squid with active directory for single sign on

I want to configure the squid for single sign on and to authenticate only the users which are not on Active directory domain(Server 2003).
if the user is already log in to the domain then a domain name\password pop up should not appear for accessing the internet but for all non domain user there must be a username\password pop up to access the internet.

in my scenario i have
suse enterprise 11.2
samba-3.6.3-0.18.3
squid-2.7.STABLE5-2.10.1
windows server 2003 domain

I have configured samba and krb5.conf and in squid.conf i have made following change

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic realm Domain Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
authenticate_ttl 0 seconds

but after this all the users domain or workgroup accessing the internet.There is no log in prompt for non domain users.
Please tell me where i am wrong