|
I don't really have any answers for you, but to reassure you a little I'm using Squid & Terminal Server+Citrix MetaFrame & WebSense/Pix with no problems, so I can confirm that you're not doing anything unreasonable with your configuration.
The one big difference is that I'm using a bespoke authentication method rather than integrating with AD.
You should be able to get metrics from Squid which will tell you how long the authenticator is waiting for responses, however IIRC a "good" response it cached so if the authenticator is causing a problem it should only happen with the first query.
One possibility I can think of is IE passthrough authentication. You could try doing a side-by-side compare between the TS and stand-alone environment of the IE feature and security settings to see if there is anything different.
| 
