> -----Original Message----- > From: Nathan Reeves [mailto:nathan_reeves@xxxxxxxxx] > Sent: Thursday, October 06, 2005 1:03 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: AD group changes don't get applied > until restart > of Squid -> Is this normal? > > > Got NTLM authentication working fine with Stable11 on > Windows 2003 Server STD. Just finding that when I > change the group membership of the Inernet Access > group,the membership change doesn't affect web access > for the added / removed user until I stop and restart > the squid service. > > This is my config: > > auth_param ntlm program > c:/squid/libexec/win32_ntlm_auth.exe > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > auth_param ntlm use_ntlm_negotiate on > external_acl_type win_global_group %LOGIN > c:/squid/libexec/win32_check_group.exe -G >From squid.conf.default: # TAG: external_acl_type # Options: # # ttl=n TTL in seconds for cached results (defaults to 3600 # for 1 hour) Add an appropriate ttl to the external_acl line (e.g. external_acl_type win_global_group ttl=600 %LOGIN c:/squid/libexec/win32_check_group.exe -G). > acl InetUsers external win_global_group Internet_Users > acl AuthUser proxy_auth REQUIRED > http_access allow AuthUser InetUsers > http_access deny all > > Is this normal behaviour or is there something I can > change so that a change in the group membership gets > applied without a service restart (which is what I was > trying for). > I'm not positive, but running squid -k reconfigure might also work, and will not cause a service outage. > TIA > > Nathan > > Chris
