Thanks for the response Amos. Do you think is it worth to test it squid v3.2.x on my Solaris box for NTLM auth? I don't have any problem to test it out. Ruiyuan -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Sunday, May 27, 2012 6:10 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: Need help to configure MS Exchange RPC over HTTP On 25/05/2012 7:50 a.m., Ruiyuan Jiang wrote: > Hi, Clem > > I am reading your post > > http://www.squid-cache.org/mail-archive/squid-users/201203/0454.html > > In the post, someone stated that NTLM auth does not support: > > It's facing the double hop issue, ntlm credentials can be sent only on one hop, and is lost with 2 hops like : client -> squid (hop1) IIS6 rpx proxy (hop2) -> exchange 2007 > > That is not true. Here we have the setup: > > Client -> Apache (hop1) -> IIS 7 -> exchange 2007 > > It works the setup and just I could not have the latest Apache. Otherwise I will continue to use Apache reverse proxy. The latest Apache does not support MS RPC over http which is posted on the internet. > > https://issues.apache.org/bugzilla/show_bug.cgi?id=40029 > > I am not sure why squid does not support NTLM auth to the backend exchange server. Squid does supports relaying any type of www-auth headers to the backend over multiple hops. What Squid does not support is logging *itself* into a peer proxy with NTLM (using proxy-auth headers). There are also various minor but annoying bugs in NTLM pinning support and persistent connections handling in some Squid releases, with those basically the newer the Squid release the better but its still not 100% clean. I am noting a LOT of complaints in the areas of Squid->IIS and sharepoint, and a few other MS products this year. But nobody has yet been able to supply a patch for anything (I dont have MS products or time to work on this stuff myself). There is a hint that it is related to Squid-3.1 persistent connection keep-alive to the server, if that helps anyone. Amos This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited.
