Hello Milan,
here is a tip for you.
use samba44. It has all kerberos support tools, including the keytab generation and it's quite simple to use it.
Also, you will need squidguard to make your AD group search.
You will need to add the Kerberos auth config lines in the advanced configuration for squid. (squid page. All the way down the page)
Also, The correct authentication sequence should be: Kerberos, NTLMv2 and then (optional) Basic Auth. Unless you really want to use Kerberos ONLY.
hope that helps you.
Fabricio.