Search squid archive

Re: sharepoint pinning issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have found some time to go further in the investigation. And here is
status right now.
the behavior is the some with only 1 squid ( no upstream server ), and
is also the same if I use squid as a reverse proxy for the Sharepoint
server.

As read is some threads about this subject, depending ont the browser
/ OS, behaviour differes.
IE in XP works perfectly, whereas FF in XP or linux asks for
authentification in a loop whenever trying to upload a relatively big
file to the server.
Activating the debug level and trying to analyse the headers of the
packets gave me quite some headache! What we can see is that the HTTP
headers and techniques for POSTing files used are totally differents
between browser.
I would love some help on analysing these logs.
Joined are 2 files :
capture_IE_XP : upload of a file works
capture_FF_XP : upload of a file does not

I can provide access to the sharepoint server & reverse proxy if
someone has time to jump in.

Best regards
Alex

2013/2/13 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
> On 13/02/2013 3:49 a.m., Alexandre Chappaz wrote:
>>
>> Hi,
>>
>> I know this is a subject that has been put on the table many times,
>> but I wanted to share with you my experience with squid + sharepoint.
>>
>> Squid Cache: Version 3.2.7-20130211-r11781
>>
>> I am having an issue with autehtication :
>> when accessing the sharepoint server, I do get a login/pw popup, I can
>> login and see some of the pages behind, but when doing some operation,
>> even though I am supposed to be logged in, the autentcation popup
>> comes back.
>> Here is what I find the the access log :
>> 1360679927.561     43 X.X.X.X TCP_MISS/200 652 GET
>> http://saralex.hd.free.fr/_layouts/images/selbg.png -
>> FIRSTUP_PARENT/192.168.100.XX image/png
>
>
> URL #1. No authentication required. non-pinned connection used.
>
>
>> 1360679928.543     37 X.X.X.X TCP_MISS/401 542 GET
>> http://saralex.hd.free.fr/_layouts/listform.aspx? -
>> PINNED/192.168.100.XX -
>
>
> URL #2. Sent to upstream on already authenticated+PINNED connection.
> Upstream server requires further authentication details.
>  --> authentication challenge?
>
>
>> 1360679928.665     58 X.X.X.X TCP_MISS/401 795 GET
>> http://saralex.hd.free.fr/_layouts/listform.aspx? -
>> PINNED/192.168.100.XX -
>
>
> URL #2 repeated. Sent to upstream on already authenticated+PINNED
> connection. Upstream server requires further authentication details.
>  --> possibly authentication handshake request?
>
>
>> 1360679928.753    229 X.X.X.X TCP_MISS/200 20625 GET
>> http://saralex.hd.free.fr/_layouts/images/fgimg.png -
>> FIRSTUP_PARENT/192.168.100.XX image/png
>
>
> URL #3. No authentication required. non-pinned connection used.
>
>
>> 1360679928.788     68 X.X.X.X TCP_MISS/302 891 GET
>> http://saralex.hd.free.fr/_layouts/listform.aspx? -
>> PINNED/192.168.100.XX text/html
>
>
> URL #2 repeated. Sent to upstream on already authenticated+PINNED
> connection. Upstream server redirectes the client to another URL.
>  --> authentication credentials accepted.
>
>
>> 1360679928.921     45 X.X.X.X TCP_MISS/401 542 GET
>> http://saralex.hd.free.fr/Lists/Tasks/NewForm.aspx? -
>> PINNED/192.168.100.XX -
>
>
> URL #4. Sent to upstream on already authenticated+PINNED connection.
> Upstream server requires further authentication details.
>  --> authentication challenge?
>
>
>> 1360679929.019     47 X.X.X.X TCP_MISS/401 795 GET
>> http://saralex.hd.free.fr/Lists/Tasks/NewForm.aspx? -
>> PINNED/192.168.100.XX -
>
>
> URL #4 repeated. Sent to upstream on already authenticated+PINNED
> connection. Upstream server requires further authentication details.
>  --> possibly authentication handshake request?
>
>
>> 1360679929.656     81 X.X.X.X TCP_MISS/200 1986 GET
>> http://saralex.hd.free.fr/_layouts/images/loadingcirclests16.gif -
>> FIRSTUP_PARENT/192.168.100.XX image/gif
>
>
> URL #5. no authentication required. non-pinned connection used.
>
>
>> 1360679930.417   1322 X.X.X.X TCP_MISS/200 130496 GET
>> http://saralex.hd.free.fr/Lists/Tasks/NewForm.aspx? -
>> PINNED/192.168.100.XX text/html
>
>
> URL #4 repeated. Sent to upstream on already authenticated+PINNED
> connection. Upstream server provides the display response.
>  --> authentication credentials accepted.
>
>
>> 1360679934.618     53 X.X.X.X TCP_MISS/401 542 GET
>> http://saralex.hd.free.fr/_layouts/iframe.aspx? -
>> PINNED/192.168.100.XX -
>> 1360679934.729     51 X.X.X.X TCP_MISS/401 795 GET
>> http://saralex.hd.free.fr/_layouts/iframe.aspx? -
>> PINNED/192.168.100.XX -
>>
>> could this be a pinning issue?
>>
>> Is V2.7 STABLE managing these things in a nicer way?
>
>
> Unknown. But I doubt it. This is Squid using a PINNED connection to relay
> traffic to an upstream server. That upstream server is rejecting the clients
> delivered credentials after each object. There is no sign of proxy
> authentication taking place, this re-challenge business is all between
> client and upstream server.
>
> You need to look at whether these connections are being pinned then closed,
> and why that is happening. Squid-3.2 offers debug level 11,2 which will give
> you a trace of the HTTP headers to see if the close is a normal operation
> from either end. Or whether they are keep-alive by Squid and the upstream
> server is just constantly forcing re-auth (it happens).
>
> Amos

Attachment: cachelogs.tar.gz
Description: GNU Zip compressed data


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux