CentOS 6, Squid 3.1.10, Kerberos, AD

Прежде всего, конечно, логи Squid. Ну и в выводе netstat -ap Squid есть? Порт стандартный и совпадает с тем, что прописано на клиентах? С сервера браузер может через Squid работать? Iptables как настроены? В общем, вопросов куча...

конфиг squid сюды

А что говорит telnet IP_PROXY 3128? Елси порт прокси жругой то замени 3128 на него.

squid.conf

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.1.0/24

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on «localhost» is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -d -i -s HTTP/gateway.lisdomain.ru@LISDOMAIN.RU
auth_param negotiate children 10
auth_param negotiate keep_alive on

auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -D «squid@ldomain.ru» -W «/etc/squid/squid.pass» -b «ou=Internet,ou=Services,dc=ldomain,dc=ru» -f «sAMAccountName=%s» 192.168.1.4
auth_param basic children 10
auth_param basic realm Proxy Authentication
auth_param basic credentialsttl 2 hours

acl AUTH proxy_auth REQUIRED
external_acl_type ldap_check ttl=1200 %LOGIN /usr/lib64/squid/squid_ldap_group -R -b «dc=ldomain,dc=ru» -f "(&(sAMAccountName=%v)(memberof=cn=%a,OU=Services,DC=ldomain,DC=ru))" -D «squid@ldomain.ru» -W «/etc/squid/squid.pass» -K 192.168.1.4
acl inet_access external ldap_check Internet

http_access allow AUTH inet_access localnet

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

netstat -ap | grep squid

tcp 0 0 *:squid *:* LISTEN 7444/(squid)
tcp 0 0 localhost:57733 localhost:53569 ESTABLISHED 7466/(squid_ldap_gr
tcp 0 0 localhost:33934 localhost:39232 ESTABLISHED 7444/(squid)
tcp 0 0 localhost:53029 localhost:49230 ESTABLISHED 7444/(squid)
tcp 0 0 localhost:53569 localhost:57733 ESTABLISHED 7444/(squid)
tcp 0 0 localhost:39755 localhost:57335 ESTABLISHED 7444/(squid)
tcp 0 0 localhost:33152 localhost:50971 ESTABLISHED 7444/(squid)
tcp 0 0 localhost:49230 localhost:53029 ESTABLISHED 7467/(squid_ldap_gr
tcp 0 0 localhost:57335 localhost:39755 ESTABLISHED 7468/(squid_ldap_gr
tcp 0 0 localhost:39232 localhost:33934 ESTABLISHED 7469/(squid_ldap_gr
tcp 0 0 localhost:50971 localhost:33152 ESTABLISHED 7470/(squid_ldap_gr
udp 0 0 *:43128 *:* 7444/(squid)
udp 0 0 *:58613 *:* 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22682 7465/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22681 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22680 7464/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22679 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22678 7463/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22677 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22676 7462/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22675 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22674 7461/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22673 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22672 7460/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22671 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22670 7459/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22669 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22668 7458/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22667 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22666 7457/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22665 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22664 7456/(squid_ldap_au
unix 3 [ ] STREAM CONNECTED 22663 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22662 7455/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22661 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22660 7454/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22659 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22658 7453/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22657 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22656 7452/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22655 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22654 7451/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22653 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22652 7450/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22651 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22650 7449/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22649 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22648 7448/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22647 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22646 7447/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22645 7444/(squid)
unix 3 [ ] STREAM CONNECTED 22644 7446/(squid_kerb_au
unix 3 [ ] STREAM CONNECTED 22643 7444/(squid)
unix 2 [ ] DGRAM 22613 7442/squid

все заработало, косяки были в squid.conf (по авторизации) и в iptables..
Всем спасибо)))