I have since worked on this issue some more, and I have come to find the information from my first email must work correctly. Here is another section of my squid.conf: ------------------------------------------------------------------------ auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm use_ntlm_negotiate off auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off ------------------------------------------------------------------------ If I comment out the section "auth_param ntlm ...", I am able to see my ACLs working as they should. I have uncommented the "auth_aram ntlm .." settings, and am back at square 1. From the command prompt, basic works fine, but does not: (see below) #ntlm_auth --helper-protocol=squid-2.5-ntlmssp domain\user password utils/ntlm_auth.c:manage_squid_ntlmssp_request(576) BH After reading the man on ntlm_auth, I checked winbindd_privileged and the settings for it is root:squid and permissions 750. This seems to be the proper setting. I am not sure what else I need to be doing in order to get this going. Any help would be appreciated Casey Our company has a proxy server running on RH8.0. My job is to setup a second proxy server that will be acting as a primary proxy for another location. The OS I am using is CentOS 4.1, which came loaded with squid-2.5.STABLE6-3.4E.5. I copied the ACLs from the production proxy server. I am in the process of trying to see if everything is working properly, but it seems the squid.conf is not reading the users.txt, powerusers.txt, or anything with the acl [name] proxy_auth "" configuration. I am able to get to sites listed in the whitelist.txt. Outside of that, I cannot go anywhere (such as www.google.com). The production server allows this. I added .google.com to the whitelist.txt on the machine I am trying to setup, and then it works, but I do not understand why it is not working without being in the whitelist.txt. Below are my squid.conf acl settings. The part I thought would allow me to access google or other not whitelist.txt sites (other than blacklist, and sites for powerusers) was the acl AuthLimitedUsers proxy_auth REQUIRED What am I missing? --------------------------------------------------- acl DoNotCacheWebSites dstdomain "/etc/squid/rules/donotcachewebsites.txt" acl Freemarkets dstdomain .freemarkets.com acl MyTextron dstdomain .mytextron.com acl WComNet dstdomain .wcom.net acl Corrlink dstdomain .weyerhaeuser.com acl SchwabPlan dstdomain .schwabplan.com acl LindWaldock dstdomain .lind-waldock.com acl BrownListWebsites dstdomain "/etc/squid/rules/brownlist.txt" acl BlackListWebsites dstdomain "/etc/squid/rules/blacklist.txt" acl BlackListIpAddresses dst "/etc/squid/rules/blacklistipaddr.txt" acl BlackListIpAddress1 dst 64.73.35.120 acl OpenAccessWhiteListWebsites dstdomain "/etc/squid/rules/openaccesswhitelist.txt" acl OpenAccessWhiteListIpAddresses dst "/etc/squid/rules/openaccesswhitelistipaddr.txt" acl WhiteListWebsites dstdomain "/etc/squid/rules/whitelist.txt" acl WhiteListIPAddresses dst "/etc/squid/rules/whiteipaddr.txt" acl AuthLimitedUsers proxy_auth REQUIRED acl AuthPowerUsers proxy_auth "/etc/squid/rules/powerusers.txt" acl AuthIPAddresses src "/etc/squid/rules/poweripaddresses.txt" acl AuthSafeAccessUsers proxy_auth "/etc/squid/rules/users.txt" acl OverRideBrownListUsers proxy_auth "/etc/squid/rules/ovrdbrownlist.txt" #http_access allow manager all http_access allow manager our_networks #http_access allow all open_for_ip_address http_access allow all Freemarkets http_access allow all MyTextron http_access allow all Corrlink http_access allow all SchwabPlan http_access allow all WcomNet http_access allow all LindWaldock http_access allow all AuthSafeAccessUsers http_access allow all AuthPowerUsers http_access allow all AuthIPAddresses http_access allow all OpenAccessWhiteListWebsites http_access allow all OpenAccessWhiteListIpAddresses http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access deny !our_networks http_access allow BrownListWebsites OverRideBrownListUsers http_access deny all BrownListWebsites http_access deny all BlackListWebsites http_access deny all BlackListIpAddresses http_access deny all BlackListIpAddress1 #http_access allow all AuthSafeAccessUsers http_access allow WhiteListWebsites AuthLimitedUsers http_access allow WhiteListIPAddresses AuthLimitedUsers http_access deny all --------------------------------------------------------
