On 3/3/10 12:37 PM, "Thomas Klein" <mailinglist-postfixbuch_at_online.de>
wrote:
> Hello Squid-Admins,
>
> i'm in the first steps on installing squid in a network of a customer.
> Squid asks one of the domain controllers to authenticate the users via
> ntlm. I have three groups of users in the AD to regulate the internet
> access. This works so far.
>
> The only buggy thing is, if i remove a user completely from all groups,
> the access over squid should be no longer possible. But it seems that
> squid is caching the result of the query in any way (or another
> component, that did the query perhaps?), because if i remove a user from
> all groups, the access is still possible through squid. If i wait for,
> lets say one or a half hour, the removal of the user from the group gets
> recognized, and the access is no more possible.
> Is there a variable for setting this value, how long a query is cached?
> A reboot and a restart of squid does not change anything.
>
> Thanks for a short answer & regards
> Thomas
>
How many domain controllers are there in this network? What you are
experiencing may just be a case of slow propagation between DCs.
Cheers,
Mike
Received on Wed Mar 03 2010 - 21:22:03 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 04 2010 - 12:00:06 MST