Hi, Thanx for the tip. I had to define an additional acl and than it worked. Now the problem is that I would like to allow only members of a specific group to access internet. For this I have the following line in my config file. external_acl_type Internet %LOGIN /usr/lib/squid_ldap_group -R -b "dc=domain,dc=eu" -D "cn=test1,cn=Users,dc=domain,dc=eu" -w "test1" -f " (&(objectclass=person)(sAMAccountName=%v)(memberof=cn =%a,ou=Users,dc=domain,dc=eu))" -h MyIPAddress Under TAG:ACL acl localnet proxy_auth REQUIRED src xxx.xxx.xxx.xxx/24 acl InetAccess external Internet Testgroup Tag:http_access http_access allow InetAccess This is what i additionaly set up after which the internet was working http_access allow localnet I even defined a denygroup and added a test user but i still can access to internet by using that user. I think somehow the syntax of group authentication is not complete. Best Regards, Saqib |-----------------------------+-------------------------------------------| | Henrik Nordstrom | | | <henrik@xxxxxxxxxxxxxxxxxx| | | t> | An| | | "Saqib Khan (horiba/eu)" | | 01.09.2006 16:48 | <saqib.khan@xxxxxxxxxx> | | | Kopie| | | squid-users@xxxxxxxxxxxxxxx | | | Thema| | | Re: Squid LDAP| | | authentication with 2003 AD | | | | | | | | | | | | | | | | | | | |-----------------------------+-------------------------------------------| On Fri, 2006-09-01 at 15:07 +0200, Saqib Khan (horiba/eu) wrote: > > Hello List members, > > I am getting problem after authenticating a user over ldap. After getting > authenticated I get the following error message: > > ERROR > The requested URL could not be retrieved > > > While trying to retrieve the URL: http://www.google.de/ > > The following error was encountered: > > Access Denied. Which says that the request was denied your http_access directives (or maybe http_reply_access or miss_access). The authentication as such most likely worked fine. Regards Henrik