Squid is very slow using NTLM
It's been about 2 weeks now that I'm looking for a solution and having no luck so I decided to write on this forum.
When I use NTLM authentication, my proxy make a "TCP_DENIED/407" for about every object on the web page I'm browsing (CSS, JS, images, ...) and it makes the surf very slow. It can take me over than a minute to render a simple page. I have read it's the way NTLM works to authenticate users. However, I would have expect it to do it once per page top.
When I turned it off and use basic authentication, the page's loading is very fast. That's how i suspected NTLM was the problem.
My aim is to authenticate users once by NTLM (unfortunately, I can not fallback on basic because I've been asked to make is as transparent as possible) and then don't authenticate them again until the browser is closed. Is there a way I can accomplish that ?
You can find part of my configuration at the end.
Thanks a lot for your time.
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 150
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
authenticate_cache_garbage_interval 2 hour
authenticate_ttl 30 minutes
authenticate_ip_ttl 1 hour
acl ad_auth proxy_auth REQUIRED
http_access allow ad_auth
http_access deny all
workgroup = *****
realm = *****.BE
security = domain
encrypt passwords = true
password server = srv-******.*****.be
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
/*Begin Programs' versions*/
Debian Squeeze (5.0.3)
squid3 - 3.1.3-2
samba - 2:3.4.8~dfsg-1
winbind - 2:3.4.8~dfsg-1
/*End Programs' versions*/