My sperator is + I've tried all kinds of things: auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=domain\\"Domain Users" auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="domain\\Domain Users" auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="domain\Domain Users" auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="domain\\Domain Users" auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="Domain Users" -----Original Message----- From: Joseph L. Casale [mailto:JCasale@xxxxxxxxxxxxxxxxx] Sent: Wednesday, July 29, 2009 3:07 PM To: Nick Duda; squid-users@xxxxxxxxxxxxxxx Subject: RE: proxyauth for certain active directory users >I have everything setup as documented but its not working. The >proxy is joined to the domain, wbinfo -g/-u gives results. Without >the --require-membership-of switch If I supply a valid domain users >credentials it works. This is running latest build of 2.7. >NTLM Authentiation >auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of="domain\somegroup" I only have a production rig setup and I can't interrupt it, but off the top of my head I would assume your winbind separator is a "\" but if I recall the needed syntax when using the slash as a separator, you need to escape the slash:) Try a \\ and see if that works, or set winbind to use the default domain possibly and just put the group name in? Anyway, sorry for not being more precise, but that should help. You can run ntlm_auth manually to view the output for debug purposes. That should yield any config errors clearly. jlc
