After upgrading Fedora Core 3 to Fedora Core 4, my squid setup was upgraded from 2.5.STABLE6 to 2.5.STABLE11. I'm using ntlm authentication using winbindd, using group membership in Active Directory to split users into groups who have full, limited or no access to the Internet. Because of ntlm, most users don't even realize they are using authentication to access resources on the Internet. Until now. Users who are denied access because of a proxy_auth ACL now are rechallenged endlessly, allowing them to authenticate differently, instead of just getting an access denied message based on their current credentials. Going through the mailing list archives, I can only find one reference to this issue, namely someone asking for this new type of behaviour, arguing this is the way MS ISA behaves. Well, I really prefer the old behaviour, so I hope the behaviour is not hardcoded, but configurable. Is it? Thanks, Pim
