Then I guess I’m still confused as to why this doesn’t work… It seems like the only case I can think of where NTLM might not work, is because it’s a 3 or 4 step handshake… The second HTTP request might end up at a different backend.
If you’re in a 1 backend scenario, pound should pass the WWW-Authenticate and Authentication headers as is, so everything should just work. Unless I’m missing something. (Which is always possible) Joe From: Ansar Mohammed [mailto:[email protected]] Sent: Thursday, December 13, 2012 9:15 PM To: [email protected] Subject: Re: [Pound Mailing List] Terminal Services Gateway One backend. no session affinity as it does not apply On Thu, Dec 13, 2012 at 1:13 PM, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: Do you have 1 or many backends? Are you using session affinity? Joe From: Ansar Mohammed [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, December 11, 2012 2:27 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Pound Mailing List] Terminal Services Gateway FWIW I really like pound. based on several newsgroup postings and the official site NTLM pass-through is available in 2.6+ and 3.1+ http://wiki.squid-cache.org/Features/ConnPin On Tue, Dec 11, 2012 at 1:26 PM, Joe Gooch <[email protected]<mailto:[email protected]>> wrote: I was similarly curious… Because pound doesn’t do anything to or with authentication, it just passes the HTTP traffic as is. I would think w/ NTLM, however, it’s possible dns and nat type situations may play into things. (how does the client connect to the domain controller/KDC) Have you tried it with Squid, and/or why do you feel squid will do the job? Joe From: Ansar Mohammed [mailto:[email protected]<mailto:[email protected]>] Sent: Tuesday, December 11, 2012 1:19 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Pound Mailing List] Terminal Services Gateway Understood, pound does not authenticate users. Consider the following: I have an Exchange 2010 Server with Outlook Anywhere(RPC over HTTP) working perfectly fine with Basic Authentication. From the time I switch Exchange 2010 to NTLM, Outlook Anywhere ceases to function. If however I bypass pound, Outlook Anywhere with NTLM works fine. Based on my test it seems that pound does not like NTLM authentication. Which is why Terminal Services gateway does not work (it uses NTLM). On Tue, Dec 11, 2012 at 12:00 PM, Robert Segall <[email protected]<mailto:[email protected]>> wrote: On Sam, 2012-12-08 at 20:21 -0500, Ansar Mohammed wrote: > Hello All, > There has been a few discussions on this list around pound, Terminal > Services Gateway and the lack of NTLM support. > Is that something that is on the roadmap for pound, or should I just > switch to squid? Forgive my curiosity, but what is your use case? Pound does no authentication, so I don't see how that would be useful. -- Robert Segall Apsis GmbH Postfach, Uetikon am See, CH-8707 Tel: +41-32-512 30 19<tel:%2B41-32-512%2030%2019> -- To unsubscribe send an email with subject unsubscribe to [email protected]<mailto:[email protected]>. Please contact [email protected]<mailto:[email protected]> for questions.
