Hi all, I have a Squid v2.5 Stable 3 system which uses NTLM authentication to authenticate users to an active directory domain. This works fine. Only valid domain users can use the proxy.
I also use delay pools to throttle bandwidth - this also works fine. What I want to do is add new delay pools which will be applied based on a proxy_auth acl. I have tried setting this up - but no matter what variations I try the acl doesn't seem to be matching up with the users selected. Here is the appropriate parts of squid.conf... The non-proxy auth acls work fine. acl abc_net src 10.0.0.0/255.255.0.0 acl bypass_delay proxy_auth -i "/usr/local/squid/etc/bypass_delay" acl delayed_users proxy_auth -i "/usr/local/squid/etc/delay_users" acl delayed_files urlpath_regex -i \.exe$ \.zip$ \.msi$ \.pdf$ \.ace$ \.?[0-9][0-9]$ \.swf$ \.gz$ acl delayed_webcam1 urlpath_regex -i webcam acl delayed_webcam2 urlpath_regex -i \.gif \.png \.swf \.jpg \.jpeg delay_pools 5 delay_class 1 3 delay_class 2 1 delay_class 3 3 delay_class 4 3 delay_class 5 3 delay_access 1 allow delayed_users delay_access 1 deny all delay_access 2 allow bypass_delay delay_access 2 deny all delay_access 3 allow delayed_webcam1 delayed_webcam2 delay_access 3 deny all delay_access 4 allow delayed_files delay_access 4 deny all delay_access 5 allow abc_net delay_access 5 deny all delay_parameters 1 2000/2000 2000/2000 2000/2000 delay_parameters 2 -1/-1 delay_parameters 3 8000/8000 8000/8000 2000/2000 delay_parameters 4 25000/100000 25000/100000 8000/16000 delay_parameters 5 25000/100000 25000/100000 16000/16000 Given the domain name is ABC.. I have tried all of the following in the files defined... ABC\username ABC\\username username username$ None of which work. I have tried changing the acls so they look like... acl bypass_delay proxy_auth -i ABC\\username username username$ acl delayed_users proxy_auth -i ABC\\username2 username2 username2$ This doesn't work either. In all cases it is delay pool 5 which is applied. Any ideas on what I could do to get to my intended outcome? Regards, Ken.