Jakob Curdes escreveu:
- When we change a password on the Active Directory,
squid don't see the change before a lot of hours ...
That is an AD "feature". If you use AD groups, you can take somebody
out of the group and AD will happily repsond that the user is a group
member for several hours. You can easily check the AD answer using the
squid auth helper. Probably this can be configured on the AD side but
I am not an AD freak so I cannot help there.
squid has all the caching mechanisms too.
check your TTL parameters on your squid authentication mechanism.
For example:
auth_param basic credentialsttl 300 seconds
or
external_acl_type ldap_group ttl=300 %LOGIN
Those parameters can make squid 'thinks' a password is OK when it
was changed, as well as believe a user is member of a group when it's
not anymore.
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
