RE: [squid-users] Squid NTLM, Winbind Authentication Cache Issue: from Joseph M Siegmann on 2003-07-16 (squid-users)

From: Joseph M Siegmann <joseph@dont-contact.us>
Date: Wed, 16 Jul 2003 13:22:02 -0400

Looks like that did fix the problem.

I changed in my /etc/squid/squid.conf file the line:
        external_acl_type gpuser2 %LOGIN /usr/lib/squid/wb_group
   to:
        external_acl_type gpuser2 ttl=1 concurrency=5 %LOGIN
/usr/lib/squid/wb_group

Which seems to have fixed the problem with Squid Caching the logon.

Thanks.

For everyone else.. Some pointers:

Winbind:
- Make sure you use the -n switch on the daemon
Squid:
- Make sure you give the external program a TTL like above example.
Windows Domain:
- Remember that if you have more than 1 DC it takes time for them to
replicate to each other.

Thanks,

You made my day.!
Joseph M Siegmann
CISSP, CCNA, CCDA, MCSE, MCT

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, July 16, 2003 11:41 AM
To: Joseph M. Siegmann
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Squid NTLM, Winbind Authentication Cache
Issue:

ons 2003-07-16 klockan 17.07 skrev Joseph M Siegmann:

> My issue is that when I put a user in or out of the 'proxydeny' group
it
> will not take effect for quite a while (over an hour, haven't waited
> longer), unless I restart squid, and winbind. WHY Is this?

Probably due to caching.

Squid has caching of the results of external acls. See the
external_acl_type directive. The default setting is one hour I think.
You probably want a significantly shorter time for negative entries.

It is also possible winbind caches results. If you find that restarting
Squid alone does not help then this is the case. In such case see the
winbind documentation if there is any winbind parameters controlling
this.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
Please consult the Squid FAQ and other available documentation before
asking Squid questions, and use the squid-users mailing-list when no
answer can be found. Private support questions is only answered
for a fee or as part of a commercial Squid support contract.
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Wed Jul 16 2003 - 11:22:11 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:01 MST