On 14/03/2012 11:32 p.m., Clem wrote:
Hello, Ok so I know exactly why squid can't forward ntlm credentials and stop at type1. It's facing the double hop issue, ntlm credentials can be sent only on one hop, and is lost with 2 hops like : client -> squid (hop1) -> IIS6 rpx proxy (hop2) -> exchange 2007 That's why when I connect directly to my iis6 rpc proxy that works and when I connect through squid that request login/pass again and again. And we can clearly see that on https analyzes. ISA server has a workaround about this double hop issue as I have wrote in my last mail, I don't know if squid can act like this. I'm searching atm how to set iis6 perhaps to resolve this problem, but I don't want to "break" my exchange so I've to do my tests very carefully
Cheers. I've added a mention of this to the NTLM issiues wiki page now for others to find along with the archive of these messages.
Amos
