What Samba version do you are using ?
I remember that in Samba 3.0.25 there was big changes into winbindd
regarding off-line logon support, but I don't know if this could help.

Another question, what type of NTLM authentication is supported by curl ?
Lan manager/NTLMv1 or full NTLMv2 ? (See the previous link for details)
There are big difference between the security level and on the
performance impact, and currently all browsers automatically use
always the NTLMv2 type.

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Tue Feb 19 2008 - 07:30:09 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST