Ahh.. Proxies, my favorite subject.
Some basics: First of all, proxies don't care about MAC addresses. They work strictly at the IP layer. Unless you have static IP's, you're never going to be able to get good statistics on individual users without doing user authentication on the proxy. That's always an option, but then you have to deal with all of the associated management costs of that, too.
Even if you can monitor users, it's nearly impossible to do any kind of quota management within Squid, that I know of. The only way that I can think to do it would be a bit clunky. Enable logging user authentication, and make sure your log entries include the file size of each object. At the end of each day, run a script to parse the log and sum up the objects requested by each user and add it all up for your quota period (month, week, etc.). You'd then need ANOTHER script to parse this data and edit the Squid access filters to deny anybody that's over their quota. You could make this script run each hour, every few hours, etc. I've got this first script already written to pull from a squid log format file and sum it up, if you want it.
Nasty, difficult, but that's the only way I see to pull it off with what I know now. That is, unless you want to go out and snag a commercial product like WebSense (that costs $20+/user!) that can do it.
The only thing I found looking through Google was one guy that was trying to develop a system like this down under.
Here's the link. I didn't see anything come out of it, but you might drop him a line and see what he ended up doing (if anything).
- G