Heya,
We use ntlm_auth in conjunction with our squid proxy server.
Ntlm_auth authenticates against our Windows 2003 SP1 DC's.
Our AD domain requires users to change password every 90 days.
We sometimes have an issue where an expiring account (our users tend to
ignore the warning
And only change when forced to) does not authenticate with squid and
falls back to basic
Authentication, which if we put the username and password in, and it
works.
At first we changed the passwords to see if it made a difference, and it
appeared not to.
Until I disables winbindd's cache with the -n switch.
Now changes to the accounts directly affected squid, which is what
should happen.
Problem solved.
I need to tell the operations guys the maximum time that winbinnd keeps
cached results.
The man page just says that the parameter exists with no indication
about the default value,
And I also came up with this in a google search:
http://lists.samba.org/archive/samba-technical/2003-February/027095.html
Which confused me a bit.
Is the argument to "winbind cache time" in seconds?
And what is the default value for this parameter?
With that in mind, how long after a password change can a user be
guaranteed
To be authenticated properly with ntlm_auth?
Adam