I am trying to get a squid proxy setup where the parent cache used will differ by the NTLM group membership. I have they NTLM auth's working fine, will deny access based on group membership. However, when I try to set up the different caches, the ACL seems to not be respond. They are actually the same parent cache, just with different upstream accounts. So I have proxy1 - General Use Proxy proxy2 - Slightly less restrictive proxy group1 - General use AD group group2 - Less Restrictive AD group using cache_peer_access proxy2 allow group2 never kicks any requests to proxy2. If I comment out proxy1, I get a "Failed to Select Source" error in the cache.log. I know that the AD group checking is working because if I do http_access deny !group2 any user is group1 will get a user needs to auth type message in their browser, and disabling that line lets them get to the site. Am I doing this incorrectly? I read somewhere that using the cache_peer_access with an external_acl (the AD groups) is not ideal and will occasionally return the incorrect parent, but I can't find any other way to do this. Any thoughts and suggestions would be greatly appreciated. Thanks, Andrew
