Hi, For (windows) machines in the Domain, NTLM can be used, as can LDAP to authenticate my users. Next would be NTLM will fall back to LDAP, to allow Linux users, and WIndows machines not in the domain access: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 10 startup=1 idle=5 auth_param basic program /usr/local/squid/libexec/basic_ldap_auth -d -R -b "dc=mydomain,dc=net" -D account2@xxxxxxxxxxxx -W /etc/squid/ldappass.txt -f sAMAccountName=%s -h ldap.mydomain.net auth_param basic realm Proxy LDAP - Enter credentials If machines are not in the domain, LDAP on its own will work, but not the fallback from NTLM to LDAP In the logs, there are entries like the following, that would seem to indicate that its not falling over to ldap correctly: Proxy-Authenticate: Basic realm="Proxy LDAP - Enter credentials" Proxy-Authorization: NTLM DUMMYSTUFFAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== Proxy-Authenticate: NTLM DUMMYSTUFFIABAAOAHYAcAB0AHQALgBjAGgAAwAoAHMAaQBzAHQAZwBkAGIAbwBzAGUAMQAyAC4AdgBwAHQAdAAuAGMAaAAAAAAA I've been trying with several different browsers, and they behave each a little differently. Should it be possible to do ntlm and then fall back to ldap, is there a configuration option I've missed perhaps? Thanks, Sean
