If you want squid to always prompt for authentication against MS AD (which is worse than NTLM because it gives users an additional opportunity to share passwords or try others, and it adds extra IT support overhead when people call in for support on what their web password is) use ldap_auth against the AD servers. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com
