On Tue, Dec 31, 2013 at 03:22:43AM +0100, Thomas Heil wrote: > >> While I understood that using 'option http-keep-alive' would make > >> ntlm-auth work, it doesn't work for me. Are there still some issue with > >> http-keep-alive and ntlm-auth? > > > > Honestly I would just use the default tunnel mode for this, so I don't > > have to think about the NTLM crap when choosing keep-alive/load-balancing > > parameters. > > > > If you would like to combine NTLM-auth plus keep-alive, I'd propose > enabling: > > option prefer-last-server > > > > > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-option%20prefer-last-server > > > Yeah that could do the trick. Please also try to set http-keep-alive in > the frontend section.
I confirm that you need "prefer-last-server" if you have more than one server in your farm, in order to ensure that haproxy does not rebalance the second request to another server. That said, in latest snapshots (which you have), this option is implied if the server returns a 401 or 407 (auth request). So there's probably something else. Do you have any transparent proxy options in your config ? Currently they're not yet supported. Willy
