Hi there. I'mu sing squid 2.5 for our users . I'm currently using NTLM to restrict internet access to a specific group, Internet with this: auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=XXXX\\INTERNET auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes #auth_param ntlm use_ntlm_negotiate off auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=XXXX\\INTERNET auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours and then I have an acl with : acl AuthorizedUsers proxy_auth REQUIRED and http_access allow all AuthorizedUsers Ok, So this works fine but know I have a few questions. Pretty soon I want to give different groups different permissions to Internet and Intranets, for Instance I want Group All-Internet to have access to ,well all Internet and Goup All-Intranet to have access ONLY to Intranet . With the current setup this doesn't work, but I'm sure there is a good way to solve this. I just wonder how ? Can anybody out there guide me ? //Joel