Hi, Thank for replying I tried to do the change but infortunally it's still not working... any other ideas? Regards, Joseph L. Casale wrote: > >>I have 3 users for my test: >> >>Admin (who is member of InternetAccess) >>User1 (who is a domain account but not member of InternetAccess) >>User2 (who is a local account of my pc-client) > > /snip > >>The problem appear with user1 who is supposed to don’t have an access to >>internet, but after logon on windows he can go through. > > /snip > >>acl xptest src 10.100.30.0/255.255.255.0 > > /snip > >>http_access allow xptest > > > Who's xptest? You allowed that whole subnet through? > > I am not an expert, but I do it like this: > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp --require-membership-of=DOMAIN\\GROUP > auth_param ntlm children 5 > > acl ntlm proxy_auth REQUIRED > acl our_networks src 192.168.0.0/24 192.168.2.0/24 > > http_access allow ntlm our_networks > http_access deny all > > HTH, > jlc > > > -- View this message in context: http://www.nabble.com/Squid-3.0-and-Active-Directory-tp22180799p22199795.html Sent from the Squid - Users mailing list archive at Nabble.com.
