Squid auth problematic

Hello All,

Recently started using username authentication with Squid.

Thought it was working OK but eventually locks the browser(I.E.).

The authenication being used is ntlm and basic(none MS applications).

The log files show these when the problem happens -

TCP_DENIED/407 1787 CONNECT www.somewhere.com

These message show up on some sites, or even moving the mouse over
java script on web pages.

How or can these problems be fixed to use ntlm authenication?.

If I reconfigure squid.conf to just use basic(msnt_auth) the problem
goes away. Also the username is always resolvable.

The problem with basic are all the other applications on the client
get broken. For example when reading email and the content refers to
a web page a dialog pops. Or msn messenger breaks.

The server is running FreeBSD 4.8
squid-2.5_4
Client workstations are win2k/pro or winXP/pro

Squid is compiled with these options -

--enable-storeio="ufs diskd null" \
--enable-removal-policies="lru heap" \
--enable-auth=ntlm,basic \
--enable-ntlm-auth-helpers="SMB" \
--enable-basic-auth-helpers="MSNT" \
--enable-external-acl-helpers="ip_user unix_group" \
--enable-underscores

Here is squid.conf

auth_param ntlm program /usr/local/libexec/ntlm_auth domain/nts
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/local/libexec/msnt_auth
auth_param basic children 5
auth_param basic realm Proxy internet connection
auth_param basic credentialsttl 2 hours

Any input would be appreciated.

btb