Everything seems to be working ok, to a point. NTLM auth is definitely
working, as machines not on our domain get the popup box, and you can
enter a domain user/pass and browsing works fine. PCs on the domain of
course, browse just fine as well.

My problem is the access.log file. If users have the squid proxy
listed as their http proxy, everything logs correctly and looks like
this:

1130913577.233 247 192.168.169.51 TCP_MISS/302 491 GET
http://ad.doubleclick.net/ad/N3671.M...1x1;ord=27827?
mikec DEFAULT_PARENT/192.168.169.229 -

(mikec being the user in question, me)

Unfortunantly we don't have clients configured with a proxy IP, we run
a redirect on our core router to redirect web traffic into the squid
proxy. Users browsing via this setup still go through the proxy
correctly, but the log looks like this:

1130913240.557 168 192.168.70.39 TCP_REFRESH_MISS/200 4528 GET
http://www.nytimes.com/services/xml/...t/HomePage.xml -
DEFAULT_PARENT/192.168.169.229 text/xml

Notice the - there? That SHOULD be the username. Anyone have any idea
why I'm losing my auth header using the port 80 redirect?