Alan Lehman wrote:
>>>>>> Try some of the settings to disable pass-thru on the specific
>> ports
>>>>>> and/or peer:
>>>>>>
>>>>>> http://wiki.squid-cache.org/Features/ConnPin
>>>>> My config pretty much follows the wiki example for OWA accelerator.
>>>> Squid 3.1.0.3. I'm using the same port for OWA and Activesync. I
>> just
>>>> added connection-auth=off on https_port and removed all auth_param
>>>> lines, and that took care of my problem.
>>>> Before I go recommending this as a general fix in 3.1, are BOTH of
>>>> those
>>>> changes needed for it to work?
>>>>
>>>> I know there are people using Squid+OWA in multi-mode who may need
>> auth
>>>> for other things. Can we get away with just "connection-auth=off" on
>>>> the
>>>> port?
>>>>
>>>>
>>>> Amos
>>> The auth_param lines don't seem to make any difference. It works for
>> me with them in.
>> Great. I'll get the wiki updated.
>> Thanks for your help finding this and testing the solution.
>
> That's terrific that it works, but I'm not sure I understand why. Does "connection-auth=off" disable pass-through of NTLM? My understanding of the Activesync devices is that they require NTLM.
>
Yes it disables pass-thru for NTLM.
Which for you blocks that first NTLM challenge (direct from the OWA?),
and leaves the second (from your Squid auth_* setup?) to go through.
Amos
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE11 Current Beta Squid 3.1.0.3Received on Wed Jan 14 2009 - 02:32:13 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 14 2009 - 12:00:03 MST