ons 2010-03-03 klockan 21:37 +0100 skrev Thomas Klein:
> squid is caching the result of the query in any way (or another
> component, that did the query perhaps?), because if i remove a user from
> all groups, the access is still possible through squid.
Groups are cached in many places
a) Squid. See external_acl_type ttl parameter.
b) winbind if you use winbind.
c) AD network if you have more than one directory server.. takes a bit
of time for update to propagate.
d) And there is some fuzziness in the domain design itself. Especially
if using native AD mode with Kerberos.
Both Squid & winbind caches is in memory only, and a restart of both
services clears that cache.
Regards
Henrik
Received on Wed Mar 03 2010 - 23:15:12 MST
This archive was generated by hypermail 2.2.0 : Fri Mar 05 2010 - 12:00:03 MST