Re: [squid-users] AD group changes don't get applied until restart of Squid -> Is this normal?

From: "Nathan Reeves" <nathan_reeves@yahoo.com>
To: <squid-users@squid-cache.org>
Sent: Thursday, October 06, 2005 10:03 PM
Subject: [squid-users] AD group changes don't get applied until restart
of Squid -> Is this normal?

> Got NTLM authentication working fine with Stable11 on
> Windows 2003 Server STD. Just finding that when I
> change the group membership of the Inernet Access
> group,the membership change doesn't affect web access
> for the added / removed user until I stop and restart
> the squid service.
>
> This is my config:
>
> auth_param ntlm program
> c:/squid/libexec/win32_ntlm_auth.exe
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param ntlm use_ntlm_negotiate on
> external_acl_type win_global_group %LOGIN
> c:/squid/libexec/win32_check_group.exe -G
> acl InetUsers external win_global_group Internet_Users
> acl AuthUser proxy_auth REQUIRED
> http_access allow AuthUser InetUsers
> http_access deny all
>
> Is this normal behaviour or is there something I can
> change so that a change in the group membership gets
> applied without a service restart (which is what I was
> trying for).

Normal behaviour I think because Squid obviously seems to cache the
authentication info rather than pestering the DC for authentication for
every page hit. I find it's the same when using LDAP. I simply
'/etc/init.d/squid restart' only takes a few seconds though.

D.Radel.
Received on Thu Oct 06 2005 - 13:34:26 MDT