[EMAIL PROTECTED] wrote:
The only reason I believe it's just OOPS, and not NTLM is because Squid
works with no problem. I think it may have something to do with WEBDAV. I can stop OOPS and start Squid with no change to iptables, and then it
works fine.
The reason I don't just forward it through the firewall is that this is for a product I am working on for other school districts to use, and want to make sure that they do not have to add firewall rules to get thier mail working.
Thanks for the suggestions though,
Chad Elliott Network Manager Littleton Public Schools
It may or may not be relevant to your problem, but it is worth mentioning that NTLM authentication to an origin server /never/ works through a proxy, regardless of the proxy software used--including Microsoft's own proxy server products. NTLM is a connection-based protocol which requires and end-to-end connection. A proxy will always break that end-to-end connection.
So, if your Exchange server is attempting to NTLM authenticate your users it will always fail through any web proxy. NTLM authentication is often called "transparent" authentication by folks who don't know what it actually is...it means the client machine logs itself onto the server using the same credentials the user used to login to their desktop machine.
The possible solutions to this problem:
1. Disable NTLM authentication for webmail on the Exchange server. Users will then have to login manually.
2. Bypass the proxy for the webmail server requests. The /must/ be done at the client side (if traditional proxy configuration) or at the network layer where you are redirecting traffic (if interception proxying). It /cannot/ be done by setting a no_cache directive or something in your Oops proxy (I emphasize this because I get some many questions about why "no_cache" in squid doesn't make sites that can't be proxied work...I don't know what this option is called in Oops, but I can assure you that there is no way for an application layer proxy to bypass itself).
Hope this helps. But it might not.
[EMAIL PROTECTED] wrote:
I been using SQUID since 2 years on a P2 computer with 128 meg of ram and it is doing pretty well the job for my Exchange Server Interface as well as public Web hosting we offer. We are using squid for acceleration based on the private IP we specified in the host file of the linux box.
Marc-Andre Heroux VAN & Internet (telecom) Specialist (450) 649-4556 (514) 957-3555
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: March 30, 2005 8:41 PM To: [EMAIL PROTECTED] Subject: Re: [OOPS] Trouble with Exchange Web Interface Through OOPS.
To clarify my first message, It is when I try to connect to the web interface for Microsoft Exchange Server.
Thanks,
Chad.
I am transparently proxying through OOPS and everything works great except trying to connect to an exchange web interface. I get prompted for a password, but then I just get "The page cannot be displayed"
When I use Squid it works fine, however Squid is much more CPU intensive and I don't like it.
Here is a log of the OOPS activity during the connect attempt
Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `Host: xxxxxxx.xxx.edu' Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `Connection: Close' Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]check_headers(): ---> `X-Forwarded-For: 10.0.39.234' Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]reload_map_file(): Can't stat : No such file or directory Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]accel/redir(): called. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]accel/0 returned 0 Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/redir() called. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/redir(): my. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]transparent/0 returned 0 Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]deny_http_access(): Connect from 127.0.0.1 - group [world] allowed. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]locate_url_on_disk(): xxxxxxx.xxx.edu/:80 not found. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]locate_in_mem(): Not found. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]run_client(): read <http><xxxxxx.xxx.edu><80></userdefined> from the net. Wed Mar 30 19:46:59 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:46:59 2005 [0xb66febb0]garbage_collector(): 3 dns hash entries. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `HTTP/1.1 401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): Status code: 401 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Length: 1656'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Type: text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Server: Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `WWW-Authenticate: Negotiate'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `WWW-Authenticate: NTLM'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `X-Powered-By: ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Date: Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Connection: close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Downgrade flags: 0 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `HTTP/1.1' -> `401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Content-Length:' -> `1656'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Content-Type:' -> `text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Server:' -> `Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `WWW-Authenticate:' -> `Negotiate'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `WWW-Authenticate:' -> `NTLM'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `X-Powered-By:' -> `ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Date:' -> `Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Sending ready header `Connection:' -> `close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]fill_mem_obj(): Loaded successfully: received: 1891 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept-Language: en-us' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Accept-Encoding: identity,gzip,deflate' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Host: xxxxxxx.xxx.edu' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Connection: Close' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]check_headers(): ---> `X-Forwarded-For: 10.0.39.234' Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]accel/redir(): called. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]accel/0 returned 0 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/redir() called. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/redir(): my. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]transparent/0 returned 0 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]deny_http_access(): Connect from 127.0.0.1 - group [world] allowed. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]lookup_dns_cache(): It's here Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `HTTP/1.1 401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): Status code: 401 Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Length: 1539'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Content-Type: text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Server: Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAADgAOADgAAAAFgomiuolIuC61jZMAAAAAAAAAALIAsgBGAAAABQLODgAAAA9N AEUAQwBDAE8AUgBQAAIADgBNAEUAQwBDAE8AUgBQAAEAGABFAFgAQwBIAEEATgBHAEUAMgAwADAA MwAEAB4AbQBlAGMAYwBvAHIAcAAuAG0AZQBjAC4AZQBkAHUAAwWed
Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `X-Powered-By: ASP.NET'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Date: Thu, 31 Mar 2005 00:48:04 GMT'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]analyze_header(): ---> `Connection: close'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `HTTP/1.1' -> `401 Unauthorized'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Content-Length:' -> `1539'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Content-Type:' -> `text/html'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `Server:' -> `Microsoft-IIS/6.0'. Wed Mar 30 19:47:00 2005 [0xb7dc5bb0]send_not_cached(): Sending ready header `WWW-Authenticate:' -> `Negotiate
===================================================================== If you would like to unsubscribe from this list send message to [EMAIL PROTECTED] with "unsubscribe oops-eng" in message body. Archive is accessible on http://lists.paco.net/oops-eng/
