On 30 Dec 2003, Dave Augustus wrote: > And I am thinking this: when a workstation logins to the Domain, it can > hit *ANY* of the domain controllers, probably the primary. Then when the > *SAME* client accesses the Internet with IE 6.0, Squid (via NTLM_AUTH) > verifies the user with *ANY* of the domain controllers.
Yes, and this is how it is supposed to work, and also is how things works when the user contacts any other Windows server in your network. > Hence, there is the possibility of 2 sessions, one via the workstation > and one via Internet Explorer/Squid- both on different domain > controllers. There is only one session. The authentication done via Samba (or any other Windows server) does not start a new session, it just verifies that the login+password is correct and some permission checks to validate that the account is not blocked etc. More likely your first suspicion is correct. The authentication gets overloaded. The first thing you can try is to increase the number of NTLM helpers. Regards Henrik
