In my opinion I don't need the NTLM stuff when I use the AD system Is this correct ?
No. When a client does not recognize Kerberos (Win 9X, NT) it falls back to NTLM (My area of knowledge is MS, not Linux) I think Squid will act like a MS client that dos not support Kerberos
