I am using Squid, Samba3 and winbind with NTLM authentication with a proper configuration for samba, krb5.conf and squid.conf as follows: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes The solution works great for computers who are joined to Active Directory domain however i have a couple of questions regarding clients that are NOT joined: 1- a NON-joined client using IE will have to logon using realm/username and passwd. Is there a way to make him authenticate with only his username and passwd ? NB:It works fine with other browsers such as Firefox. 2- If you use IE with this NTLM auth (on an NON-joined pc) and select the 'save password' checkbox the password gets stored in the registry as if it was for a network location. To delete the record you will have to run "rundll32.exe keymgr.dll, KRShowKeyMgr" This is causing real problems to users. Have you encountered this? and were you able to figure a way out? Thanks again, Samerk
