Hi, I have been struggling with the next problem for 3 weeks now, and have been unable to find an answer to the problem. My network setup is as follows: LAN Clients: Windows 2000 / XP Network Address: 192.168.2.0 Directory Services: Active Directory All clients are in Domain. Proxy SErver: Windows 2000 Pro / Sp4 with SquidNT 2.6 Stable10. The proxy PC is member of Domain but isn´t a Domain Controller. The problem is: I can´t allow access only to members of a Domain (Active Directory) Group. My squid.conf ---------------------------------------------------------------------------- ------------------------ .... auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 5 .... external_acl_type win_domain_group ttl=300 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G .... acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl InetAllow external win_domain_group internet ... http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow InetAllow http_access deny all ---------------------------------------------------------------------------- ----------------------- With this configuration, all client -> Access Denied When my squid.conf is .. (below) all client can access Internet. .... auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe auth_param ntlm children 5 .... external_acl_type win_domain_group ttl=300 %LOGIN c:/squid/libexec/mswin_check_lm_group.exe -G .... acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl localnet proxy_auth REQUIRED src 192.168.2.0/24 ... http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localnet http_access deny all Anny suggestions? Thanks in advance!
