Hi all, Basically I have, at length and with the help of serveral guides written by people who know far more about linux that me, built an Intenet Filter using squid and dansguardian running on Ubuntu (desktop - not the server edition). It works fine, we use a little program on the client called smoothwallIDT (no relation to the smoothwall products themselve I'm told) that basically wraps the username and computer details in the IDENT protocal. DansGuardian can then read it and give appropriate group access (banned, moderate filtering, heavy filtering, unbanned). The trouble has been that the idt program sometimes doesn't load on boot and so users are not getting internet. So this time I built the filter, bound it to the domain using winbind, samba, kerberos, squid and dans, and with much fiddling have fudged it to authenticate directly from Active Directory using NTLM. All well and good - this does actually work. But it is unusably slow. It never takes less than 5 minutes to load google. Yahoo is timed at 9 minutes. The filter is designed to authenticate using either IDENT or NTLM, so if the idt program is running it uses that intead. In that case, it works fine and loads in seconds. Now admittedly I'm not running this system on a proper server, just a desktop workstation. But it is a brand new desktop, an HP dc5800, C2D 3GHz, 2 GB ram, etc. And it is just me on my lone computer having my internet filtered to test it, rather than the whole school. So I don't think it has any excuse to be this slow!! As I understand it, ntlm_auth uses a handshake protocol to authenticate, but nothing I have read implies that it should be this slow. If I swap over and make people use this, they will thing that we just downgraded to dial-up modems Any thoughts on what I could do to speed things up? Many thanks!!