We have a need for an authentication override for NTLM, for example there are users that share a computer for access, but the systems is logged with a generic account to Active Directory. We would like to know who is going where so the generic account doesn't have Internet access, but the users have another AD account for Internet only, and would like to give them the ability to get to the Internet without having to log out and log back into windows. We have smartfilter installed so users actually all have access but the default access is very restricted (fbi.gov, weather.com, etc.), If the users are in our Standard Internet group then they can get to more, and of course we have users that have unrestricted that can get to almost everything. So can we provide a weblink or a form that would allow them to override the NTLM authentication, or change the credentials from the browser. relevant parts of squid.conf: smartfilter_state on smartfilter_config /opt/squid/etc/config.txt smartfilter_userinfo_program /opt/squid/libexec/sf_userinfo -f /opt/squid/etc/config.txt smartfilter_userinfo_children 15 auth_param ntlm program /opt/samba/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 30 auth_param basic program /opt/samba/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 15 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl all src 0.0.0.0/0.0.0.0 never_direct allow all acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 443 563 # https, snews acl Safe_ports port 1025-65535 # unregistered ports acl CONNECT method CONNECT acl AuthorizedUsers proxy_auth REQUIRED no_cache deny QUERY http_access allow all AuthorizedUsers http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny all Thank you, Brian
