On tis, 2007-09-25 at 11:34 +0100, Paul Cocker wrote: > I've checked the access log and see a lot of lines which look like > > 1190708486.534 0 191.9.222.107 TCP_DENIED/407 1840 GET > http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html > 1190708486.565 0 191.9.222.107 TCP_DENIED/407 2086 GET > http://www.microsoft.com/isapi/redir.dll? - NONE/- text/html > 1190708486.752 187 191.9.222.107 TCP_DENIED/403 1510 GET > http://www.microsoft.com/isapi/redir.dll? domain\user NONE/- text/html
Authentication successful, but user id not granted access. So it's most likely a group membership problem of some kind. Group membership details is cached both by Squid and by winbind, so you may need to wait a bit before changes become active. See the external_acl_type directive for the Squid side of the caching. You can control both positive (is member) and negative (not member) cache intervals. Default unless you have configured it differently is one hour. Not sure how the cache in Samba windbind works. Regards Henrik
signature.asc
Description: This is a digitally signed message part
