>My sperator is + Ok, then you simply separate domain and group with a plus. It doesn't need to be escaped. >I've tried all kinds of things: > >auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=domain\\"Domain Users" >auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="domain\\Domain Users" >auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="domain\Domain Users" >auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="domain\\Domain Users" >auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of="Domain Users" Well, none of those actually look right:) I am guessing of the built in group you want to actually use is "Domain Users" then your syntax would be: --require-membership-of=domain+Domain\ Users If your using the domain name in the string, then make sure: winbind use default domain = false Also, not knowing your domain name, mine has a "-" in it, so I write my string like this: --require-membership-of=domain\-name+Squid I suggested you run it manually, you'll see what's going on immediately. (Or check the logs :>) >From the console on my proxy: #/usr/bin/ntlm_auth --require-membership-of=DOMAIN\-NAME+Domain\ Users --username=jcasale password:<...> NT_STATUS_OK: Success (0x0) HTH... jlc
