Henrik Nordstrom schrieb:
ons 2010-03-03 klockan 21:37 +0100 skrev Thomas Klein:
squid is caching the result of the query in any way (or another
component, that did the query perhaps?), because if i remove a user from
all groups, the access is still possible through squid.
Groups are cached in many places
a) Squid. See external_acl_type ttl parameter.
b) winbind if you use winbind.
c) AD network if you have more than one directory server.. takes a bit
of time for update to propagate.
d) And there is some fuzziness in the domain design itself. Especially
if using native AD mode with Kerberos.
Both Squid & winbind caches is in memory only, and a restart of both
services clears that cache.
Regards
Henrik
Hi together,
thanks to all for your help.
I'm using winbind, the restart of winbind resolves my problem.
best regards
Thomas
