On 3/3/10 12:37 PM, "Thomas Klein" <mailinglist-postfixbuch@xxxxxxxxx> wrote: > Hello Squid-Admins, > > i'm in the first steps on installing squid in a network of a customer. > Squid asks one of the domain controllers to authenticate the users via > ntlm. I have three groups of users in the AD to regulate the internet > access. This works so far. > > The only buggy thing is, if i remove a user completely from all groups, > the access over squid should be no longer possible. But it seems that > squid is caching the result of the query in any way (or another > component, that did the query perhaps?), because if i remove a user from > all groups, the access is still possible through squid. If i wait for, > lets say one or a half hour, the removal of the user from the group gets > recognized, and the access is no more possible. > Is there a variable for setting this value, how long a query is cached? > A reboot and a restart of squid does not change anything. > > Thanks for a short answer & regards > Thomas > How many domain controllers are there in this network? What you are experiencing may just be a case of slow propagation between DCs. Cheers, Mike
