Enable Basic LDAP Authentication
If browser does not support Kerberos and/or NTLM authentication, it is possible to setup basic authentication against LDAP interface of Active Directory. Be aware that in this case the username/password credentials are sent in clear text from browser to Squid! The authentication will be done by trying to (re)bind to LDAP server using provided credentials and doing a search. If (re)bind is successful then user is considered authenticated.
In order to enable Basic LDAP authentication on your proxy box, navigate to Admin UI / Squid Proxy / Auth and select the Active Directory page with Basic LDAP Authenticator tab. Check Enable on the following screen and then Save Changes. The domain controllers to connect to are taken from Domain Information page described at the previous step.
When basic authentication is used you MUST specify logon name (sAMAccountName) as your username in proxy authentication popup box. For example if your user principal name is john.rambo@example.lan then put only john.rambo in the pop up auth box.
Danger
Basic LDAP will only work for browser initiated authentication. System initiated authentication will not work. For example, checks for HTTPS certificate revocation status in Internet Explorer will fail as described in this article.