James & Cybèle We use the identd server on the win machines for log information and stopping pupils using the internet in the guest accounts that have been set up on our NT network. This is not foolproof, but it is a deterent. In squid.conf we have an ACL: acl block_these_users ident "/var/squid/block_these_users" followed later by http_access deny block_these_users The file block_these_users contains (each name on a separate line) guest1 guest2 . . guestxx Password authorisation is also compulsary through the use of smb_auth which can be obtained from http://www.hacom.nl/~richard/software/smb_auth.html - this where you will find how to set it up also. In squid.conf: authenticate_program /usr/local/bin/smb_auth -W server_name -U server_ip acl domainusers proxy_auth REQUIRED followed later by http_access allow domainusers This works fine with our NT server and our samba servers. Please note there are other (and probably better) ways of achieving this. HTH Mike Rees