We too are watching all this very carefully as well. First of all some background to our setup then a possible suggestion for Albert.
We have a number of AppleMac powerBooks and iBooks at our school none of which had Safari working through a standard MS proxy server. The server address is 172.16.1.1 and proxies HTTP (80) and HTTPS (443) and FTP. The internal
ports are all port 80. The Windows Domain name is CURRICULUM rather than WORKGROUP so we have to specifcally set that up. This is a hardcore Windows
School with 2 proxy servers (2003) and a number of other Windoze servers
doing other things - except their website (that I run on a Unix server!!!)
The standard Proxy setup under System Preferences would work with Internet Explorer but little else. The students have to "Log in" repeatedly to the server in the usual way with CURRICULUM/username and password and then log in again for other services. The Standard Go->ConnectToServer in OS X is abysmmal. I use SMBBrowser 0.91 (unstable but it works) to find the various services.
On a couple of machines I have installed authoxy for test purposes and the results have been surprsingly brilliant.
Within Authoxy the SETTINGS stage has
username - password
Use this proxy enabled
172.16.1.1 - port 80
(ignore pac files)
with Authoxy running on local (to the PowerBook) port 8080.
In the NTLM setup we have
host/workstation 172.16.1.1 - slight duplication perhaps.
Start Authoxy. I have told the 2 students to START authoxy each time they start their computers and apart from one incident, Authoxy seems to run fine.
The students all have wireless connections. Thus in the
System Preferences->Network section and in proxies, we have set
FTP proxy directly to 172.16.1.1 port 80 (yes 80)
Web Proxy (HTTP) to 127.0.0.1 port 8080
Secure Proxy (HTTPS) also to 127.0.0.1 port 8080
And all that seems to work.
Safari and IE work as does Software Update -
but the Virex autoupdate does NOT work.
So from our point of view Software Update seems to work through port 80. As Software Update failed with a direct proxy connection (ie not using Authoxy)
I must assume that tcp port 80 is used. This is not definitive but may be a reasonable assumption.
For Albert, if you can get Safari to talk through Authoxy, I would
assume that your connection for Software Update would work too.
The only issues we have Authoxy is that if the Network settings are changed
to say a direct ethernet connection that doesn't require proxies etc,
then if one attempts to get the Authoxy Messages, the whole of System-Prefs
freezes and must be ForceQuit (OS 10.3.3). Eeverything else continues normally.
The second issue is that Virex doesn't seem to want to communicate through
standard http connection so it would be nice to catch that rogue http
connection and force it though a normal http/80/proxy.
Thirdly, as a Unix developer, it would be nice to be able to control the
min/max number of daemons running (cf Apache) but this is only to experiment
with load handling. Remember the browsers can set 8 or more concurrent connections (although our proxies would probably complain if eveyone did that
at the same time)
Forth, an indicator in the Menubar showing that a valid proxy-to-proxy
authenticated link has been established and that user x has satisfactorily
connected would be very friendly!!!
Apart from that I can only say that this software is brilliant and the author
must keep it coming. I would love to see ther source as well because I suspect
that it would teach us all quite a lot.
Regards from Melbourne,
PS We haven't registered Authoxy yet but will register soon but I have to convince the school/students to pay and at this stage we only need 4 licences and I'm not sure how site licences will work.
>On 14/05/2004, at 4:00 AM, Albert McMurry wrote:
>> Hello All,
>> I'm working with an PC centric customer that's running a M$ ISA
>> Server. His major complaint was that Software Update wouldn't work
>> with the proxy. "No problem" I thought. "Authoxy." We setup a test
>> proxy with Win2K3 Server and a test iMac running Panther. It's working
>> but authentication must be turned OFF on the server.
>It's working? But is Authoxy doing anything at all, if authentication
>is off? Do you mean the ISA Server is still requesting the handshake
>thing, but not actually checking the credentials?
>> I had him turn on logging in the pref pane and then asked him to send
>> me the system.log. Unfortunately the only entries made by Authoxy
>> don't seem to indicate the what's going on or I just don't know how to
>> interpret the log.
>Mmm, from what you've posted (provided logging was indeed turned on),
>Authoxy has started successfully, and then done nothing! You need to
>actually get your client to turn Authoxy on (after switching logging
>on), and then watch the messages tab while they browse/software
>update/whatever. If Authoxy is actually doing anything, it will say so
>in that tab.
>> ===From system.log===
>> Authoxy has started successfully
>Looks good so far! But this is the last message that has to do with
>> May 13 09:36:52 localhost configd: posting notification
>> May 13 09:36:52 localhost mach_init: Server 0 in bootstrap d03 uid
>> 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 432]
>Okay... the Ethernet cable was unplugged, the machine went to sleep, or
>some other network interuption occured.
>> May 13 09:36:52 localhost configd: executing
>> May 13 09:36:52 localhost lookupd: lookupd (version 324.2.1)
>> starting - Thu May 13 09:36:52 2004
>> May 13 09:36:52 localhost set-hostname: setting hostname to
>Someone is playing with the Network settings, or the machine is waking
>up, or the cable is being plugged in. Again, doesn't tell us a how lot
>about the actual network connection success or failure.
>> May 13 09:36:54 localhost configd: posting notification
>> May 13 09:36:54 localhost mach_init: Server 0 in bootstrap d03 uid
>> 0: "/usr/sbin/lookupd": exited as a result of signal 1 [pid 460]
>> The last four lines repeat several times. Any and all suggestions are
>> most welcome.
>Was the user doing something while they repeat? What is the time lapse
>between these messages? Could the machine be loosing its connection to
>the net (the cable being fiddled with, computer put to sleep, something
>Can't offer much more assistance from this end, except to say that the
>logs indicate network troubles (or natural occurances, if the machine
>is sleeping), and say nothing of Authoxy troubles.
>Maybe someone else can offer more? Some who actually has experience
>with ISA Servers - I'm just the programmer ;)
>| Heath Raftery <[EMAIL PROTECTED]> |
>| HRSoftWorks <http://www.hrsoftworks.net> |
>| *If I were two-faced, would I be wearing this one?* |
>| _\|/_ |