Hi, I am busy setting up a squid cluster using NTLMv2 to authenticate users. My main concern now is how I could setup a backup Domain Controller server to connect to if the main Domain Controller couldn't be reached. So it's basically a backup DC that will only be used should the main one be unreachable. I join NTLM the following way: #net join -S ServerName -w DomainName -U Username%Password Once that is done I run #winbindd #nmbd Then my squid config looks something like this: acl NTLM proxy_auth REQUIRED auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic realm $host Cache NTLM Authentication auth_param basic credentialsttl 2 hours auth_param basic children $child http_access allow NTLM So it all works fine, challenge response and everything. The only problem now would be if the main DC would go down, all users wouldn't be able to auth. Hence the reason for asking for a way to specify a backup DC to connect to only if the first one is down. I have thought about doing a round robin with dns, but that wouldn't be the ideal way since if the one server is down, half of the requests would go to it, since there is no way of knowing if its down. Thanks in advance, Ian
