tis 2007-04-10 klockan 13:35 -0300 skrev Comisario, Alejandro:
> Again, it work great, the thing is that, for example if the user went on
> vacations, instead of getting the user out of the GINTERNET group, I disable
> the account from AD to ensure the user won't log into the domain either.
Ok. so you disable the authentication step of the account, not change
the group.
> But the squid (I don't know if here take part squid or the squid_ldap_group
> processes running to auth) take about +10 MINS to see the changes made to
> AD, I mean, saw the user disabled and wont let him use internet after +10
> MINS the change is made in AD.
So you need to look into how authentication is processed.
What authentication method are you using? Basic or NTLM?
If basic then there is a ttl parameter in the auth_param settings,
controlling how long Squid keeps a cache of valid logins.
If NTLM then any caching is entirely outside Squid, either in Samba or
your domain controller replications.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT