I'm trying to use AD LDAP authentication but I have to keep backward compatibility for computers which are in workgroups. I'd like permit Internet access according to IP ADDRESS listed in file 'per_ip' (for workgroup PC) and others by AD LDAP authentication (MS domain PC). My problem is understanding Squid behaviour where there is AD LDAP authentication, that is when Example: 1- acl videosp req_mime_type -i ^application/x-shockwave-flash$ 2- acl audiosp rep_mime_type -i ^application/x-mms-framed 3- acl emmepitre url_regex ^http://.*\.mp3 4- acl onlyforip src "/etc/squid/per_ip" 5- acl ldap-auth proxy_auth REQUIRED 6- http_access deny audiosp 7- http_access deny videosp 8- http_access deny emmepitre 9- http_access allow onlyforip 10- http_access allow ldap-auth accesso_esclusivo_ip_pc 11- http_access allow localhost 12- http_access deny all For precedence of evaluating rules, when I open my browser, what rule does Squid analyze ? I think rule 6, but how Squid knows if client have to use LDAP Authentication or to look at in the file 'onlyforip' to grant Internet access for IP Address ? I think Squid first has to look at the rules 9 and 10, so I think there is priority of rules which is not dependent from rules sequence ?! I'd like solve my doubt
