RE: [squid-users] Need help to configure MS Exchange RPC over HTTP

Thanks for the response Amos. Do you think is it worth to test it squid v3.2.x on my Solaris box for NTLM auth? I don't have any problem to test it out.

Ruiyuan

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Sunday, May 27, 2012 6:10 AM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Need help to configure MS Exchange RPC over HTTP

On 25/05/2012 7:50 a.m., Ruiyuan Jiang wrote:
> Hi, Clem
>
> I am reading your post
>
> http://www.squid-cache.org/mail-archive/squid-users/201203/0454.html
>
> In the post, someone stated that NTLM auth does not support:
>
> It's facing the double hop issue, ntlm credentials can be sent only on one hop, and is lost with 2 hops like : client -> squid (hop1) IIS6 rpx proxy (hop2) -> exchange 2007
>
> That is not true. Here we have the setup:
>
> Client -> Apache (hop1) -> IIS 7 -> exchange 2007
>
> It works the setup and just I could not have the latest Apache. Otherwise I will continue to use Apache reverse proxy. The latest Apache does not support MS RPC over http which is posted on the internet.
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=40029
>
> I am not sure why squid does not support NTLM auth to the backend exchange server.

Squid does supports relaying any type of www-auth headers to the backend
over multiple hops. What Squid does not support is logging *itself* into
a peer proxy with NTLM (using proxy-auth headers).

There are also various minor but annoying bugs in NTLM pinning support
and persistent connections handling in some Squid releases, with those
basically the newer the Squid release the better but its still not 100%
clean.

  I am noting a LOT of complaints in the areas of Squid->IIS and
sharepoint, and a few other MS products this year. But nobody has yet
been able to supply a patch for anything (I dont have MS products or
time to work on this stuff myself). There is a hint that it is related
to Squid-3.1 persistent connection keep-alive to the server, if that
helps anyone.

Amos

This message (including any attachments) is intended
solely for the specific individual(s) or entity(ies) named
above, and may contain legally privileged and
confidential information. If you are not the intended
recipient, please notify the sender immediately by
replying to this message and then delete it.
Any disclosure, copying, or distribution of this message,
or the taking of any action based on it, by other than the
intended recipient, is strictly prohibited.
Received on Tue May 29 2012 - 15:11:11 MDT