Hi Everyone.
I'm using SQUID 2.6 stable on Debian Etch authenticating users against an
Active Directory running on Windows 2003 Server.
And I got to say, it works great, I'm using squid_ldap_group directory to
only let the users navigate if they are on a group, for example GINTERNET.
Again, it work great, the thing is that, for example if the user went on
vacations, instead of getting the user out of the GINTERNET group, I disable
the account from AD to ensure the user won't log into the domain either.
But the squid (I don't know if here take part squid or the squid_ldap_group
processes running to auth) take about +10 MINS to see the changes made to
AD, I mean, saw the user disabled and wont let him use internet after +10
MINS the change is made in AD.
Or, if I don't want to wait that amount of time ( 99% I don't ) I have to
run a /etc/init.d/squid restart but it takes some time either and let the
entire enterprise without internet for about 3MINS.
So, is normal that squid or the squid_ldap_group processes take soooo much
time in reflecting the changes made to AD? Or is there any kind of parameter
or configuration on squid or AD to make this thing to take changes on real
time??
THANKS A LOT !!!
Saludos.
----------------------------------------------
Alejandro D. Comisario
E-Mail: acomisario@siscat.com.ar
Depto. Tecnología y Seguridad Informática
Sistemas Catastrales S.A.
----------------------------------------------
Received on Tue Apr 10 2007 - 10:35:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT