I´ve heard it´s possible to use MS NT/AD Groups if you use wb_ntlmauth. I´ve found this auth mechanism too hard to configure, though (it requires you to configure winbind - and maybe kerberos, also). I know nothing about msnt_auth. Here we use ntlm_auth. We´ve chosen not to use groups because our old proxy (MS ISA Server) showed itself very ineficient with that configuration: every single change made on group membership to give or revoke user´s access to some site, required us to wait for AD replication and the user to logoff and logon his machine again. If we had made some mistake (put the user in the wrong group, for example), we had to it all over again. It was terrible! Text files with Squid showed themselves much more reliable and faster to solve problems ando to put things working. If you think that it can help, I can send you na example of a working squid.conf with wb_ntlmauth, from a company where some friend work. If you don´t mind, could you please send me your auth_param lines for msnt_auth? I´m curious to try that authentication mechanism... Thanks a lot! And hope I´ve helped... Best regards, Luis Talora > -----Mensagem original----- > De: Brian Bepristis [mailto:BBepristis@xxxxxxxxxxx] > Enviada em: quarta-feira, 18 de janeiro de 2006 18:21 > Para: squid-users@xxxxxxxxxxxxxxx > Assunto: MSNT_auth - Group Requests > > Okay I have squid running V. 2.5.STABLE9 using msnt_auth > works great however I want to know if there is a way I can > use NT Groups to lock down users access I have groups for > every department and some of them dont need access to the > internet I am having problems with wb_ntlmauth and ntlm_auth > that I cant seem to get around so If there is a way to do it > with msnt_auth I would like to please advise > > > Brian > >