So, if your Exchange server is attempting to NTLM authenticate your users it will always fail through any web proxy. NTLM authentication is often called "transparent" authentication by folks who don't know what it actually is...it means the client machine logs itself onto the server using the same credentials the user used to login to their desktop machine.
The possible solutions to this problem:
1. Disable NTLM authentication for webmail on the Exchange server. Users will then have to login manually.
2. Bypass the proxy for the webmail server requests. The /must/ be done at the client side (if traditional proxy configuration) or at the network layer where you are redirecting traffic (if interception proxying). It /cannot/ be done by setting a no_cache directive or something in your Oops proxy (I emphasize this because I get some many questions about why "no_cache" in squid doesn't make sites that can't be proxied work...I don't know what this option is called in Oops, but I can assure you that there is no way for an application layer proxy to bypass itself).
Hope this helps. But it might not.
[EMAIL PROTECTED] wrote:
I been using SQUID since 2 years on a P2 computer with 128 meg of ram and it is doing pretty well the job for my Exchange Server Interface as well as public Web hosting we offer. We are using squid for acceleration based on the private IP we specified in the host file of the linux box.
Marc-Andre Heroux VAN & Internet (telecom) Specialist (450) 649-4556 (514) 957-3555
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: March 30, 2005 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [OOPS] Trouble with Exchange Web Interface Through OOPS.
To clarify my first message, It is when I try to connect to the web interface for Microsoft Exchange Server.
Thanks,
Chad.
I am transparently proxying through OOPS and everything works great except trying to connect to an exchange web interface. I get prompted for a password, but then I just get "The page cannot be displayed"
When I use Squid it works fine, however Squid is much more CPU intensive and I don't like it.
Here is a log of the OOPS activity during the connect attempt
Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `Host: xxxxxxx.xxx.edu' Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `Connection: Close' Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `X-Forwarded-For: 10.0.39.234' Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]reload_map_file(): Can't stat : No such file or directory Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]accel/redir(): called. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]accel/0 returned 0 Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/redir() called. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/redir(): my. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/0 returned 0 Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]deny_http_access(): Connect from 127.0.0.1 - group [world] allowed. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]locate_url_on_disk(): xxxxxxx.xxx.edu/:80 not found. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]locate_in_mem(): Not found. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]run_client(): read <http><xxxxxx.xxx.edu><80></userdefined> from the net. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:46:59 2005 [0xb66febb0]garbage_collector(): 3 dns hash entries. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `HTTP/1.1 401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): Status code: 401 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Length: 1656'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Type: text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Server: Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `WWW-Authenticate: Negotiate'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `WWW-Authenticate: NTLM'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `X-Powered-By: ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Date: Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Connection: close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Downgrade flags: 0 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `HTTP/1.1' -> `401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Content-Length:' -> `1656'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Content-Type:' -> `text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Server:' -> `Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `WWW-Authenticate:' -> `Negotiate'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `WWW-Authenticate:' -> `NTLM'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `X-Powered-By:' -> `ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Date:' -> `Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Connection:' -> `close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Loaded successfully: received: 1891 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept-Language: en-us' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept-Encoding: identity,gzip,deflate' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Host: xxxxxxx.xxx.edu' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Connection: Close' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `X-Forwarded-For: 10.0.39.234' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]accel/redir(): called. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]accel/0 returned 0 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/redir() called. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/redir(): my. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/0 returned 0 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]deny_http_access(): Connect from 127.0.0.1 - group [world] allowed. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `HTTP/1.1 401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): Status code: 401 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Length: 1539'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Type: text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Server: Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAADgAOADgAAAAFgomiuolIuC61jZMAAAAAAAAAALIAsgBGAAAABQLODgAAAA9N AEUAQwBDAE8AUgBQAAIADgBNAEUAQwBDAE8AUgBQAAEAGABFAFgAQwBIAEEATgBHAEUAMgAwADAA MwAEAB4AbQBlAGMAYwBvAHIAcAAuAG0AZQBjAC4AZQBkAHUAAwWed
Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `X-Powered-By: ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Date: Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Connection: close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `HTTP/1.1' -> `401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Content-Length:' -> `1539'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Content-Type:' -> `text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Server:' -> `Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `WWW-Authenticate:' -> `Negotiate
TlRMTVNTUAACAAAADgAOADgAAAAFgomiuolIuC61jZMAAAAAAAAAALIAsgBGAAAABQLODgAAAA9N AEUAQwBDAE8AUgBQAAIADgBNAEUAQwBDAE8AUgBQAAEAGABFAFgAQwBIAEEATgBHAEUAMgAwADAA MwAEAB4AbQBlAGMAYwBvAHIAcAAuWed
Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `X-Powered-By:' -> `ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Date:' -> `Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Connection:' -> `close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): not_cached done.
===================================================================== If you would like to unsubscribe from this list send message to [EMAIL PROTECTED] with "unsubscribe oops-eng" in message body. Archive is accessible on http://lists.paco.net/oops-eng/
