Hello list, to info.: I used a Windows 2000 servers as domaincontroller and a Squid-2.5-ST10. Up to now I authenticate the users with ldap_auth and ldap_group against a group in the Active Directory and it works very well. But now the users want to get rid of the login prompt. What I wanna do : 1. Authenticate the user against a group in the acitve directory without login-prompt. 2. If the user is not member of the first group, the login prompt should appear and the username which insert by the user should be authenticated against a second group in the AD. The second part should be possible by ldap_group ? I had hope, if I use for example fakeauth, squid could take the well known username and pass these information on simply way to ldap_group or something like this. But I found no working setup. Or exist no other possibility to authenticate user without login prompt than via NTLM ? And if this like that, is there any change for squid not to get member of the domain ? Because my cache is running on our Firewall and I don´t want to join the firewall to our domain. My 2nd large problem is the sequence of the acces lists. Is it possible to configure the acces lists in such a way, that if the user tested without login prompt, is not member of the first group, the login prompt appears and the username insert by the user is tested against the 2nd AD group ? It would be great if someone could point me to any resources regarding the problem. Excuse the many questions and thank you in advance. Kind regard, Martin Daemen