Sort of new to mailing lists but here goes... Been using Squid for two year to regulate corporate web access based on Active Directory group membership. Up until Monday (after a portupgrade on FreeBSD 6.1) it's been working PERFECTLY. Samba and windbindd have been working flawlessly. The current squid.conf is as follows (Any clues as to what's wrong would be MOST helpful as I've been pulling my hair out over this for five days now): # MONITOR Squid hierarchy_stoplist cgi-bin ? http_port 3128 acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir ufs /usr/local/etc/squid/cache 10000 10 10 cache_access_log /usr/local/etc/squid/log/access.log cache_store_log /usr/local/etc/squid/log/store.log pid_filename /usr/local/etc/squid/log/squid.pid debug_options ALL,1 redirect_children 5 auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp # auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 # auth_param ntlm max_challenge_reuses 0 # auth_param ntlm max_challenge_lifetime 2 minute # external_acl_type nt_group ttl=0 concurrency=5 %LOGIN /usr/local/libexec/squid/wbinfo_group.pl # TEST external_acl_type nt_group ttl=0 children=20 %LOGIN /usr/local/libexec/squid/wbinfo_group.pl refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl AuthorizedUsers proxy_auth REQUIRED acl regularusers external nt_group Browser-Users acl allowedurls dstdomain "/usr/local/etc/squid/restrictedusers_allowedurls" acl restrictedusers external nt_group Restricted-Browser-Use acl ALWIZARD dst 65.163.6.109-65.163.6.109/255.255.255.255 65.163.6.110-65.163.6.110/255.255.255.255 acl blockurls dstdomain "/usr/local/etc/squid/blockurls" http_access allow manager localhost http_access deny manager http_access allow regularusers http_access deny !SSL_ports !Safe_ports !CONNECT !ALWIZARD http_access deny all http_reply_access allow all icp_access allow manager localhost AuthorizedUsers regularusers restrictedusers cache_effective_user squid cache_effective_group squid coredump_dir /usr/local/etc/squid/cache # redirect_program /usr/local/libexec/squid_redirect
