RE: [squid-users] AD group changes don't get applied until restart of Squid -> Is this normal?

> -----Original Message-----
> From: Nathan Reeves [mailto:nathan_reeves@yahoo.com]
> Sent: Thursday, October 06, 2005 1:03 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] AD group changes don't get applied
> until restart
> of Squid -> Is this normal?
>
>
> Got NTLM authentication working fine with Stable11 on
> Windows 2003 Server STD. Just finding that when I
> change the group membership of the Inernet Access
> group,the membership change doesn't affect web access
> for the added / removed user until I stop and restart
> the squid service.
>
> This is my config:
>
> auth_param ntlm program
> c:/squid/libexec/win32_ntlm_auth.exe
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate on
> external_acl_type win_global_group %LOGIN
> c:/squid/libexec/win32_check_group.exe -G

From squid.conf.default:

# TAG: external_acl_type
# Options:
#
# ttl=n TTL in seconds for cached results (defaults to 3600
# for 1 hour)

Add an appropriate ttl to the external_acl line (e.g. external_acl_type win_global_group ttl=600 %LOGIN c:/squid/libexec/win32_check_group.exe -G).

> acl InetUsers external win_global_group Internet_Users
> acl AuthUser proxy_auth REQUIRED
> http_access allow AuthUser InetUsers
> http_access deny all
>
> Is this normal behaviour or is there something I can
> change so that a change in the group membership gets
> applied without a service restart (which is what I was
> trying for).
>

I'm not positive, but running squid -k reconfigure might also work, and will not cause a service outage.
 
> TIA
>
> Nathan
>
>

Chris
Received on Thu Oct 06 2005 - 12:21:40 MDT