Re: [discuss] NTLM and Authoxy 3.0
Hi Laurent, I did receive your private email explaining these issues in more detail. Thank you for that, there is good information in there. If version 3.0 doesn't help out, I'll have another look at it. I think the combination of a new connection and the unusual URL format (with colons and so forth) might be confusing things. I should be able to track it down with your examples, hopefully! Unfortunately, I'm out this weekend, and wont get a chance to look at it until next week some time. It is on the cards though. Working with NTLM helped me see new ways of handling connections, which might be beneficial to the rest of the program. Heath On 16/01/2004, at 3:51 AM, [EMAIL PROTECTED] wrote: Heath, That's great news, congratulations! Now, what about the problems I had with automatic proxy configuration? Specifically, when the proxy server returns some bogus URLs or redirects to other URL, my browser will try forever to load that URL but it doesn't succeed. It's happening specially when visiting a page that has frames or other images coming from other web servers. If, for some reason, the IT department has blocked a domain, then the response to that request is often the standard page here that says the content is inappropriate. While it seems to work if I try to access an URL containing a blocked domain, when an already loaded or closed to be loaded page tries to load something from a server that is blocked is when the problem occurs. If I use the manual proxy configuration and enter the IP address of the server in Authoxy, then all is well even for those parts that can't be loaded, hence my suspicion that the automatic proxy configuration is lacking something. Thanks for the great work! -Laurent. Original Message: - From: Heath Raftery [EMAIL PROTECTED] Date: Fri, 16 Jan 2004 03:29:04 +1100 To: [EMAIL PROTECTED] Subject: [discuss] NTLM and Authoxy 3.0 -- | Heath Raftery [EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net | || | *If I were two-faced, would I be wearing this one?* | |_\|/_ | |___m(. .)m__|
Re: [discuss] FW: Is the proxy.cgi script working correctly??
Kurt, That's great news! Certainly made me smile (somewhat wryly). I've made a few improvements to the PAC support last night. I think things are going to be much better behaved now - I'm very happy with how it is performing. Laurent and others, I've fixed the port unknown thing as well. The daemon now reports the port it is using. There's a couple of other goodies in this next release as well, but you'll all have to wait a few days before I get it out. I've been really off and on this project the last week or two, with a lot of other things going on. I'm moving house again this weekend, which is always disruptive! Heath On 05/02/2004, at 11:46 PM, Kurt Seemann wrote: Heath, Just as you suspected! I have tested the auto proxy *.cgi script in authoxy 3.0 on panther and seems to work perfectly since they 'corrected the minor error'! Many thanks. Kurt -- | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net| || | *The search for a new personality is futile; what is fruitful is | | the interest the old personality can take in new activities* | | _\|/_ | |m(. .)m_|
Re: [discuss] Multiple users and Authoxy
Hi Kevin, On 19/02/2004, at 9:59 AM, Kevin Giguere wrote: I am thinking about using Authoxy and have found some odd behavior with multiple users. It seems that the first user to start using Authoxy to access the web gets assigned to authoxyd. Yes, the user that runs startAuthoxy, or clicks Start in the Preference Pane will be the owner of the authoxyd process. Unfortunately, that means the only users that can stop the daemon is the user that started it, or root. I one logs out and another user logs in, authoxyd is still assigned to the original user. Yes, only one authoxyd parent process can be running. If the old one hasn't been stopped, a new one can't be started by another user. /Library/PreferencePanes/Authoxy.prefPane/Contents/MacOS/authoxyd d2hlZWxzOnN0d2g3NTczAKA=BfQ= 192.168.1.3 8080 8080 false false Is the Bold the password? d2hlZWxzOnN0d2g3NTczAKA=BfQ= is your base64 encoded username and password. If I have misconfigured (hopefully) has anyone got the procedure to avoid this? No, I don't think you've configured anything incorrectly as such. If not there is no way to monitor individual users unless there is a reboot of the machine! Hmm, I'm thinking a strategy like this: 1. Put startAuthoxy in each user's login items. 2. Write a script which will kill authoxyd This can be as simple as a text file with this in it: #!/bin/sh killall authoxyd 3. Run the script when the user logs out. Possibly use the logouthook method described here: http://www.bombich.com/mactips/loginhooks.html 4. Log in and out at will! Each time a user logs in, authoxyd will start under their name, using their preferences. Any logging authoxyd does however, will still go to the single system log. Perhaps you could log a header to the system log each time someone logs in, so you know who was logged in when authoxyd's logs appeared. I do forsee issues with Fast User Switching though. Enabling that would take quite a bit more work... Is this the sort of thing you are after? Heath -- | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net| || | *The search for a new personality is futile; what is fruitful is | | the interest the old personality can take in new activities* | | _\|/_ | |m(. .)m_|
