From: "Nathan Reeves" <nathan_reeves@xxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Thursday, October 06, 2005 10:03 PM
Subject: AD group changes don't get applied until restart
of Squid -> Is this normal?
Got NTLM authentication working fine with Stable11 on
Windows 2003 Server STD. Just finding that when I
change the group membership of the Inernet Access
group,the membership change doesn't affect web access
for the added / removed user until I stop and restart
the squid service.
This is my config:
auth_param ntlm program
c:/squid/libexec/win32_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on
external_acl_type win_global_group %LOGIN
c:/squid/libexec/win32_check_group.exe -G
acl InetUsers external win_global_group Internet_Users
acl AuthUser proxy_auth REQUIRED
http_access allow AuthUser InetUsers
http_access deny all
Is this normal behaviour or is there something I can
change so that a change in the group membership gets
applied without a service restart (which is what I was
trying for).
Normal behaviour I think because Squid obviously seems to cache the
authentication info rather than pestering the DC for authentication for
every page hit. I find it's the same when using LDAP. I simply
'/etc/init.d/squid restart' only takes a few seconds though.
D.Radel.
