Everything seems to be working ok, to a point. NTLM auth is definitely
working, as machines not on our domain get the popup box, and you can
enter a domain user/pass and browsing works fine. PCs on the domain of
course, browse just fine as well.

My problem is the access.log file. If users have the squid proxy
listed as their http proxy, everything logs correctly and looks like

1130913577.233 247 TCP_MISS/302 491 GET

(mikec being the user in question, me)

Unfortunantly we don't have clients configured with a proxy IP, we run
a redirect on our core router to redirect web traffic into the squid
proxy. Users browsing via this setup still go through the proxy
correctly, but the log looks like this:

1130913240.557 168 TCP_REFRESH_MISS/200 4528 GET
http://www.nytimes.com/services/xml/...t/HomePage.xml -

Notice the - there? That SHOULD be the username. Anyone have any idea
why I'm losing my auth header using the port 80 redirect?