Short summary of the needed steps: build samba with the winbindd channel enabled for client auth. Get squid 2.5Stable 3. DO NOT use stable 1. Really. build with --enable-auth=ntlm --enable-ntlm-auth-helpers=winbind --with-samba-sources=/path/to/samba.headers follow the samba FAQ on joining the domain. start winbindd - wait a few minutes if you have more than one domain controller. check via wbinfo -t that the secret is good. in squid.conf , uncomment and enable the ntlm auth params. Add a proxy auth acl: acl authed proxy_auth REQUIRED and test for it .. in the 'add your acl's here' section http_access deny !mynetworks http_access deny !authed P.S. After the talk tonight, I'm happy field questions on this. Cheers Rob -- GPG key available at: <http://users.bigpond.net.au/robertc/keys.txt>.
Description: This is a digitally signed message part