Jakob Curdes escreveu:
>
>> - When we change a password on the Active Directory,
>> squid don't see the change before a lot of hours ...
> That is an AD "feature". If you use AD groups, you can take somebody
> out of the group and AD will happily repsond that the user is a group
> member for several hours. You can easily check the AD answer using the
> squid auth helper. Probably this can be configured on the AD side but
> I am not an AD freak so I cannot help there.
>
squid has all the caching mechanisms too.
check your TTL parameters on your squid authentication mechanism.
For example:
auth_param basic credentialsttl 300 seconds
or
external_acl_type ldap_group ttl=300 %LOGIN
Those parameters can make squid 'thinks' a password is OK when it
was changed, as well as believe a user is member of a group when it's
not anymore.
-- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertrudes_at_solutti.com.br My SPAMTRAP, do not email itReceived on Wed Dec 03 2008 - 17:39:32 MST
This archive was generated by hypermail 2.2.0 : Wed Dec 03 2008 - 12:00:02 MST