When a client first tries to use the proxy server it does so without sending authentication. The proxy requests authentication, and NTLM (due to handshaking or some such) takes a couple tries before it sends said authentication. As long as the access.log entries you see with a "-" for the username don't have TCP_MISS/200 in the fourth column (meaning that data was fetched and served without requiring authentication) you should be fine. Chris -----Original Message----- From: Patricio Bruna V [mailto:pbruna@xxxxxxxxxxxxxxxxx] Sent: Tuesday, March 29, 2005 11:45 AM To: squid-users@xxxxxxxxxxxxxxx Subject: [squid-users] access.log and ntlm does the ntlm auth model has any effect on access.log, because im getting a lot of "-"s instead of usernames in the 8 field of access.log -- Patricio Bruna pbruna@xxxxxxxxxxxxxxxxx Red Hat Certified Engineer Jefe Soporte y Operaciones LinuxCenter S.A. Canada 239, 5to piso, Providencia, Chile http://www.linuxcenterla.com +56-2-2745000