Re: TR: [squid-users] https analyze, squid rpc proxy to rpc proxy ii6 exchange2007 with ntlm

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 16 Mar 2012 23:53:32 +1300

On 14/03/2012 11:32 p.m., Clem wrote:
> Hello,
>
> Ok so I know exactly why squid can't forward ntlm credentials and stop at
> type1. It's facing the double hop issue, ntlm credentials can be sent only
> on one hop, and is lost with 2 hops like : client -> squid (hop1) -> IIS6
> rpx proxy (hop2) -> exchange 2007
>
> That's why when I connect directly to my iis6 rpc proxy that works and when
> I connect through squid that request login/pass again and again. And we can
> clearly see that on https analyzes.
>
> ISA server has a workaround about this double hop issue as I have wrote in
> my last mail, I don't know if squid can act like this.
>
> I'm searching atm how to set iis6 perhaps to resolve this problem, but I
> don't want to "break" my exchange so I've to do my tests very carefully

Cheers. I've added a mention of this to the NTLM issiues wiki page now
for others to find along with the archive of these messages.

Amos
Received on Fri Mar 16 2012 - 10:53:42 MDT

This archive was generated by hypermail 2.2.0 : Sun Mar 18 2012 - 12:00:02 MDT