Scenario:
+ NT4 Domain, with a PDC and a BDC.
+ Squid proxy 2.5STABLE1 on a simple linux machine, samba 2.2.5 using
wb_group as external acl for authentication.
The problem is that when I change Group Credential for an user the
authenticator is not coherent with the scenario.
Example:
Domain unser USER1, Group INTERNETFULL.
(in the acl, only INTERNETFULL can surf web)
On my squid machine I do /usr/squid/libexec/wb_group
Domain\\USER1 InternetFull
OK
The user1 surf on web without any problem....
After that I change User1 credential, removing INTERNETFULL, syncronize PDC
with BDC and logoff/logon on the USER1 pc.
On my squid machine I do /usr/squid/libexec/wb_group
Domain\\USER1 InternetFull
ERR
But my USER1 still go on surfing on the web
Idem when I do a inversal test, example:
USER2 without InternetFull
On my squid machine I do /usr/squid/libexec/wb_group
Domain\\USER2 InternetFull
ERR
Infact, it can't surf web.
Now add credential InternetFull on the user, syncronize PDC with BDC and
logoff/logon on the USER2 pc.
On my squid machine I do /usr/squid/libexec/wb_group
Domain\\USER2 InternetFull
OK
Connect IE with the proxy, and It continues to receive ACCESS DENIED...
Control access.log and I can see Domain\\USER2 bot with only
TCP_DENIED403...
Where is the problem ???
Received on Fri Sep 27 2002 - 02:57:44 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:26 MST