Nick, As you do use an AD domain, I'd suggest attacking the AD directly (instead of via the scripts) for the groups. A good thing to do start with for that can be found in the FAQ. You'll need tweaking a bit to have it match your actual domain configuration. If you think it'd be interesting to see it, I can send you a example config for this. You may have separator issues if for winbind you use another sign than "\" as separator. Check a patch I submitted on squid-devel a year ago or something for a (quick and dirty) solution to that. You can use the squid_ldap_group helper to do that and use the lists from blacklist.com directly in your squid.conf file using acls defined by dstdomain and the files provided by blacklist.com. That way you should be able to do the filtering you need without SquidGuard. It will make your squid.Conf a little more complex but I think it's worth the trouble. Hope it helps. F. >-----Original Message----- >From: Nick Duda [mailto:nduda@xxxxxxxxxxxxxx] >Sent: Wednesday, January 03, 2007 5:07 PM >To: squid-users@xxxxxxxxxxxxxxx >Subject: ditch squid or not? >________ >Disclaimer: This e-mail is intended for the exclusive use by the person(s) > mentioned as recipient(s). >This e-mail and its attachments, if any, contain confidential information >and/or information protected by intellectual property rights or other rights. >This e-mail does not constitute any commitment for ING or its subsidiaries >except when expressly otherwise agreed in a written agreement between the >intended recipient and the originating subsidiaries of ING, sender of the mail. >If you receive this message by mistake, please, notify the sender with the >"reply" option and delete immediately this e-mail from your system, and >destroy all copies of it. >You may not, directly or indirectly, use, disclose, distribute, print or copy, > this e-mail or any part of it if you are not the intended recipient. >You have to take at any time all necessary measures against viruses. > >