[squid-users] proxy_auth + user group

Hi friends, iam a network admin and iam migrating my NT proxy to a FreeBSD
system, but the NT still working up and managin my network. Every machine
still needing of NT to make the LOGON at Network.
Its a Network with 670 computers and 1,200 users.
I installed the squid proxy and my squid need to have the foolow
configuration:

 3 groups of users:

 1 - INTERNET1 - this group will have 100% internet access with no
restritions (acl name is u_total)
2 - INTERNET2 - this group will have internet access but some sites will be
restricted (acl name is u_rest)
3 - TIME-USERS - this group will have internet access just at lunch time.
(acl name is u_hora)

 My squid are using smb_auth to authenticate the users directly to my NT
box.
my squid.conf acl is something like:

 ---squid.conf
 acl all src 0.0.0.0/0.0.0.0
 authenticate_program /usr/local/bin/smb_auth -W LIDER -U 132.147.16.29
 acl u_total proxy_auth REQUIRED
 acl u_rest proxy_auth REQUIRED
 acl u_hora proxy_auth REQUIRED
 acl forb url_regex "/usr/local/etc/squid/contas/forb"
 acl manha time 8:00-12:00
 acl tarde time 13:00-18:00
 acl noite time 19:00-23:45
 http_access allow u_rest forb (allow to u_rest group users but
restricting sites) (???)
 http_access allow u_total (allow to all users from u_total - no
restrictions site)
 http_access deny u_hora manha (deny in certain hour for u_hora group)
 http_access deny u_hora tarde (deny in certain hour for u_hora group)
  http_access deny all
 --- eof: squid.conf

 Problem: When iam using an external programa to proxy authentication, i
cant set just a group to my users?
 how can i put the squid.conf to deny some sites just to u_rest group?
 i tryied that line but with that squid.conf all users are getting the
url_regex.....

 I tried to do with `ident_lookup on` but most of my users are using winXX
boxes and it dont runs ident server, then e got smb_auth to work.>
 iam waiting for any hlp, very thanks in advanced!

----
 Pedro Azzi (pedro@azzi.com)