>I have 3 users for my test: > >Admin (who is member of InternetAccess) >User1 (who is a domain account but not member of InternetAccess) >User2 (who is a local account of my pc-client) /snip >The problem appear with user1 who is supposed to don’t have an access to >internet, but after logon on windows he can go through. /snip >acl xptest src 10.100.30.0/255.255.255.0 /snip >http_access allow xptest Who's xptest? You allowed that whole subnet through? I am not an expert, but I do it like this: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN\\GROUP auth_param ntlm children 5 acl ntlm proxy_auth REQUIRED acl our_networks src 192.168.0.0/24 192.168.2.0/24 http_access allow ntlm our_networks http_access deny all HTH, jlc
