NTLM and pop-up windows

Hi again,

I 'm here for that strange behaviour squid has with too few ntlm
authenticators.
Looking into the attached log you can see a sequence like this:

S->H YR (request 1)
H->S TT (request 1)
S->H YR (request 2)
H->S TT (request 2)
S->H KK (request 1) // this should refer to TT from request 1 but that
challenge is lost due to TT from request 2
H->S NA (request 1)
S->H KK (request 2) // this should refer to TT from request 2 that is
still valid
H->S AF (request 2)
S->H KK (request 3) // this should refer to TT from request 2 that is
still valid
H->S AF (request 3)
S->H YR (request 4)
H->S TT (request 4)
S->H KK (request 4)
H->S AF (request 4)

For some reason squid starts reusing the same helper even if it has not
completed the first authentication process. This leads to that pop-up
window, I think.
Is this behaviour correct?
And what about "request 3" not started from a YR-TT process even if
"auth_param ntlm max_challenge_reuses 0"?

After playing around with "src/helper.c" and "src/auth/ntlm/auth_ntlm.c" I
came up with a headache, so I need some help.

I'm using ONE single NT domain with the standard helpers shipped with
squid.
Winbindd is working ok: after all it authenticates correctly.
I configured "auth_param ntlm children 1" to force this behaviour. It
happens often but not always.
In this case I went to "www.google.com" (and got redirected to
"www.google.it"), I pushed the refresh button in IE and got the pop-up
window.

Here is my conf:

Red Hat Linux 8.0

From squid -v:
Squid Cache: Version 2.5.STABLE2-20030401-ntmulti
configure options: '--exec-prefix=/usr' '--bindir=/usr/sbin' '
--libexecdir=/usr/lib/squid' '--localstatedir=/var' '
--sysconfdir=/etc/squid' '--enable-storeio=aufs coss diskd ufs' '
--enable-icmp' '--enable-delay-pools' '--enable-snmp' '--enable-arp-acl' '
--enable-htcp' '--enable-ssl' '--enable-cache-digests' '
--enable-linux-netfilter' '--enable-auth=basic digest ntlm' '
--enable-basic-auth-helpers=getpwnam LDAP MSNT multi-domain-NTLM NCSA
ntmulti PAM SASL SMB winbind' '--enable-ntlm-auth-helpers=ntmulti SMB
winbind' '--enable-digest-auth-helpers=password' '--enable-ntlm-fail-open'
'--enable-external-acl-helpers=ip_user ldap_group ntmulti unix_group
wbinfo_group winbind_group'

From squid.conf:
...
auth_param ntlm program /usr/lib/squid/wb_ntlmauth -d
auth_param ntlm children 1
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

auth_param basic program /usr/lib/squid/wb_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
...
debug_options ALL,1 29,4 84,5
...

Here is the log trace:
(See attached file: log.gz)

Thank you for any help you can give.

Regards
Michele