Вот кусок
(-enable-external-acl-helpers=wbinfo_group)
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
ntlm_auth это не от сквида а от самбы
external_acl_type NT_GROUP %LOGIN /usr/lib/squid/wbinfo_group.pl
acl Inet_ports port 80 # http
acl Inet_ports port 21 # ftp
acl Inet_ports port 443 563 # https, snews
acl Inet_ports port 70 # gopher
acl Inet_ports port 210 # wais
acl Inet_ports port 280 # http-mgmt
acl Inet_ports port 488 # gss-http
acl Inet_ports port 591 # filemaker
acl Inet_ports port 777 # multiling http
acl Inet_port port 28805 # WinXP Games
acl admins external NT_GROUP DOMAIN\ISA-UNLIMITED
acl isa-internet external NT_GROUP DOMAIN\ISA-INTERNET
http_access allow admins
http_access allow Inet_ports isa-internet
http_access deny all