Re: Talking to an upstream ISA server that requires NTLM authentication.

Hi,
Well I have tried 2.5 stable 14 with the last pinning patch:
WWW works well.
Authenticating to an upstream ISA proxy failed, since the
HDR_PROXY_SUPPORT was missing in the replay header thus causing the
"peer_support_connection_pinning()" to return 0.

I did a changed to "peer_support_connection_pinning()"
I removed this condition:
if (!httpHeaderHas(hdr, HDR_PROXY_SUPPORT)
        return 0;

Instead I am returning 1, and not proceeding with the rest of the function.

return 1;

header = httpHeaderGetStrOrList(hdr, HDR_PROXY_SUPPORT);
   /* XXX This ought to be done in a case-insensitive manner */
rc = (strStr(header, "Session-Based-Authentication") != NULL);
stringClean(&header);

return rc;

Now it seems that NTLM proxy authenticates with the ISA server works fine.
Should there be any problems doing that?

Thanks in advanced,
Tsachi

On 6/16/06, Henrik Nordstrom <henrik@henriknordstrom.net> wrote:
> fre 2006-06-16 klockan 00:45 +0200 skrev Tsachi:
> > Hi All,
> > I am working with squid version 2.5 stable 7.
> > I would like to try and get squid talking to an upstream ISA server
> > that requires NTLM authentication.
> > Squid works as a transparent proxy with a ISA parent (login=PASS).
>
>
> I would recommend you to try the upcoming 2.6 release instead, or if
> for some strange reason going to 2.6 is not acceptable for trying out
> new features at a minimum current 2.5 + current version of the patch.
> That old pinning patch is very experimental and even known to be
> somewhat broken (if I am not mistaken the exact symptoms you are
> having..).
>
> Regards
> Henrik
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQBEkxSHB5pTNio2V7IRAoHqAJ4pfgMP0jZkMuywsekaLO8PvershQCfaDCm
> 5BiMGjnLtGrZfF+AlzsLLJU=
> =Ekg4
> -----END PGP SIGNATURE-----
>
>
>
Received on Wed Jun 21 2006 - 11:11:16 MDT