Thank you for reading this.

Currently I am building a network, with about 350 users.
My hardware:

Servers

1xFujitsu-Siemens RX100S2e
P4 processor, 1GB ram, LSI SATA raid controller, 160GB storage (raid1)
1xFujitsu-Siemens RX200S2
Xeon 3Ghz, 1GB ram, LSI SCSI raid controller, 37GB storage (raid1)

And some Cisco routers + pix firewall.

Desired situation:

Users boot their pc's, get an ip, and have no clue what happens behind the scenes, apart from the fact that they have to input a username and password to gain access to internet (Http, Ftp, SSL, Smtp, Pop3, dns).

Technical info:

DHCP is performed by a router.
Dns has to be masked so that the user sees only a gateway ip, not the actual DNS server's ip. Can squid do this when I route all DNS requests to that server?
I figure HTTP and SSL can be cached by Squid and protected by username and password.
For FTP, SMTP and Pop3, I have no clue, uses mustn't be able to directly reach a server without first entering a username and password (before the server's own verification).

Server configuration:

Fujitsu RX100 = Backup server, running Ghost for entire network, not important in this question.
Fujitsu RX200 = Linux box, currently running Debian, but any other distro should run fine. This is the box that has to do all the user authentication and caching.

My question:

Could someone please tell me what daemons to run in order to get the desired output. As in, what and how to configure to make sure all users have to authenticate (perhaps that info can go in a SQL database, easier since reachable by all) for the services I described.
I am currently running squid, but I noticed it's fairly hard to set up, and it doesn;t support ftp authentication (I think).

Can anyone help me with this?

My cisco and windows knowledge isn't the problem, I am just hitting a wall concerning my Linux knowledge.

P.S. Managing it all with webmin would be even better.