Mike Ely schrieb:
> On 3/3/10 12:37 PM, "Thomas Klein" <mailinglist-postfixbuch_at_online.de>
> wrote:
>
>
>> Hello Squid-Admins,
>>
>> i'm in the first steps on installing squid in a network of a customer.
>> Squid asks one of the domain controllers to authenticate the users via
>> ntlm. I have three groups of users in the AD to regulate the internet
>> access. This works so far.
>>
>> The only buggy thing is, if i remove a user completely from all groups,
>> the access over squid should be no longer possible. But it seems that
>> squid is caching the result of the query in any way (or another
>> component, that did the query perhaps?), because if i remove a user from
>> all groups, the access is still possible through squid. If i wait for,
>> lets say one or a half hour, the removal of the user from the group gets
>> recognized, and the access is no more possible.
>> Is there a variable for setting this value, how long a query is cached?
>> A reboot and a restart of squid does not change anything.
>>
>> Thanks for a short answer & regards
>> Thomas
>>
>>
>
> How many domain controllers are there in this network? What you are
> experiencing may just be a case of slow propagation between DCs.
>
> Cheers,
> Mike
>
>
Hmm... i have two domain controllers (at the same location) and i did
the changes of the group members on the same DC, that is queried from
Squid. In another AD-forest tree are 5 domain controllers (different
locations), but i think they aren't queried by squid.
best regards
Thomas
Received on Wed Mar 03 2010 - 21:39:13 MST
This archive was generated by hypermail 2.2.0 : Thu Mar 04 2010 - 12:00:06 MST