Gary We've set up squid to use smb-auth (small and free) to authenticate users against a (RM)NT server. Seems to work fine. I think this is all it does though, i.e no record of login attempts etc. We also run an ident server (small and free) as a service on our (Win 95, 98) workstations which will allow identification of the user. You can then set up squid with an acl to carry out an ident lookup for requests. This will allow you to allow/disallow certain users eg. disallow guest1, naughty_pupil, guest2 etc. I think a side effect of this is that the user name is logged in access.log for each request. Depending on the number of users you might notice a performance hit because squid will do an ident lookup for each request it receives. Nobody's moaned yet! The only problem we've had is that some pupils had certain characters in their passwords which smb_auth didn't like. Hope this helps Mike Rees Ysgol Glanymor School