Hi,
> Wile I do agree that using tcp-mode would make stuff easier, I also need > to do some redirecting on the host-header. Which is AFAIK not possible > while in tcp-mode. (I might be wrong) No, I really meant http mode, but in the (default) tunneling mode, which can only analyze the first request and then creates a "tunnel", meaning that it effectively transforms the session into a tcp mode session. This still gives you the possibility to content-switch based on the Host header in the frontend (at least, in the first requests, but this should be enough, as I doubt Internet Explorer will mix NTLM with non-NTLM requests in a single TCP session - that would bring the brokeness of NTLM to a new level ...). Also, since you can influence the keep-alive settings from the backend, you could still enable keep-alive on the non-NTLM backends, to have full content switching abilities, etc for the regular HTTP traffic. > But as far as I have tested it only breaks NTML auth badly. So, either > I'm doing something wrong, or haproxy is doing something wrong, or the > docs are wrong about the NTLM part :-) I was not implying we shouldn't troubleshoot this problem, I was rather speaking out loudly how I would use NTML backends with current code in general and pre dev-20 code in particular. As for NTLM troubleshooting itself, I'm sure Baptiste can be of better help, as I'm not using NTLM myself. Regards, Lukas
