Mike Ely schrieb:
On 3/3/10 12:37 PM, "Thomas Klein" <mailinglist-postfixbuch@xxxxxxxxx>
wrote:
Hello Squid-Admins,
i'm in the first steps on installing squid in a network of a customer.
Squid asks one of the domain controllers to authenticate the users via
ntlm. I have three groups of users in the AD to regulate the internet
access. This works so far.
The only buggy thing is, if i remove a user completely from all groups,
the access over squid should be no longer possible. But it seems that
squid is caching the result of the query in any way (or another
component, that did the query perhaps?), because if i remove a user from
all groups, the access is still possible through squid. If i wait for,
lets say one or a half hour, the removal of the user from the group gets
recognized, and the access is no more possible.
Is there a variable for setting this value, how long a query is cached?
A reboot and a restart of squid does not change anything.
Thanks for a short answer & regards
Thomas
How many domain controllers are there in this network? What you are
experiencing may just be a case of slow propagation between DCs.
Cheers,
Mike
Hmm... i have two domain controllers (at the same location) and i did
the changes of the group members on the same DC, that is queried from
Squid. In another AD-forest tree are 5 domain controllers (different
locations), but i think they aren't queried by squid.
best regards
Thomas
