ons 2010-03-03 klockan 21:37 +0100 skrev Thomas Klein: > squid is caching the result of the query in any way (or another > component, that did the query perhaps?), because if i remove a user from > all groups, the access is still possible through squid. Groups are cached in many places a) Squid. See external_acl_type ttl parameter. b) winbind if you use winbind. c) AD network if you have more than one directory server.. takes a bit of time for update to propagate. d) And there is some fuzziness in the domain design itself. Especially if using native AD mode with Kerberos. Both Squid & winbind caches is in memory only, and a restart of both services clears that cache. Regards Henrik
