I have squid configured with NTLM auth and in the squid logs with squid in
debug mode in cache.log squid first reports DENIED access to a site because
they are a member of AuthorizedUsers and then it says it is ALLOWED because
they are a member or AuthorizedUsers group so my question is why does Squid
first deny it and then after it says ALLOWED.

This is seamless to the user they do not see it being DENIED and then
ALLOWED but it seems squid is doing twice the work.

Below from cache.log
2004/04/16 09:13:50| The request GET http://somesite.edu/ is DENIED,
because it matc
hed 'AuthorizedUsers'
2004/04/16 09:13:50| The request GET http://somesite.edu/ is ALLOWED,
because it mat
ched 'AuthorizedUsers'





Jim