Захожу в access.log и пишется такое:
1216877961.436     87 192.168.1.52 TCP_MISS/304 149 GET http://runonce.msn.com/images/bg_2.png - DIRECT/213.199.171.140 -
1216877961.495     82 192.168.1.52 TCP_MISS/304 149 GET http://runonce.msn.com/images/settingbody_bg.png - DIRECT/213.199.171.140 -
1216877961.508     94 192.168.1.52 TCP_MISS/304 149 GET http://runonce.msn.com/images/reqsetting_bg.png - DIRECT/213.199.171.140 -
т.е. после адреса сайта идет прочерк, хотя должен писаться пользователь который посетил этот сайт. Самба соединена с доменом.
Ниже привожу свои конфиги сквида и самбы

http_port 3128
cache_effective_user squid
cache_effective_group squid
hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 36 MB
cache_store_log none
cache_dir ufs /usr/local/squid/cache 50 16 256
access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
emulate_httpd_log off
cache_mgr admin@test.ru

ftp_user anonymous@test.ru

redirect_children 20
dns_nameservers 192.168.1.13

auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:         &n... 1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

#  time
acl work_time time SMTWHFA 8:00-19:00

# kto
acl all src 0.0.0.0/0.0.0.0
acl office src 192.168.1.1/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl god src "/usr/local/etc/squid/god"
acl halfgod src "/usr/local/etc/squid/halfgod"
acl ploh src "/usr/local/etc/squid/bd"
acl godmail src "/usr/local/etc/squid/godmail"
# media

#porti
acl SSL_ports port 443 563 5190 9091
acl Safe_ports port 80          # http
acl ICQ_ports port 5190         #ICQ
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563 2083        # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 102         # klient orel

acl time_1 time 17:30-23:59
acl time_2 time 00:00-09:00

#sodergimoe
acl stop_files url_regex -i \.exe \.mp3 \.rpm  \.avi \.mpeg  \.iso \.wav \.mov \.ogg \.wma \.wmv
acl stop_files2 rep_mime_type application audio video
acl porno  url_regex "/usr/local/etc/squid/por"
acl ne_porno  url_regex "/usr/local/etc/squid/neporno"
acl spmail  url_regex "/usr/local/etc/squid/spmail"
acl CONNECT method CONNECT

acl myusers proxy_auth REQUIRED

http_access allow halfgod time_1
http_access allow halfgod time_2
http_access allow god
http_access allow  ploh ne_porno Safe_ports
http_access deny  ploh
http_access deny stop_files
http_access deny stop_files2
http_access deny !office

http_access allow localhost
http_access deny manager

http_access allow ICQ_ports
# Ya
http_access allow myusers ICQ_ports
http_access allow myusers SSL_ports
http_access allow godmail spmail
http_access allow myusers Safe_ports
http_access deny porno
http_access deny all

http_reply_access allow all
icp_access allow all

visible_hostname free.test.local

logfile_rotate 3

coredump_dir /usr/local/squid/cache
error_directory /usr/local/etc/squid/errors/Russian-1251
pid_filename /usr/local/squid/logs/squid.pid

#KERBEROS
[libdefaults]
        default_realm = TEST.LOCAL
        clockskew = 300
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }

[realms]
        TEST.LOCAL = {
                kdc = SERV.TEST.LOCAL
                admin_server = SERV.TEST.LOCAL
        }
[domain_realm]
        .akti.local = AKTI.LOCAL

/etc/nsswitch.conf:

     group: files winbind
     passwd: files winbind
     group_compat: nis
     passwd_compat: nis
     hosts: files dns
     networks: files
     shells: files

#SAMBA
[global]
      workgroup = TEST
      server string = Samba File Server
      netbios name = smb
      security = ads
      hosts allow = 10.61.25.0/24 127.0.0.1
      log file = /var/log/samba/log.%m
      max log size = 500
      password server = serv.test.local
      encrypt passwords = yes
      realm = TEST.LOCAL
      socket options = TCP_NODELAY
      os level = 1
    
      display charset = koi8-r
      unix charset = koi8-r
      dos charset = cp866
      winbind use default domain = yes
      winbind uid = 10000-15000
      winbind gid = 10000-15000
      winbind enum users = yes
      winbind enum groups = yes
    
    [homes]
      comment = Home Directories
      path = /home/%U
      browseable = no
      writable = yes

Домен с самбой встал отлично, /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic отрабатывается тоже отлично, не знаю куда смотреть.