> Ok, I scrapped the radius authentication and went back to NTLM. Is it > possible to check for a group membership during/after authentication to > allow a user to use SQUID? For instance, I want to be able to take away > or grant access to the proxy based on an AD group membership. > Yes, its done with an external acl helper that checks group. I can't seem to find a good config example but these sort of cover whats needed: http://wiki.squid-cache.org/KnowledgeBase/NoNTLMGroupAuth http://wiki.squid-cache.org/ConfigExamples/WindowsAuthenticationNTLM?highlight=%28auth%29%7C%28group%29#head-b97c45f4010166071a17e433b4433cd642defc1f Amos