[discuss] Authoxy on Windows/Unix/Linux/anything
Hey folks, I was just helping a friend out with her WinXP system. She wanted to use an application called WebShots, which allows uploading photos to the web. It supported a proxy setting, but didn't support authentication. After a bit of mucking around, I realised that given we were both on the same network, Authoxy could help her out. So I made a very quick change to the code to allow connections from computers other than the localhost, had her change her proxy setting to my computer, and she was away! Of course, as far as the upstream proxy is concerned, all the traffic is coming from my computer, so the potential for abuse is certainly there. But does anyone think this would be a useful feature? I've been asked on a number of occasions whether there is a solution for Windows or OS 9, and it seems that as long as you have an OS X system on the same network, that this is a solution of sorts. Any comments? Heath -- | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net| || | *There's nothing like a depressant to cheer you up* | | - Heard at Moe's Tavern | | _\|/_ | |m(. .)m_|
[discuss] Authoxy reports Interrupted system call when accessing pages in IE
Hi gang, Hoping someone has seen this before, because I'm in the dark a bit here. I have a user who is trying to get her G5 w/ OS X 10.3.4 working past an ISA proxy server w/ Small Business Server. So she's trying Authoxy's NTLM support. Apparently it worked once upon a time, but now everytime she goes to view a web page in IE, Authoxy reports: Jun 8 15:07:19 : Fatal Error: unable to connect to talker socket. Errno: Interrupted system call Jun 8 15:07:19 : Couldn't open connection to proxy server. Errno: Interrupted system call every second or so. She can surf around for a bit but gets those messages on every page she hits. Then it all falls apart when she attempts to access a secure site. IE shows an incomplete error msg The attempt to load 'Accessing URL: ... and then Authoxy spits this out: Jun 8 15:09:12 : Fatal Error: unable to create shared memory Since I developed Authoxy I have a little bit of inside knowledge about these error messages, but not enough to see exactly what the problem is. In fact, I've never actually seen the messages appear in practice. The talker socket is the connection to the proxy. The failure is on the system call to connect() but the man page doesn't show any information on that particular Errno. A bit of web searching shows that Interrupted system call (also known as EINTR) occurs when a blocking call is interrupted by another signal (like a break or quit) but it shouldn't actually appear on OS X because FreeBSD is designed to automatically restart the call! Odd stuff - I'm leaning towards the possibility that perhaps IE itself isn't happy with the connection attempt (it times out perhaps) and cancels the call. And the second error is unusual too. It occurs when the system call shmget fails in the NTLM code. Reasons are that the key, which is based on the PID of authoxyd, is not unique or because there are no resources left to create more shared memory. Anyone else seeing the error? Any chance anyone has seen similar behaviour from Authoxy, and might know of things to try? It is very hard to troubleshoot these things without access to the site... Regards, Heath -- | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net| || | *The search for a new personality is futile; what is fruitful is | | the interest the old personality can take in new activities* | | _\|/_ | |m(. .)m_|
Re: [discuss] Authoxy starts, but doesn't do anything else
Ronen, On 18/07/2004, at 1:28 PM, Ronen Lazarovitch wrote: Hey Heath and All I use a OS X 10.3.4 on a G3 iBook 900 and am connected to the university internet connection, which uses an HTTP Proxy with authentication (no automatic configuration and no NTLM support as far as I'm aware). Panther lets me access internet sites through it's own HTTP settings, but I can't access internet sites that require a password (such as the .Mac site and my internet banking) nor can I download e-mail off my POP account. I was hoping that Authoxy could help fix some/all of this for me. Do these sites start with https (also known as secure HTTP)? The problem is that Authoxy (version 3.1) seems to start fine. I put in all my settings into the Control Panel, click 'Start' and it starts. I get a nice Jul 18 15:00:39 : Authoxy has started successfully message. But that's it. Authoxy tells me it's running 1 Daemon on 127.0.0.1 port 8080 and that's it. Trying to access any of those services I mentioned above doesn't seem to work, and no internet application I start seems to even create a new daemon. The 'Messages' menu stays completely blank and nothing happens. Very little appears in the Messages menu after the initial start message, unless you have the Write debugging information to the system