Hi,

I'm a trying to setup an ACL based on username or a group on my squid
configuration. I'd be grateful if someone could assist.
I'm trying to setup an ACL that allows a user to bypass the normal
access controls, if they are referenced in the ACL. Something along the
lines of :
acl goodusers ident tom
http_access allow goodusers

I have my squid server configured with samba and NTLM authenticating
against AD2003. All appears to be configured correctly from various
userid look ups. The squid logs are picking up the userid's in the
access.log file. NTLM_AUTHS are working correctly.

When I start up squid, it accepts the configuration, but if the user
'tom' attempts to a site that would be outside of the normal
restrictions, the squid server is returning a 403 error. I'm guessing
that I have the "acl goodusers.." line incorrect, or I have the
http_access line in the wrong location. Is the above syntax correct, or
should I have something else other than "acl goodusers ident tom" ?

If I do a "ntlm_auth --username=tom" the response back is NT_STATUS_OK:
Sucess (0x0).

As a follow on question to that, if I was to have a group setup on
AD2003 called "InternetBypass" how would you write the acl for it.
Any suggestions you could provide would gratefully be appreciated
Thanks in advance.
PD