Эта документация основана на статье Д.Новикова "Авторизация Windows- пользователей в SQUID на основе их доменных аккаунтов"
Оригинал: http://www.artmagic.ru/labs/sqlandwin.shtml

Building, Installing and Configuring Squid

Building, Installing and Configuring Squid for NTLM authorization

The Winbind interface changed in Samba and therefore, the winbind components of your Squid version may be don't work correctly. To enable the Squid winbind components to work correctly, before compiling squid, replace the Squid versions of winbindd_nss.h located in the squid/helpers/ directories (there are three: one in the basic_auth/winbind, one in the ntlm_auth/winbind, and one in the external_acl/winbind_group directories) with the Samba version of winbindd_nss.h found in samba/source/nsswitch.

Building and Installing Squid

Several command-line options need to be specified during the configure process to ensure Squid is built with support for winbind integration. They are

--enable-auth="ntlm,basic"
--enable-basic-auth-helpers="winbind"
--enable-ntlm-auth-helpers="winbind"
--enable-external-acl-helpers="winbind_group"

Also, to allow squid to throttle bandwidth, the option --enable-delay-pools should be added to the list as well.

After configure is done, run make. Then run make install.

Configuring Squid to work with NTLM authorization

Now the squid.conf file needs to be configured. Edit the squid.conf file and uncomment, edit or add the following lines:

auth_param ntlm program /usr/local/squid/libexec/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_resuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/local/squid/libexec/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

Without starting Squid, run wb_group to test whether or not this tool can determine if a given user is a member of a particular Window's group e.g. run /usr/local/squid/libexec/wb_group -d. At the (lack of) prompt, enter example\\username NoINETAccess. If successful, a list should be displayed of SIDs and groups that this user is a member of followed by "OK" if the user is a member of the specified group. Otherwise, the "ERR" message is displayed. When the "ERR" is displayed in the absence of any SIDs, there was an error by wb_group communicating with the domain. This error is vague and can be difficult to troubleshoot. No specific recommendations can be given when this error is encountered.

It was found that /usr/local/squid/var permissions are not set correctly initially for squid to function properly. Since squid runs as nobody (user and group) when started by root, the var dir user and group need to be changed to "nobody" instead of "root". Apply these changes recursively by running the following commands:

root#chown -R nobody /usr/local/squid/var
root#chgrp -R nobody /usr/local/squid/var

Start squid with the -z option (/usr/local/squid/sbin/squid -z); this creates swap and cache directories. Then start squid normally and test it using a client machine. Set the client machine to use squidy as a proxy server for Internet Explorer.

Configuring Squid to work with NCSA authorization

Now the squid.conf file needs to be configured. Edit the squid.conf file and uncomment, edit or add the following lines:
auth_param basic program /usr/libexec/ncsa_auth /etc/squid/ncsa.sams
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

WARNING!!! NTLM и NCSA authorization don't work corectly in one time

Configuring Squid to work with redirector

Squid has the ability to rewrite requested URLs. Implemented as an external process (similar to a dnsserver), Squid can be configured to pass every incoming URL through a redirector process that returns either a new URL, or a blank line to indicate no change.
SAMS may use a several redirectors, but SAMS doesn't insert redirector support to squid.conf. You must insert support string for your redirector into squid.conf.
For the SAMS redirector:
insert into the file squid.conf string:
redirect_program /path/to/redirector