log option checked before you start Authoxy. It would be a good idea to enable this option if you haven't already, while you sort these things out. I've tried telling the OS X HTTP settings I have no authentication, tried erasing them completely, tried putting them in, tried using multiple internet browsers and applications (some of which support HTTP Proxies, other which support SOCKETS and other that support neither) and none of them seem to cause any reaction to Authoxy. So you've set the system proxy settings (System Preferences-Network-Proxies) to 127.0.0.1 port 8080 (as described in the ReadMe)? It sounds like your network setup might also require HTTPS sites to go through the proxy. In that case you also need to set the Secure Web Proxy setting in the same dialog to 127.0.0.1 port 8080. Let us know how that goes. Heath -- _ | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net | | | | *I like nonsense, it wakes up the brain cells.| | Fantasy is a necessary ingredient in living* | |- Dr. Suess _\|/_ | |m(. .)m__|
Re: [discuss] Speed question
Bruce, Steve, others, On 18/09/2004, at 3:29 PM, bruce wrote: I don't mind testing 3.1.1a against a real windoze system that works with the current version of authoxy... if you want to... Won't be until Monday now... Sure, that'd be very handy before I release an official version. I'll send it in a private email. PS Heath, do you test against Samba? Indeed I do! On 19/09/2004, at 5:53 AM, Steven Stratford wrote: I was so curious to find out if 3.1.1a works that I drove in to work (all of 5 minutes from where I live) to try it. It works! You're my hero, Heath. :) Awesome! That makes it all worthwhile :) Maxibidder...partly, probably it's their program, not Authoxy. RealOne player--nope. MSN Messenger--nope. Skype (VOIP)--nope. Yeah, bugger about that. I honestly don't think there's much I can do about that. I've tried to work through MSN issues before, but it is doing strange things I think. You might like to try experimenting with turning the proxy option on or off, or electing to not use HTTP ports or something. Also, as you say, these might well be specifically blocked at the firewall anyway. I notice the number of daemons gets fairly large (right now it's 36, with nothing going on net-wise). Should they go back to zero? (5 minutes after I wrote that, it's still 36.) Yes, they should. Something is probably not right there. NTLM does rely on persistant connections, but they should still be closed eventually. As Bruce suggest, they most likely will not do any harm - Unix systems are quite good at handling lots of background processes. But I'd definately feel better if they died a fair bit more quickly than that. The behaviour in the latest log you posted definately looks normal though - there appear to be two NTLM connections, one after the other. In the first one, the server closes the connection, and in the second the client closes it, with the whole thing only lasting a few seconds. That's quite normal. The only thing Authoxy does after printing those messages is to kill the partner process (connections are handled by pairs of processes) and then kill itself. Not sure why then, your processes are not dying. I'll sleep on it... Regards, Heath -- | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net| || | *There's nothing like a depressant to cheer you up* | | - Heard at Moe's Tavern | | _\|/_ | |m(. .)m_|
Re: [discuss] Authoxy Installation
Hi Louis, There's not much to go on here. Check for the presence of Authoxy.prefPane in either /Library/PreferencePanes or ~/Library/ PreferencesPanes. Maybe it got installed in the Admin's user account and therefore is not visible in the User's account? If so, just move it to /Library/PreferencePanes to be visible by all. Note that Authoxy on its own probably wont give you the SSO you're after. Depending on how your network is setup, you might need to push the credentials from logon to Authoxy manually. Regards, Heath On 20/08/2008, at 1:13 AM, Louis Plourde wrote: Hey everyone, I'm a Windows guy, but at my new place of work we have a lot of Macs for designers and such. We're implementing an external web filtering service that uses an internal server for proxy and AD authenticating. We haven't found a way for the Macs to be SSO like the Windows machines, and I thought Authoxy was my answer - I'm trying to test it to see, but I can't even get past the installation. It installs, but when I go to System Preferences there is no 'Other' line with the Authoxy icon. I am installing it using an account with admin rights to the Mac, so not sure what the issue might be, as the installer says the installation completed successfully. Thanks in advance for any help! Louis Plourde Louis Plourde Network Administrator --- Spin Master Ltd. 450 Front Street West Toronto, Ontario M5V 1B6 --- P: 416.364.6002 xt. 548 C: 416.301.7771 TF: 1.877.247.4647 F: 416.364.5097 E: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]W: www.spinmaster.com http://www.spinmaster.com/ -- _ | Heath Raftery[EMAIL PROTECTED] | | HRSoftWorks http://www.hrsoftworks.net | | | | *Quotation is a serviceable substitute for wit* | | _\|/_ | |m(. .)m__|