Hi, On a SQUID 3.1.23, we use Active Directory Authentification, with some user/group definition. I'm trying to access with 2 different user a web site that need some authentication. With these two nearly identical user (except the name, they belong to the same AD group), one work, the other not... On the same PC (mine)/. Any Idea where to look ? Here is the log: user1 working, user2 not. root@metis (0) lun. déc. 02 14:31:28 /etc/squid3>tail -f /var/log/squid3/access.log|grep 10.2.41.1 1385991126.828 0 10.2.41.1 TCP_DENIED/407 2404 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports - NONE/- text/html ** here come the Auth box from IE ** 1385991131.345 13 10.2.41.1 TCP_MISS/401 2072 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 DIRECT/193.251.215.217 text/html 1385991144.805 20 10.2.41.1 TCP_MISS/401 2208 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 DIRECT/193.251.215.217 text/html 1385991144.834 23 10.2.41.1 TCP_MISS/301 568 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 PINNED/193.251.215.217 text/html 1385991144.893 15 10.2.41.1 TCP_MISS/401 2072 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports/ user1 PINNED/193.251.215.217 text/html 1385991144.985 49 10.2.41.1 TCP_MISS/401 2272 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports/ user1 DIRECT/193.251.215.217 text/html 1385991145.020 21 10.2.41.1 TCP_MISS/200 756 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports/ user1 PINNED/193.251.215.217 text/html 1385991145.368 16 10.2.41.1 TCP_MISS/401 2072 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports/main.asp? Jvernet PINNED/193.251.215.217 text/html ^C root@metis (0) lun. déc. 02 14:32:25 /etc/squid3> root@metis (0) lun. déc. 02 14:33:03 /etc/squid3>tail -f /var/log/squid3/access.log|grep 10.2.41.1 1385991188.009 0 10.2.41.1 TCP_DENIED/407 2404 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports - NONE/- text/html 1385991216.316 42 10.2.41.1 TCP_MISS/401 2235 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html 1385991229.107 17 10.2.41.1 TCP_MISS/401 2307 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html 1385991229.146 34 10.2.41.1 TCP_MISS/401 2054 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html 1385991230.492 26 10.2.41.1 TCP_MISS/401 2307 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html 1385991230.528 31 10.2.41.1 TCP_MISS/401 2054 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html 1385991231.172 26 10.2.41.1 TCP_MISS/401 2307 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html 1385991231.216 40 10.2.41.1 TCP_MISS/401 2054 GET http://rtr.flexiblecontactcenter.orange-business.com/realtimereports user1 FIRST_UP_PARENT/127.0.0.1 text/html An extract of my squid.conf http_port 3128 acl NOCACHE url_regex -i "/etc/squid3/nocache.url" cache deny NOCACHE ... acl Authenticated proxy_auth REQUIRED acl directaccess external ad_group www-directaccess <user1 and user2 belong to this same AD group acl activefilter external ad_group www-activefilter acl directurls dstdomain "/etc/squid3/directurls" http_access allow directurls always_direct allow directurls http_access allow localhost acl restrictedfilter01 external ad_group www-restricted01 acl restrictedfilter02 external ad_group www-restricted02 acl goodsites01 url_regex "/etc/squid3/contentlist01" acl goodsites02 url_regex "/etc/squid3/contentlist02" http_access deny !Safe_ports activefilter http_access deny !Safe_ports restrictedfilter01 http_access deny !Safe_ports restrictedfilter02 http_access allow goodsites01 restrictedfilter01 http_access allow goodsites02 restrictedfilter02 http_access allow directaccess always_direct allow directaccess http_access allow activefilter http_access allow directaccess SSL_ports http_access allow activefilter SSL_ports http_access deny restrictedfilter01 http_access deny restrictedfilter02 http_access deny !Authenticated !localhost http_access deny all http_reply_access allow all icp_access allow all ... always_direct allow localhost always_direct allow directurls never_direct allow activefilter forwarded_for off never_direct deny all